last executing test programs:

1m36.729776514s ago: executing program 3 (id=6853):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='bridge0\x00', 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x68, 0xffffffffffffffc0, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x40000000000000, 0xe}, @flat=@binder={0x73622a85, 0x200, 0x2}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x52, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df52fc"})

1m36.023119582s ago: executing program 3 (id=6860):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2401, 0x0)
clock_adjtime(0xffffffd3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1m35.887281182s ago: executing program 3 (id=6862):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) (async)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000040)=0x7, 0x4) (async)
r2 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$USBDEVFS_CLAIMINTERFACE(r2, 0x8004550f, &(0x7f0000000080)) (async, rerun: 64)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='hybla\x00', 0x6) (rerun: 64)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0)
ioctl$FICLONE(r2, 0x40049409, r0)
shutdown(r0, 0x0) (async)
ioctl$TUNSETNOCSUM(r3, 0x400454c8, 0x1) (async, rerun: 32)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000140)=0x110a, 0x4) (rerun: 32)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='\x00', 0x0, 0x130)
mknodat$null(r4, &(0x7f00000001c0)='./file0\x00', 0x2000, 0x103)
write$UHID_DESTROY(r2, &(0x7f0000000200), 0x4) (async)
getsockopt$WPAN_WANTACK(r3, 0x0, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4) (async)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0xffffffff) (async)
getsockopt$TIPC_CONN_TIMEOUT(r2, 0x10f, 0x82, &(0x7f00000002c0), &(0x7f0000000300)=0x4) (async)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0x7, &(0x7f0000000340)={0x100, 0x3, 0x2, 0x9}, 0x10) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x109) (async)
ioctl$VHOST_SET_VRING_ENDIAN(r2, 0x4008af13, &(0x7f00000003c0)={0x3, 0x7fffffff})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/60, 0x3c, 0x2, 0x2b}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/71, 0x47, 0x0, 0x38}}, &(0x7f0000000540)={0x0, 0x28, 0x40}}, 0x40}], 0x6b, 0x0, &(0x7f0000000600)="bd118570f2d0980aef3ee2cbb15c8e830cbbdfc7b2a7f1cabe5df37309f5b2c5e8aba175e8d241d2963ca037dd38a64ac16fe9ca2dbeab19343960ae61d17dc4a1c91c21c63aa66226ac181e9e4732e07b50f5f352e6be4a9b88a24d2c8c4674afd08ae626a6dc3ac752dd"})
setsockopt$inet_int(r2, 0x0, 0x13, &(0x7f00000006c0)=0x4, 0x4) (async)
r5 = getuid() (async)
getgroups(0x5, &(0x7f0000000780)=[0xffffffffffffffff, 0xee01, 0xffffffffffffffff, <r6=>0x0, 0x0])
mount$fuse(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000740), 0x40000, &(0x7f00000007c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x8000000000000000}}, {@blksize}], [{@mask={'mask', 0x3d, '^MAY_READ'}}, {@subj_user={'subj_user', 0x3d, 'hybla\x00'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}]}}) (async, rerun: 32)
memfd_secret(0xb6fc51f3b5eca65f) (async, rerun: 32)
syz_usb_connect(0x0, 0x37b, &(0x7f00000008c0)={{0x12, 0x1, 0x250, 0xd, 0xfd, 0x5a, 0x10, 0x5c6, 0x9224, 0x8413, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x369, 0x1, 0x8, 0x0, 0x0, 0xc, [{{0x9, 0x4, 0xd8, 0xfb, 0xc, 0xcd, 0x50, 0xc2, 0x8c, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "5d71ac88"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x200, 0x8, 0x9, 0x43}, [@mbim_extended={0x8, 0x24, 0x1c, 0x8, 0x51, 0x16}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x1}, @dmm={0x7, 0x24, 0x14, 0x9, 0x1}, @dmm={0x7, 0x24, 0x14, 0xd, 0x7f}, @obex={0x5, 0x24, 0x15, 0x258}]}], [{{0x9, 0x5, 0xc, 0x2, 0x20, 0x7, 0xec, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x64, 0x9}, @generic={0x15, 0x30, "8c788f8cde2cde5e2cbc7fdfed2cafc2b8242f"}]}}, {{0x9, 0x5, 0xe, 0x8, 0x200, 0x99, 0x1, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xff, 0x3}]}}, {{0x9, 0x5, 0x7, 0x8, 0x20, 0x4, 0x7, 0xf}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x7, 0xd6, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x17, 0x101}]}}, {{0x9, 0x5, 0xc, 0x8, 0x40, 0x65, 0x5, 0x5}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x6, 0x8, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x2, 0xb}, @generic={0x6e, 0x11, "f3debb28c67c3d4e6320148e6b97c8bf2b7d85a30970b54c9159ac65d3f7e5a643ccf307410cbf13e4c78a2b0d55d35cf70ea0c79bf5ca06bc34d05ae044dea4b8c5774ba69bdf1ee71f20c90baf1959d3e5d8bdd347632b38ba977e2200a9c1d02767b6f3791948be8a8715"}]}}, {{0x9, 0x5, 0x7, 0x10, 0x10, 0xd, 0x3, 0x0, [@generic={0x4c, 0x30, "fdb812826e7058b02566d5053f4e79f2a727499aeb70874b3ae197eb55ba2963bfbe9dee3401ab15e7292a4d94d18a260638bc0b5fab7fb5ac8a24d56d1427ce0f460fa70bd59e915ff3"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x2}]}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x3, 0x10, 0x0, [@generic={0xb1, 0x21, "850b889b55e957e53092d034d4afacc401a246c4dc711e6ab3683ff805c7bb199ab7ecd0cebd179ea6df2df1188a9c90e5df2510a7fea675c2be824ff75e33fd6e53e64c74649cff26c158f439776b4fb06c79f557a1d4ba8ec59c3cd328f7f65a03c251639ce6f04e9bd2abf6550f7fe69686c80d9ee1c1dcc8bcd229a0cdf5e72597b2990601f8b000369401d6f590900ea4288ff6b9df54ceaccb9a536249b373919561574391ae23814d5f9760"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xe, 0x6}]}}, {{0x9, 0x5, 0xe, 0x0, 0x3ff, 0x6d, 0x6, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x1, 0xd}, @generic={0xea, 0x22, "74cf7ac92c5ebd726c8b2bf8d2456399d4a5436332a7adafff6dfdcbcf62ba8b769e895855dbb87905e53322150fab065e5e29c294c0673ecad61b21dc4f267f3a4ba21f1908d9bde1396d7be3c425df97dd63f6fcbc99d16cf07ed5514cb71b045a0d6f51f6f3386dfc98ae93cd738c2668e17dcb5251116319ff92b1f60ad0a306d79aee249f5bfe14b43ac0dfc4e7dc9b354fe74fbb0a6f6f6d4e6524e8bace1324d69e5260360bde826fd328135834e1b6abdd3b7daf0edc1e394f12d896bd587505368fd6445e03b16e0c996a958de2458f1e02710e8742fdd9c6c3fe852409022ca147121f"}]}}, {{0x9, 0x5, 0x0, 0x4, 0x20, 0x1, 0x9, 0x3d}}, {{0x9, 0x5, 0x7, 0x0, 0x3ff, 0x3e, 0x6, 0x1}}, {{0x9, 0x5, 0x80, 0x0, 0x20, 0x3, 0xc, 0x48}}]}}]}}]}}, &(0x7f0000000e00)={0xa, &(0x7f0000000c40)={0xa, 0x6, 0x110, 0x9, 0x2, 0x6, 0x10, 0x80}, 0x35, &(0x7f0000000c80)={0x5, 0xf, 0x35, 0x6, [@ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x9, 0x0, 0x8, 0x7}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x3, 0x9, 0x2, 0x8}, @wireless={0xb, 0x10, 0x1, 0x2, 0x30, 0x8, 0x80, 0x2, 0x6}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x7, 0x5, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0xb, 0x9, 0x2}]}, 0x2, [{0x12, &(0x7f0000000cc0)=@string={0x12, 0x3, "8d64c15d3730a3305cd3f15c564aa2cc"}}, {0xfa, &(0x7f0000000d00)=@string={0xfa, 0x3, "ee245c4823d09e842e2f0abf7aa6b7599f6fde761935bf70adab060380a67318156b0ac34e7c4f790717cfb6ec8472faa017437c59305aec41bb9c2a9e4e53aa6833cab5506164d917f4c439756064f929b744a3242116c6c06f928a780b5cac296d429e480130120d016ccbbbafb8bb7fc20af8fb420ded5f105f478b4dbc70598b2be970789dee225ff8f14232ccef580ca2f8fea95cb92b42803701b4d06a7b433952265b460b7124eab70ed9a4ff58f361e8123d740591bb888a63ae56198c2813b30737a5520ebb32d8f47d978a334e099315dca91a7281c8a6abd29de51de6f71931df39d23da47ca1ddcd9619c64e8cf39a70e2ed"}}]})
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000e40)=<r7=>0x0)
syz_open_procfs(r7, &(0x7f0000000e80)='net/raw6\x00')

1m35.849960895s ago: executing program 3 (id=6863):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
lseek(r1, 0x11, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000098000040"])
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x2)
r6 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
lseek(r6, 0x0, 0x1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r5)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
fstat(r7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setuid(r8)
quotactl_fd$Q_GETFMT(r4, 0xffffffff80000402, r8, &(0x7f0000000180))
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20)
setsockopt$inet6_int(r9, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r9, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x19}, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x5e}}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x3a}}}], 0x30}, 0xc4)
socketpair$tipc(0x1e, 0xd, 0x0, &(0x7f0000000000)={<r10=>0xffffffffffffffff})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r4, 0xc0c89425, &(0x7f0000000280)={"69763a5c9fe149be3bef79f647fc24d8", <r11=>0x0, 0x0, {0x1880, 0x7}, {0x8, 0x5}, 0x4d99, [0x300000, 0xc0000000, 0x1, 0x6, 0x6, 0x9, 0x1, 0xabd8000000000000, 0x3, 0x4, 0x1, 0x6, 0x5, 0x2b, 0x9, 0x4]})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r9, 0x50009417, &(0x7f0000000540)={{r10}, r11, 0x11, @inherit={0x70, &(0x7f0000000040)={0x0, 0x5, 0x32922194, 0x5, {0x8, 0x9, 0x8, 0x7, 0x200}, [0x4000, 0x4, 0x6, 0x80, 0x0]}}, @name="d864797c9fda12e400343eb7c204f84dd2394b5698e1d34e129505b1c11b45c27beafaea2c2898146e566986d0aef7e472f2462c8c06892330466b6e0d1cfc329010ba292408d10042ddf4fd5c66d7f8a2e51c197baa2d078c3e409b9d1a2d55e338f39a2ec9280f80c7c82aea8df03349dda76e095bfcffab9362f0e92b5ad5f4ffb30934bcef1420c27f8accdbbe3f7969f44d17294efbe27fc2f63ff9c9f4026a1ff247c9a151e6b6e0c0758c422aa64edee75e500b0cdcecdea9daa5068d375542db6794b20e64f35268698b5259734c10c31d716c4b3159f100520dc6c5f80595a8c7a7f5236826731e50d5f8f6c44170b53b7114faec0a9ecb6c72a8c1bde2a8dd1df4a7b75381a8a2a32bbc0007b9ffaf70febd8510cfa0a87c63bfe1ac183a1aeeee2da65e9120048e2ec686324344c017fd2b0e5550f78c3236f16a309585fd21fc163a0704987c68e147ae630c783eaf2c20c654796ef0dac13ba2bc3d238690b506cce9d5fc7b8b16117552081011deeb9e1c4c5e12020e8282ffb28aa198d4984836eacd583ec31048eee0d8d34f0bebdfc9b0daa6a88fab16743f32e8ad0ee5c2ca4475c28db16120448a9fe9a0318728177af6c3d48e72e2e223ac4987fc89c1b2f912c5041cc4a0792745676732830f9ea3ff0af37fd03574cb962c24c4ea60e6b51eb17f5256d3c8f1f91a04b955e6853f8c7e0767f27cb5be8392f979fdd57768159b0e84fde850576f9aae3b8045cff443881901d15e8a97a7cd10ea3f656a2e24a6c83c326142eb527b04e0309fbc62656ea7d5981ae52ac37a50007fcbdc3976035eaed5f762116ffab3354fd3e9b7bba621d1c9e02012dd891819c11020fb923130f4d20e0edc0893bc6863041962ee86be97d0d98c5f4cf23c3a76000d73b5e5e3b00667f5f2f9b72e9e5dbb797c563b655bc043d8fe9a01f857ddeb22a6a4d8030f67a3b9595b4c64583bed4e0885115fa7dfb7037d7d3a186a5997a9df4221ae617ea62cbfcb1a53e2f9896d465c02af30779a9479db4f9c23219730612389d7cf3d0fafddbfe3434d12e542667714f1781b4bd53311eb62cd5ba6cc3b204cf394a91d23039c6bf14a850ab16346be75b48b8a1fa5994a0243ed8faac246acf2a5532bd1d6a76beb81568a96c31f24f9d603f85a4881fb42abd65408e3d683be7dce8fdf279b79b5c11579b8e7d7426fd15797b545ba4d18a8dc06266b5f5d4a4c8dc9e7d9128cfa16d64721ef9b3bad93b4b4bb27162282aa950962ab82f315ed5d560bd0a30c0a396585555d6a41171aa271978a77f7d82ab498c37e14d2a447a26ea6e577d9b02577a3409b1594b2c44b0a60f67de1dc195f08d72405019c76b954090b8d8f18030976e307f2443030e47e59b66163efeb2b2f743a9e9bc6c078657b6d4d2a5a8802eb470b08cb1982e5b24ee1c66df2290fdd2ab72804c6539960d5751db21de9f67220c2fef4db66778c40cf4d23687b0b3803c4294bdb3a5404b2650d017d85538c32a9cd3a2bc2dac8f76802cb2fd5e13d40b4759f764fa9cce9536285b497915b949561ddebb1f9834d62ba94f2b3968ce1cd83e6c76cb9a8ee24df698899edacfa6af4795e1cab17618fa72276397b407545966378dff5f79f0ea21a02b24a526cc71929c8ae074381ce4af30d890542bfcc60c9f0ed12048207852b2c27fd9e4f7e2535a36e27c381836f8ff27235989ed3cc468985d359e6688a394a401d786ac5abc3986d4f45b356fecac98f0316ea99ecd5f53698d970526e8f014da7a5acca7604f686035164156f468237742591ebe30bdb81269f0caa2e2ac52d165ee5b0c988aca50a9cdd53af351c77809f5263e4ac55590ca34b0beaa0066104787f60c6d87b52d5e97d8db4aa249e1c84ed5633a40969d289a6b64b461942bb24a3b7c96618919a7ffffa3fc5530f3e5e96b4e2557295ce1c86e9ceabdf78be48f0288cf89a52f6d94e876fe1ac7628976f4117e61eb2487cee08fa92a3cdc4110495698f397cd84f3f2109e4c6d8075335424bd8a6963de66b1c4700b52202bd2a970ed09b4884c7493d549ed3092e2409afdb6f8231380f9d930f69a5c8b956883a0e79da3d398e80fd8b0ce4df497f24ecb8c1b0f6c45a15576308032f14597454db04ef97a82f64e74946bab6e56a23c09d1b4c99f4aa36dbee206bfadbb4c0a78096cf268b8795898c0a442436ed83eab166fe65fa14a86ae2c83926ee64a744a714dd3ad7665aad6fd98c329078b21dfb8c99f3b85057cbb80f32278a648ff5224c27ef1b206b6d243d6f291fe6dbccbc90bab1f16ff41cac5dae4a825e2194a8bdbbe9210fecd40d3626eab1c20c19736733ef56a93e5b89ec6600025b413c7c42a8f97b3fe5f1d42968850a04c67a34e0dee348c2a3a2a6bd7c58339be997203789a0198b4925b13ab44caee48aad7dd63d54f072eb29a6dd37c1b5298ffd293a8b2d48999e44b686a321092f9c1e9e8759cf34d99d22188ebf2f32b5473d16816fb73a4529604b70910872d325d51eccf1019c2b37ea12766eb85535e848f64189745c762da66be192a0927a878ced091ba28071f020c2d64a629da1b32fae4ad34dabad6ba634ac573d3dd8fe94199c4b751348b8c83c712733d73c422922f2139c441c66c6113a47a74c1c507300fdcd4e8e27cb9998e96b86880596a5546935c44dcfc2a452c9d42fead4c10541fe17c88d6d1ad77414972b623022d3f2efba08d8d436f306ad8b8384efb274e186ac7a8322f63037ee6c23a9aebc90e14c72796248bde367facdbab6ca4fcbec92cc57bda07517d090b372949e0d16a61728342e3efa5b0a53536058246aa6e348edd4aa37a199d75a5367320ec405aed803321f73faa607df67c68268f89316bd18ad9ea5627060009294c69c6b34a5b91576c9e6688b88e6809cdc5fe4c3b87972c183fa0a3d0f11a94cf71bb59606c7475531006f7c2ca6b694e1c18d6cf05f4198a8c005ceae38db6c96b22cd9980934f3a5782f020ff7270c9dfbfddf456e8b08467bf855e67c35235b0dc3d009d02359d624b157a4dc0ea2740bef480b53ce30d9f639a46c8bf0c294911969191f38ef2ee81a8ab1004628a3154e1e608be273582f9fef0339d515e814e4d4c10976c79bef8f1a6ea7178b09857a78209bfd64e85764694016444f19d85ff889a87ced66aa74834ef77a6434a0b8817ed9067fdd6d9a8347715455bc9961e7e98c416813902876c33fdf5e6cf988f8e68dbb4cf4c316a16484379b616cff18ca9f5e3238e7ca13ab144c4179504ae80ae30e05e9b40f0f68c0a736c56c5c0dfe44a7bb5a223ec0c4b332b37b9339531e60977b2fce23870aebd5e84a29ffa4ed5f177bded220503f40414d40bc874ba68a0bd11edc6242797daf7c418643f420cee3e87e74226436791dc89ee39ab0da2572a3cbc644732eef3eab43273b9e93dfa179dd449c6e51c3c82e9a9225330664954c37e7b157fbd8341e64e53f70107327278fbff6b02a4ae022313887e5d18f5805ef66882804da2e9f90a02acfe256604b33abfbb63315462f24dbdda0f7a071095b8181e997e522dc945774aa7039e1df541360a031d2f5d8456f0e436d9506c58a09c060642f62890c29896a4558061d94b1a67d9c313eee65b137ecab96f61cd3adff9ba35e87e0e08667f00033173c44e4101962bc21005a30124056eb1852f2fcbb161a171a65c24099e72b2192b6ef29752b6671b1585042bc1562060cb52040428150d2d407eaabf02d04bb00d4b78768eb29f9198cdb264afc6e929066e288b23275e0c514e35379a078217aa4a43a42711ae483206cd1932bfdd477493ae2134ba72c2f5ee0c76cbe3c3a573ac567e9c04e22e4d21962c584df9c7b6ea38814dc2d5f6e3c30f40991b5f5e82f29a1be2d04127ca2ab80e83622b08639426d50674224d7dac03d44f6c02f8f9ff2750b32eade0dc5f2e375d43553ac3a0ff40363d907e7dded2a43cf4de45da1b41a232f077bba6c0e86a2aa0543bcee74f91be794e18158c6c4a9c19527845dc647314d921dc3bb819808e5ca06b3f4aadf67578bb612dd9abc18fccd97542be21a737e56fa75875e4a398074e66e867905cbd9af9e0d13c4505b87b4c038459deb54ee959d144e583593fb1012c1ea89c696d1abd02fdff838344840154deb88214976e5a79441a81da698000f9da973c8c24d5cf0cdcd4a6c75818a144f561b5b33538be97a701b67121348480c761727aa633efe9f25585d56e552c284fae3c6ec4b564a270c1fcaa5e4b62898b4f56e15ec1c43bdbfcae61f7b15c32a647ededca12b0a52726de6704a5b557cc786a3cd060a1efc72ab315386485d7b3bfa05a42daeba2a19167510155ea6e94d083d422709351b4b0c39558400658ef09a70b04efcda10a633a465a1620631e0df4731c833b5fa5812f642791eace607080a80992a808f574da8008592d35cdf34a37ad7adb88381b0e8b57ed87b0403371f83670bee8c72c5fc3c061eabdd0cf39c86f74c1d7ef4d4bf25932e274f06ce99e0f98dccd08a100b798a34586840e84338638e000c56814204d2b992c58cd3e8f329be0e491e100781d88897c970975edc832560f0651b0b9516ce491dc3fd8012d35c588a7b4ca259c478e329678395f8612b1b5e0b5f996a1e0531cc3dee38e02fd1a0642a905e111c508d0c6547922a83ce5b693239d9a4ad85b390412e70631c29eff016d571b53322c4cb1fc40ee2d28c1cf65a0e2007c50b47d513eec76a473a85d8c7ccf56f7734879fd05dead7f273d4b4d0e3779a25d0f1a52355ea7a1ba6417bec3b88ca78cccae6f6fb0b6e5aa1115e7d8290774d6aef7511f958d28253682591085292bac1956a79fc520718488d4653376fbdd22da208a35424e9191510d8008ddca5f09ae21cf9e635f16baf9faa6a472807462288834a5a5bc28e5d03876ba1bac279b928183f929ec2a2c7cc220e6f6b8e3699c0dd665beb4d72213aae499aae07a5299033a7899451bea38c3782b480eb99dac6ceb188cc0bdd09bf5d072806316b2ea2db4005b1853d209f6eaf9606e09c309fe328c07ae5b66c48cb849a4cececf69129a768d8d3a11ac91549742b5708f5a7beafe6b159391cb4291524b404bdeea4fbca8203b3868bf744a2aeeb70853a5feb1eaf398b03fdc54621b654c2f67a4cb92cc623f18539a3b3271d8e0e13d54806e0fca0381d14cb2b75f292a6d6f3533c7e4e3c80dcb76fb432cb5ed69320508504e9aca103f259337af79c101fd85f82e8eb85ec1cce1068ebf6d056c49c81e9240466cf1beb3ff7f71347ae991a7e68b8edd5336f46e085385456389af5be2b505f1606cd91543ee70bab71ace176ccd003e1e2998f9f2e8308c04236cd79960140698dde8a7416488d2d0a1ff24206b7f5c13099dd1616de492dd9ebfdf42faf28f8da444c69bd7eb618de6834fa107a879cfd0b165daee6902f63bb36135527277bab30faa54461ebcdf0cfeb1e0f4244de1385557abf88af8fd20aefbbe1ea0362338527ef22d501c008c11247c432b0d9bc595e67f880fb5b0248a90a8de79d2a3f1b742aba8898d3c131d7a168cbefdf72c53a0a263996f957b11dc8662b45b883bb61903780273bd50b1abf21e2eec19f14d7a62917f292c1e0117e82d8d366a0935d4afda374c148"})
close_range(r0, 0xffffffffffffffff, 0x0)

1m35.693525068s ago: executing program 3 (id=6864):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x26e1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000080)={0x8})
connect$pppl2tp(r1, &(0x7f0000000880)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @private=0xa010101}, 0x0, 0x4, 0x1, 0x4}}, 0x2e)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r0, 0x8b0f, &(0x7f0000000000)={'wg1\x00'})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000540)={0x73622a85, 0x7cab6ced6415609})
syz_usb_connect$uac1(0x5, 0x96, &(0x7f0000000c00)=ANY=[@ANYBLOB="12010002000000086b1d010140000102030109028400030101b8050904000000010100000a24010700040201020c240200010201073c0509010724070201000009040100000102000009040101010102000009050109ff0309010707250181030200090402000001020000090402010101"], 0x0)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x6000)
lsetxattr$security_capability(&(0x7f0000000200)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000480)=@v3={0x3000000, [{0x75c97ba1, 0x80000001}, {0x9, 0x3}], r3}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
r4 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
writev(r4, &(0x7f0000000300)=[{&(0x7f0000000280)="b5a813dce2324919c700cafa42", 0xd}, {&(0x7f0000000600)="53757f7ee6f99a031eaaa15605905900129d55dd21af513103f3868017386ab314b9ee7bdd6e80b98d9aa8bf01051ad5b507d7cefa4cfb181493475f4babf59b71c270241cc6288fb11770594a6b7ddb50f41e7688c9496ef5ad467b55e6a64c349e8abcb66daa2cbe05c77945edfb1e15413671302112f67fc656fc6c7ee22488b6fe861e1beaebe560a0f8c6f961a6a523bc6827c3591aa00178f5a18cc86d7adb6e44b5484456d6adf558cb793cf1366df31a01c4b9b9e6d408ff0242edd99edae1ed839438d3bb669eba9a25019abf4baab3067ebedfe4ce8246084bfbdbd35d07", 0xe3}, {&(0x7f0000000700)="ef336dd2498387fd5f317717971920acdb07cf1868e14ec0d83c8fcac95b81e625f7ed749b1be3f286c0bb5ee6370c7ba489be571f58db0d9050114f444a82b41f39b6d5641062a95a10280bfc47cccf9f080384a53723c612045ec5b7b4f363b9cf509cc55f4a6e1e8304179f24b236d802b7425c2597e7b62cef0d4d4fc76063bf9da481f02a6a5eba7a65e6d7ae689bba04305441523daf121ea76e955ded27a27403d5920fafc3e51160c0ff242c457daefee257185b2e65136b37bdd145b1abbd064fe4606e2fd51ec19e836e7752715c3d3f8cc56ed81f3efe06285b1b", 0xe0}], 0x3)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x57, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832e"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0xe, 0x0, &(0x7f0000000480)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000800)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/6, 0x6, 0x1, 0x12}, @fda={0x66646185, 0x5, 0x2, 0x18}}, 0x0}, 0x400}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000140)={@fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x0, 0x2, 0x2c}, @fd={0x66642a85, 0x0, r2}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0})

1m32.609024266s ago: executing program 3 (id=6882):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r1, 0xacd55000)
cachestat(r1, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f00000002c0)={'sit0\x00', <r2=>0x0, 0x80, 0x10, 0x2, 0xcc, {{0xc, 0x4, 0x1, 0x3f, 0x30, 0x68, 0x0, 0x3, 0x29, 0x0, @multicast1, @private=0xa010101, {[@ssrr={0x89, 0x1b, 0xe, [@remote, @loopback, @multicast1, @rand_addr=0x64010101, @rand_addr=0x64010100, @private=0xa010102]}]}}}}})
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000380)={@loopback, @multicast2, r2}, 0xc)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0)
ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000000040))
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000012000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000340)=0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000000001010100000000000000000200de0104001640240001801483d68008000100e009000108000200e00000010c00028005000100657f84beca878907a09b319f"], 0x3c}, 0x1, 0x0, 0x0, 0x4004881}, 0x20008820)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r4)
sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x28, r5, 0x8, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x6, 0x36}}}}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0x0]}]}, 0x28}, 0x1, 0x0, 0x0, 0x801}, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
times(0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000540)={[0x2033, 0x794, 0x8, 0x40000000000017f, 0x400000004, 0xfffffffffffffffd, 0xf1, 0x200000000006, 0xfffffffffffffd7e, 0x7, 0x0, 0x5, 0x1, 0x4, 0x0, 0x8], 0x3000, 0x244210})

1m17.580149823s ago: executing program 32 (id=6882):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r1, 0xacd55000)
cachestat(r1, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f00000002c0)={'sit0\x00', <r2=>0x0, 0x80, 0x10, 0x2, 0xcc, {{0xc, 0x4, 0x1, 0x3f, 0x30, 0x68, 0x0, 0x3, 0x29, 0x0, @multicast1, @private=0xa010101, {[@ssrr={0x89, 0x1b, 0xe, [@remote, @loopback, @multicast1, @rand_addr=0x64010101, @rand_addr=0x64010100, @private=0xa010102]}]}}}}})
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000380)={@loopback, @multicast2, r2}, 0xc)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0)
ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000000040))
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000012000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000340)=0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000000001010100000000000000000200de0104001640240001801483d68008000100e009000108000200e00000010c00028005000100657f84beca878907a09b319f"], 0x3c}, 0x1, 0x0, 0x0, 0x4004881}, 0x20008820)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r4)
sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x28, r5, 0x8, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x6, 0x36}}}}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0x0]}]}, 0x28}, 0x1, 0x0, 0x0, 0x801}, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
times(0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000540)={[0x2033, 0x794, 0x8, 0x40000000000017f, 0x400000004, 0xfffffffffffffffd, 0xf1, 0x200000000006, 0xfffffffffffffd7e, 0x7, 0x0, 0x5, 0x1, 0x4, 0x0, 0x8], 0x3000, 0x244210})

50.220299443s ago: executing program 0 (id=7124):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x2400000001, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000e5f000)=0x90)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000940)={0x4, 0x0, &(0x7f0000000300)=[@register_looper], 0xffffffffffffff8e, 0x0, 0x0})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
socket(0xa, 0x2400000001, 0x0) (async)
getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000e5f000)=0x90) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000940)={0x4, 0x0, &(0x7f0000000300)=[@register_looper], 0xffffffffffffff8e, 0x0, 0x0}) (async)

50.157095108s ago: executing program 0 (id=7125):
ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
r1 = socket(0x840000000002, 0x3, 0xff)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a010400000000000000000a0000070900010073797a31000000005800048054000180090001006d6574610000000044000280080001400000000f080003400000000008cb31bf7c7bc79c971e94b03469d87f980003400000000a0800024000000015080001400000000b0800014000000012"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
connect$inet(r1, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r1, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x4004010)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x94022, &(0x7f0000000140)={[{@huge_never}]})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TIOCNXCL(r4, 0x540d)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
r5 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000600)={{{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@initdev}}, &(0x7f00000001c0)=0xe8)
quotactl$Q_GETFMT(0xffffffff80000402, &(0x7f0000000180)=@nullb, r6, &(0x7f0000000300))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=0x0, @ANYRES32=r7], 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x68, 0x0, &(0x7f0000000380)=[@dead_binder_done, @exit_looper, @enter_looper, @clear_death={0x400c630f, 0x2}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000500)={@ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/97, 0x61, 0x0, 0x3c}, @flat=@handle={0x73682a85, 0xa, 0x3}, @fda={0x66646185, 0x1, 0x2, 0x1f}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}}], 0xf7, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832ee972c31e6a0359b8b206c9498c06983956a604106001a616cb4d1c1bb6acb016cfecfc7ec3b0b2b9ad9ab9ad605bc7f30634cd84a3fa558165a23ef2774c87ec29f64cbf0b7d687933d9e1b3d23238f45fa89ff9f03aeed168cc4492998e962f5fc8d328b4204e969666ffdeb879c288373569757aa945c11bfc5a6d01cefde1031b79382c34c2da32f2058e7357c3d1fa5931bb923f0ebd396a976c32940686"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r5}, @increfs], 0x0, 0x0, 0x0})

47.070410956s ago: executing program 0 (id=7134):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000440)={0x1, 0x0, [{0x3f1, 0x0, 0x3}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
msync(&(0x7f0000003000/0x1000)=nil, 0xffffffffdfffcfff, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/238, 0xee, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x36}, @fda={0x66646185, 0x8, 0x0, 0x24}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

46.701143476s ago: executing program 0 (id=7139):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00')
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
socket$inet6(0x10, 0x5, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000140)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9ffff0300ffffff092403f3ff000005024524", @ANYRESHEX, @ANYBLOB="05"], 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092})
write$binfmt_script(r4, &(0x7f0000002080)={'#! ', './file0', [{0x20, './binderfs/binder1\x00'}, {}], 0xa, "75eb350da5f68d6890324131f99f089fb290eaca99dbaf677177496b854e6a5c0aa0707c8356ed55f325796230faeff420a6343f800a0395124ad7c469da12a7bb0ffe0a6ae1292e9c74faedaf2012add951aeb5870ec143619107de19ae3ec919312e38322b5ee124535a5c1f25bba509496a1622c3aab6637db383c23fc52cf1dadd25fb559389273f9235b6f841ea29dabbd9a55c0bc5bf20ba4cf64e0c3001a4caf99113ff22b924d3d98139e6db6e28d5e7375a257ba61d49e2b2ac4fdb56a612ba3307a1adab3fe216191f27ffc86c287bcb0958362340b5ac8adee17dbc7e1a0d7c20ca667ac708dfb3ece977f813e4fec96efcfe823b75e03b88bc1cd5069ba73b98479c9b00be3e6ad8412cbd0e61ffc4b9072abaebb9f4726c3808e25ab9483afa0f1e386fd95f3b46781feac548f638e1c16be720d7fd8360d0b8cfbbb2954d80061a635ae2f5b696cdd4c682118c5ebb5bfe076fe5ca54c43901226a549d31e4ceea687cbd572508ceb3b7961a4f12df50b61889c5fe615779e2a96c40ecf3d9126f35e92c7ef3ce49ea9ceaacb553b70025c8f86f414ab390d6874fa9d2fb12d2e0fef9a5b61bd5ea488bc7b059b47a134cf9e5b13cd557193b88260f7dd8e99fa010a29ee5e3567f0bcc84601005dfc37fa0cd6a049112cc109636d3ee679d805dc46779fbf99929ead8ef88fdd6685c084cf2a569ec16de7ebf67b8d624c8751524e138bb9c146ae4edba576466e238e0e23da1049379c44284967844448bef0b8b8364eff24af3626ba0342dce28b76beb53456c07937318033116ad78f2a2d6ffe8820fb907cb249f856d49fb8e1339bb3a4d9600b15343c0fc8fb682ec23ec3149a1de6a5c64ec910c35ee78e04c3f62b2e742a69065d95328139da5ff3443dc91ebf6f8504c9a89deacc0f6f76e24ba0cae9558067505fa9bf517967de69d9ac3e51e625c606928350430e1bc56337106d8bf65599e0379ba00e285125b37a05341d16191fd2385f33d3140829f031ec3256025a98270e6aaaa5c669869ebbe320321fcd2fdf5eb520f784b72633f7e7fb46f4a06c92a8ea3e81911d68b162c20cb27a2d2f14da6954eef3049431b336dc3ea67ecefc08bff758a6c078fe320c454ba23bb788daead12444e9cc2124c4130eeced3c8afe186adb14e988e3133f332f858f10b6c2ce830df1b74f0251274c9bd987623a12b3a2ca9e1432baf3a7a79b76e41de115222fb546f8a17ded7ea3d144aa26546474b556fe888ff84af3c1223881fb0509f9c1e4b7f666b1c64b48e6f57c9081c563b73f941fd12d27f9d02652c26db3b870b2754d2f27cee0c7f8d3ae39b5e83d47dd23615afa6beb02f5efdc8330d569a940912c1d5c974c16652a329db73a78fc5df300a53f2d5ed4a41192f6f931f5b9260fe1467be31e32e734dd48da8844594250b8b1e5361392335cf45344e54f23efc9c94242285fbde5ca17fbc0e7973b51226d9d0ea53bdd153a741e6f7bc45eb107b6a2f862fb18ac8e5ccf0cc0fc3829c79e2cefa877ac53c2987f7bea09e6983841aaba0db24d85c1e0f376fcbd4e4be54a7918a15064a2f65d1025a105b829f938b19240decdb7e0d30338462a8cb663fe05f95a3613cd9305e3e04d0e77b7924989ff3ead7f5a81ab7fc37b482b54a973d223d6a05e7c3487623eda7a1c4846f885537cd0dcc3302167f699b3717c2aa40f6dfad37ad5df7964887f08f096b4a1661ef09719871048e2e0d607ead32ae12f619a605ad5d4bf37576fd863c85d6287977ade19bdf9a1fa4748eba50aaf67bfa0458f4c94dd5aa34f6d1b94ac407c7e151c56811e39b29e338c80ef32182aff05cc3d83db0be337ddf936db1e753a978d40817e3327950c456dd67ef477713d31a4561b5acc4b8c9e5b762d2fbe7ec450e78062f34863050214c438783945aa6c1cdfbf000fff00184156022d4ef9eebacbd83ca359752c1c2e610d10d0b9b1bfd44d14195a2c8a9c03310ba0fb4dca372e1e4912ba80426ede556952dc8bd26d126dd0aee000bc269639cb295660c2e484fdfcea45bbf9ac419e2ce6d66b3b40471478683a244f491bbbd336c323458d4b69874c2a899fb8fcf3be57953d215e59e4583bbfa233f7eacfd9cf9b2157d137e5a941db414fc92cc38fa36c7d33a4bf64be4000bc0fae0fc9ae2a47ce9f7e810d88203317008b7cb4e8b80dab76ea002f4c60fabcf3639d25d1805e25779641d2a2ae0d999a6256f584ce2f1a69c4dc15258fc61e9e4e3b270c7ee5bded205fe74d5028051614e2b4b87de86053fa6489c3cfe79bb7fa5148b402417b97d2bbdab579280bbff7af8cb7349aebf883f6a8fd772767d497d08d1214c783a214bafcf9a26629294b883b5ad34f183d62aeca720bbb39fc2c78c4fda1a47745e01f6ff3a29fd377a8e3d485b063df796444f990f34765e1aab209b8161f97fd7c1f04cc694b3d5c857398624734d91cafb36f372a520e69ecc764bb50911f3c600bc93ed9e72f75bf30162473436d552e818651ddd94d802a33390bd69be1c0a0858c37ee6168b299618145c8ce572c8a41fbe357a9a7af8f847d4b9d6973ba677129a65ca9ed9dc97b88090c618d9711f69cb8775d34f0fa3ababde220a6a1e492f5c32f21c065e729d021abe6956e22bf9c8c2aaacb548320775108ea56757040f5a7fd7285df348b407adc2d307164104fa5c16c5fd9a92e7a9b2c6f3269491564ec151c23ad427e4f71998604c5567ac647b5ede2c774b1a56b1952036924f301bdca7ec04c00e0a13d26f74ee352bfde600391afebc90ef601d4aa528a354c71acea686372100bbf1a98cfc147d1b9332e2685c5d95fc68f395d84ff003acdfc81e1aa947d384230c787dc738c4ecdec681eea93560bf8fb3f7ad40651ea2c8e70a799c2e9c1b8602fd231d72207b50df46202a0b1ce4544b808ec03d477f3c9480de149609c7342d4e0ca8ac2045bd965660eddd588995547943db96ecef79fee83c8acfe1dcdca5e1a5f544b61594135d3eb216e65a0c7fa797a7613ef3037ccbf41bb46d138093f5ea46140859f8d56a2ba65e97c6a6cd0c901a4d6c346b2eda35af6c2209ea348ba46c8f7455e4af4a223aa61d8698abe67576325153dc8266fcb0407aa297a234379a60dddbec6c1a56636caad49a4b37ea28f219f2d7557980f51979b45c62aacb0a2e670ee39f8c4524d0b529d2dd3d22c71e5f2ceb2d5844faf01519b11528865c261aef53ff84d1b96b0e60d3fd26c0f1253abbec18f07f2523c49d07ebb934a4d7a96d3cd71c81d7b6d9bcb70864f7a2f43411c81673faf6f363556b78becd1f8b387d72ae39a1c4b2628012e9375f006eadddd9aa34c95749d059ebdc89b0182e7e055597db7c148c73156c990f9fc1004d0fd813fa74cadcacff6e680b8d0a70065eb239f6666e14adb5e839698c26ec8b1af45e9f080482f64f46379325698c6cd6fff2a4ae85bf10cdb5c956950f8ad9a4b217a166299818ba89b3694fcb595d4b1c9e2c13b1f8728218a831d99ff264ec356c4342b357b45edb470d0bf23f331dec336b3e7d90ab615d0e299df29ebfbe5ca5f04e7ff8f89921eb769d6e1d860c90668c3771723c306f62aa48bdee764b0b2fa770d5797a1973a66c9aae275037a2ec520a7ee1b4b3fe25365e5c482c71870a7da2b8f8b795ae6095600b1f10c743aa7ed0578cefcb4900510ebe2237184691c8e2e89837858c8b67fe98c45b8ba45b98ddffb708600ce28ac91536d046ed601078abb0a7fa176abc2c12e27c9def1e34257fe6c1004aeff7cccb51f042f333170afc77dce1e236461239463249b04abf8de65d0b8ba4bf7a6fbb567ce6d4e82e2e7e679cec73966e4cdac6a06eb71055547d0ff3253a314a11b1094c60c7e79348c81e0cf2150e9377eda74c5dc1a097eaa14b1d5b2ce8d728585e739e4cc7691aaaa09a9696e9b3962d67f4a46da7c82af49d7f90450760edd0c071628ef7633c77ec15d4d2a39a45a89bc962b825850add7f4e1464ab91958dc81a278c1b6c4723f7961016a8f1408cc4570f101450a1736d228972eb835c7f6b4cfbf59bef78c06da5a1e17187ad35d8128a17ca63824ef6f80a83b24b5923d28047a494dbbe01c355104bc6172fa1bfa40d1d09e1e82f846d5f027c615f2146f344b363192a18e33c2c7909bc165704cf63f12dd4dbbd5ff7efcb19964681e7240bf4e41416d6b6b6f7682d70939e395cd17db06443bbf17c08868336304d27d57881b2841f302a0f628e46be5481b768fe9abe4e015c75d3f42c7f9bb96479c240bc61a99c6c979b6492c00d41b4c5347291f075eedabb6d4f5fec7ec221060ba7bb0f0ef1c30d580844ae572b462d0b8d01bb0a1434ea6e2d7c047d3a380d87ffcefc68396191de2a5c71b683d4c0e5075af75aead7ce59f31f4045e3df4c83b3b50062d09a6c074374e889f17a0677dc6281d360eafd9d14048cba459cab241dbabf3b38fbc80f6cb1f04dfa8173092234f69e59a0b577543581257377cd302c179bac9ae1e61a1bbf97dd6d7f310e36ee313371b608ae852dca187a398e1c15f4ba10bc74f4e5847a33172e0bdc72c8678cc213cede17c3d9f2f785ca6f8049318e280ff463ec947342af4812c9c4c597b5d70406f12b5a5185128aa672fa5b32b1c84a783857b62b7391d40096c3728b7bee8ff9782340230d2fc89730ab095bc01ff35576a7e1e5cd395988c174c3b710638b01b632923a8ec00835938ed3759403d23341dc843b0f7b6be1846b499f66e60a857fed0a13349a0fe2485f32cec412058a7164efdcd2d6724bd4f0f05a7d2a576d19fc4c4ad5d659b1eb6806d3c5bd4b4c00d170b89fd262e0660ddc4340ca18b84add74174285dac29b9b963da03ec15136c68efc26c2b238cedd4040683d1f08036f8d0742f45cd8cb2d04d2ddaaf4de5caa8ff7b4784d534b1934e0573c5eb36dff6836c68c3b008b24165d424bc4d724ef6389f02198446e7c9e521276579461c2ee11d4a1d08f060d7828b0e0f0e7421da4630e9b6a8e76d5eb88068d86aa702722cfc1b912bc24a2b757a092c546af6f8b6e94a0ce02f40128b9c003dbe5d27f2d641bfe87815e39f6753c3094b51018c1d9f8e342bf9e922891c395604806360903d6c9dfe5a3c528aa480252a220e37fca21754ed417bbf12343b2edc0f7c0c3dc5b95f779567babff686fed65c62240fba2011c87bd786ac1dedaf235bb2d4d7436d90a706865dcd8ac792caa97753ae6cec55a9ba8a3f68e978a1690aa2ae5ce420aa1febc829240a338d78c0f47e47691346e6250a78f85a63e95f17c70af1cb1fa14f87869d4f31c903827c3d9b05883c00eaf0aad590cfb9bec794e7824e5af649965759b9439fead583daf7d8286ee4120029e3dfba95c2297f996c84b6e7c89d5f9aa8bcaa698c3017b8ff4a255e7efc5ef2eed094419b361a45d73497d65196b3d833d33b6e1cff83ed167f270146411504623d0ac4d403686e06a6a46eb838ab4b9f9c4da5a0e0e989fbc617c94abc976a91651a499d8fbcbc561078cfaea0d7e7f2016b24337086468d9a69116b51eb8ee1a33bc63f470a498585ccfbbaa37af1591edffc5b10d33123f695defa2bb8edbb10542beb6ffab97a2886e80dea8a2fada71baa19c1487f49907b7a4b55576efacdd106bfba5f1885c92ba4ceae65acb577b5543f18b95c3ec294eee14da7a0654ac14bd3449830437f1f2de5e82a94aa1ebf94bbdec2340dc754b"}, 0x1020)
syz_usb_connect(0x0, 0x3d, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

46.429230538s ago: executing program 2 (id=7141):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000001f80), 0x34, 0x181002)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000000)={0x87, 0x29, 0x1, {0x58d0, [{{0x1, 0x1, 0x8}, 0x7, 0x5, 0x7, './file0'}, {{0x10, 0x4, 0x5}, 0x8, 0x5, 0x7, './file0'}, {{0x8, 0x4, 0x1}, 0x2, 0x0, 0x7, './file0'}, {{0x20, 0x4, 0x6}, 0x3, 0x3, 0x7, './file0'}]}}, 0x87)
write$evdev(r1, &(0x7f0000002000)=[{{0x0, 0xea60}, 0x11, 0x6, 0x8}], 0x18)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

46.156859719s ago: executing program 2 (id=7144):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000180)=<r2=>0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={<r3=>0x0}, &(0x7f0000000200)=0xc)
kcmp(r2, r3, 0x0, r0, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
shutdown(0xffffffffffffffff, 0x1)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r4, &(0x7f0000000080)=ANY=[], 0xff2e) (async)
write$binfmt_aout(r4, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)={0x0, 0xfffffffc, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) (async)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)={0x0, 0xfffffffc, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r5 = syz_open_pts(r4, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x40800, &(0x7f0000000580)=ANY=[@ANYRESHEX=r0, @ANYRES16=r0, @ANYBLOB=',rootmode=0000000000%000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f0000000040), &(0x7f0000000500)=ANY=[@ANYBLOB="00fb1702089bccaf1ef24bdf169bcd9606eac1acb11e50"], 0x17, 0x2) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f0000000040), &(0x7f0000000500)=ANY=[@ANYBLOB="00fb1702089bccaf1ef24bdf169bcd9606eac1acb11e50"], 0x17, 0x2)
syz_fuse_handle_req(r6, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a302f328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d1ae7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abfde85f1124e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9caa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13766204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edce6c85cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000440)={&(0x7f0000000340)={0x50, 0x0, 0x4, {0x7, 0x28, 0x0, 0x8010, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r6, &(0x7f0000006140)="e0332f8f5747b9f778142cc174a9b5f0244b78bb6346cb5fc9135b8220090ee698fddc241870359d32327f299718466d88c89e68097036bb35abfe03e3c02234dcdb2c7d1209c657485ca1aa3f2fb80e71397b80fca6f3cf2367fb19eb95e5b4a0170063374645d9e020099ffd7def3d94cd29412b3d7b7a47bc70121be848cfcecea78d41a93622b134bd06e84dec07a9e5abc29cb02d5b9091e748cffacf48352628822bab7b24a17bdf4b3f3bd9fb17793496aa6490da3f58039ce5b40745dd63f82d93bed80b50ca5742d67d39029a98db95c9392e2d5fd9a35bad30cfe98682b5a069738a12c3cfd25949106cfc839202fd21c2b28e44be73280d5037351ead2dd1c277d9cc9088c6b14365eb0937ea9685f6b26232293803260f2c8cfe176b55df304bc2865b8f52581afc4beed445ae8cc405cb7bcc51103aef812c41437c5b070a3591ad0964677f4f9017bb300727dfab009056bee3671a9694be2e2f2173fcc06ceba5aed0d93a3d7cd88365c5c354788efcc705e90d572e34e9e566fc206a8167970ecb9cbc43f4d9de4d43688582b6600dfcfc7379c831e756a45835647bd87879a3e3942c61b9ea2c2af35d49a4caa9a109b0beb972996ff8924ea371e15dc48efd12b1203a7f1fe354977fcf9e4ee2c8f210387e551ddb55e5f67ee6bb9bc8772649693b0adf24606e8ccc59f020834d8cbfcadfa1770549fe464dfc412308fbaee8d30bd20c002794bfb923bac6b490841248d12ad9a0e54d1d96e3aff5dc4930a6c8b7c75264a46af7a6339725fb84e0363463ebaaaf58d6b9309ae7c87a8df8c68d2487d684011de1fa7645f3f48cf3bb61bee8bcace2f8ef5f967f2765f8086aeaa5dcc34c84e379a7ddd6438cccb5b8098dfbffffffffffffeadbc4ad2b2ef98412a46f74a171ad056429dbb723cdb9ca9f9f03170dba2870e5988b7cb755599d1eb8f7eaf5c8ded4b56022cb479d0bdfae18f69f9ecc42f4c181ea10838229ba5db7f088ad8d5f77e49c1fd93ed6b983c43b23c7eeb1233f0c114885057a27cd3f67a309e3fecba241836bc92308b830b10b04af6c9595b44e859b9ca7ef079e151fdd500060787be3a7a5b3e23b06ec70f087134504f8b8e7b6799ebfe14f698ba7a813a380e6f92cace9230aa8094a2465f7224e2becad469d0aaf0e48b0098eacfb17abdb69bb2ebba97a09d2b739b532d70db91fcb0fcb38bccdc01d7c8113024ea8b619e385e58d31899721416e10b408504a9c4fcf870d21051227440a616cf62f6637b62eceaee09029f88009be02269cb5e5ed090c6f5e6c652c31214aef301bd23ec2504f90991cd27539c1b8b54db51825e951d076cd0e70f56de4b91894ce22049205483a0fe7d7886b36118bebd96d138980e26604b6e70a7275c6b81501143119a8c2c271558202eda196704ef9ae3c33301e1afbe56d069ce4926bf531d960f3df58192f3da558adc169d48d39e24e04e95c406b34b1f4ed2726ef0f6a67dd84c75636984191d019cebfa883fdf99affcdb4c874614a5312455403895891daf7469d6721583ccd1290ab05b14516f22965fc52c4a528f1a5c20cc133fea279d9efc991ec4d51d2654daceda234f6d3b0c635db697aba3eeaf8356319adba42428266ac09a6e6495ca8f60c1c4e052068511696296e88ef86a591948627ba97df634e0063eb5f208df00a069b1213c29e58cf76f591253d60de9d7c01d29992ccc728140299c429fec0df9d90f83fa2467ce00de83b16d10c7edb80ff8d4b1b19eea9bd1e2783a0d41215c9cf23bc3ca1ff414e3f29aadba00c5a8d5b44c28c10e99140e5428278e54bfd880a93fd1b54b560422ab2bfcf120a7902373b6442c6e9867b19aa0a6b77b1634ab6fd1c8a1d90d99ebb9ebcb89d593562b266fbc53c40501f9298690283c45059b3f6ee278e46cb3904c947446c28af8855b2a68e6e0c0da205a6e12fdd15b393d579039b31c1a54230ac2ea13cf1f5540046b4dcccdd731fff7323c4880e5d2d8668d8a7f08920715c17ef9652eb55f224c82a6fdb970dbf1032403f283bd868a23f4785a6ab9c0bcd2308dba1a1f258ae512cf64784e501008db366ab7093a6cc4b6ee86154d44a1a15c10834602dd5ccf730f6d1142ac19d113496dbcb80021cb5733924265d082a8453b5c21e0245e4a2627e8df090da6a129ee49c58c1a7437369acdee15f5e4e5638f05d9f6391572d9890219def702a013a2b05239664dba44feec2a9508a3200b47de03e6a784bca2f3633df534af33da0a95a34ca845b61a22ff55a5a4c04ff9e06e7162f458a8c56e106e75ffb76a921f4057dd73d5f3801aa78ca4c78d6b79bce560404c2fe3d57876287f73e84c27c486ffb997951f9e0b3aa81a5e7804ac7360add11e7851842d0ed8df041c999e50226fef006373bbb53d5d8e9d1653924e60234fd0b6645b821746f3d88591ff66e294e8e958ca425ddbc7d604f7cbbcb9d5fe0d4ad53878eb16bc801def1005e1eb12a6d4924d2179948e7aa542f2600ba3c6c600629d64c529c7326c1f38aa4e1a6cc259e58f86400d65d67856c8f4fffc33ad4c279dc05367307f562f8127f37b03c3cf38a97cfde0c02aad8ac40d347a9e0a496f227c068dc6c666fb2b6a18990f607399b0707d135752d93739e1840b5b4c125c81eeeb318869b408f87778451e49f3ad988a8aa97672989ad367833ff7e7f0e79c37ac794fe466623e122127fb94ebbc01bc775183b26b2dc407b1aa1a55d4ce04dbe1df4fba0377fea4c4bfa5a37c4dd733fd116b9c7f50b11dd512ad68646b9ddca295fe27bee78476901fbb5c8d2856ae0e9e21ab26e3587c1325f1fa28edb4081f2ba309d5fc39f7f54abbd0d5a152c2f7e3a8b3a5ef6e097b109061c91124f41f33055a7bb86706629f614d40346715cf2fe387ef4e4fc6646839824d3ef85eeac85bc5e681320f6fa7057e0a10de8c4678b48510f77b91bb397dd1209eaba8ea1f237c348e9e0d7af1229e2c04b6560e48e3a7491f3066b63a8923becdcfd8594c1c55098a51283b599765b049831cacd9478e5e996c778d524b476f6677218c94886d7548be7617e5796e35bb3c9b13d70e4897867d85f0350e9329985f051fb556b861aef7dead54e6b29b9ad837cb4774f47a5371ef034e3ce0113e67eba8842f4ac5b51a61315bf050078c710dcf14371d9593730b1d0302ef999f488bbf42b7360171da98ad68932bda4937358fd1d0c2bcd04f7dbe2beaffa0d53cccda316cb19270cf4aa56695ef3203b49fe92d1623cc1d714da6b8f94112db1781562ab2ae50bda23debd55da440434299c992f2f8c264310d6d8ccdd042737db0253d6889d8bf36fe99a131b73300c9798b8fd58b5fc681b97e71230cd3094e441fe5cf1294bbc28f41146f06e39d5e19e673dd489dbddfc16fe281160a8008e375025cbf25e84945f2f0a5ffb2cd58273328ea9d7533b2f0861eff95823cea18dc1877183fefab808bda0890f91f1d79b36953b138fd62caea3411900647a4afadfecade2ff6274175f06614d108daaf9821c413a137e33c826957953bb39e2f852097f978c3577abcb71d68b45794247d8e82614979708f6d6d0e469828206b22913d6d320d815d42c0d943640c63196f703f946089f535eac511e26c6a5a529e875eb15aaf65fd50dcbaf37a009f2f9081cdbc744cf7aa2336913e89f1961581ad4bb6aeb1d23a787e2d3f99639871df5842c30581263d5139128f0a3f37ef48bb636d7aae06581de6baa55a12019d3ed831950915fdc1eee819dd01047bda606f2852699529718c99606246a92bb1dd9435d8f3a48646c0e423441bc783be358c0c91e6846419b6c0a81354500cb2721834dc11ba40c3bbe5717e5142922a168ca0e20fc269ea584c7f68ff7cced62c4277385368b4ad596b79c45a9c4575c37f300cab37a5693cb777fabed412934d3a77505b17cb2628119ddff45f3fcbffb50386eb9cfb6f82b37fa852ad4b65bf8e2898b11bf051cb7fb0fa81cbf81b9ceebb05498aeb2691eb15297edd682976d5a4f444cdaa82f063bc4482c28c4e6257c7cf3e5ee5a502c6527b77b12725e7526ff896ee2f8066536dce04d63072a34c19d533d4dbdb93e7185482cbf7510c5eef2f8aebebad011727cd8061a367b7e1868252bb43d9a74c9c6a10539e357d5367fac69a9296fe5a79a2e5b45950ff462e0e882aa32ff7f29b5644e5311f3e0b076c58683de29ad9dd8b2c92a41ca8313ac997e44981e82aec550bbf6c88adf3d54e9fdf93d9dce95289e9086043d888f19d209cbea79f8f5b2c81b2c3889eae1cb5305e282b883c4cfa3798eceeabb442a74ff6a8470020a296ef01d8e32553663c844e67e5a3a44375f0074ce9547a6c489ee86d7652219491f35c6b904d51a26c3d2cc77d8ff97050dd0d0aed4a1ecf1db7ac48673a1dcc70ac16f709dcf4b90148aede5302111ceaa3a81c49b724cfa206283b62513f96c1da77efafe2d2d08a5f391ab690b5d974ceed2e95e85b1039def0e94c79cc0aa1de1f8133e985adfadf4a657710487b265bb6692fd2b91a06ac98d50b052b8a13168e2638b93209238fbe67f4590a81a2cdbcc479ca9178720a6ec05bc9457f27ad2e2fd2f4e9c643ef85b6287a01f7fd597799cce7d6464ed3c95110733d4ba92314ba3dd81e51f541a6e37f8bb14376e41560f9049b4ff349a467defc205f915a345b5f06d090645180ca642c719f03e9813bff7fd635660efe38b022130d42f2cedd792bcba2bfb14385c6d1cbe5ff2e38c22f1f8d5e4d93d296042507e43f24ff904827b16f2a3572d26078d7fdb0cfdbe2e6bee07b94ae441e510681c96f97ef0ddbd7efbd80ce0689f6e2022a189dd2937d3eadd82a154a5fac91b5ef48523706957b8d5f55077973e9a036009d745a6df39ba154dc59c4ef784d62b3f2d782dc508242a1b0e4cc294b6e62e98ef946f0d984c3174cf86b8a0beb615f046ec50dd0c8a9c0f36df60bd162f1130f894085e7c47b6c28ff336f5d75166c1840e7ad07204fc10ce976505f6aece0316d8c65b973f61cea2fe4c6db722717985c25249f041c07a86b878702a8c9ab7c33fe41039041aa38489b02a28f18d69ab34619e9e35514c54592c8059984ace64b5302b5f22d68c35c7ffb23c63ce877a1e1b160dd2c329eabcc0e1e3072021bd811de3c0c7a68af20ddb9e2912b7eecc2a8cf083a252d0fe31629b20559f7b976e4d8625644385c692b8cdc2886a42d750962d0dee10a1546ecb7ef961216cc456d2450a44aab07014fe0be076ca6bcb46b644af844b2ad8b3817f1895a5d579af3dc937541f4b7e9203e7a7af534b406d8f6e3bc555d767603122ab1c4e62de19d6af63be8e39fe45732859d6d92e11f1a847f7d62764b6364aa7f95f03cc7deba467da5be71657ae50ff6bf93c51efb7d19ac9887e92fe5f3c9d545209eff307c9e02073bd3404827e148aa63c135ed668589bdfec38cb47716201a9d02f1b03993f89e96b33b32e52ddffb0580dac45422ba7a3fef76e519a3dc8d12eac60c2d2f8c4303aafa3e80135c403360d51c9cdeba3ffb31e664302f587e0e983ede7f9b2bfe2bc64bd5029cfa88445e043e08f3e9affee25e980e75d2664738726e3d2eade7dce0ece78a514bbbe5a54c121374d079e3b05996052d66889742232b73e950e1a9892e7352c9e546a8cfb48332d2b2be6327208ca51dc2869a562581947f62b0d5bfb3e0911d4854f822d6738b4deb195840d2bbae0b074b8d1e1010c24ec00052dce7d259e3044aab1a99d261fb3b49cf09dfc85473f94db06d49e202ca12182283d48144f8389a5301679901600bf8130d36315b277a99204b85a1598f84bd2d4c4893108f6717bf44234181467d6eeee61e1823268b5c60bf04d0e13e429f411b51adfca20ff1a1b1eee203d59b03da1643c3e9fc474a91470116c6c5275542adb10f3adae2ae87e88b93f334e0ceb6216fc081e8d84d8b0a503196dc50599b22b89b807627b427a815aea0dbca69e5fb215ee996395d8a21a1c67ac295be33c6517504e1f00f579f8c484873cc670b5b9e787b1c30ca1f0b25f8bb8f4bde3b3f4fa730c292cbf97b25068ba9c65f78c555d5f75d52a57958d7111e824f3afa16484f625abf62afc80654c36fd9f8284466422fb18e08274e8febc719d45b784974d50d187ad2349429af3f7930252a4d45997762e9d5f5493d408ca144532aa89aa3d43c46951dafb8f81794e2e9679ce238cfe86e104461032819d62f217faa71fa9dc6da8861015567d1f7309090e25b7015dcc6d72a5e7ba53296ab1bc72467ac50831628cf5238155aed3fb189a8b527ebd38771e16454fe51e3edde55cea454414690491207c23f6cf33aaeeda432de2d1ede04e039a16245e66cce6f4e4ea534f290f02a2a81a46d6ffea7967dfbe37461f83d472091156594852823392efc953f4ac099d74e2d0328d9f47bd952352981a34055acd0273309484ab56afa85ff0c22fb53ac5d7cc8e346b4c2f38a4e2451738146b7b90c14f826c7dbc1b2be79d83772a8d629f2dfaf15286a15be1ea22a05d4ee3de6a6bfb7e208dbbcc88e77baac940d6438aeeb77c3a32db08b46e79545b65f7f3c1bd433092bc9116668c338ab35c01cb5871167868c6b61bd4c0ca5f96e5ce2465da06c4a320839f3bb7c0dffd40d5bb9a32fcbc6f691787de7211da062616272c77c62ac83e4cb29fb954ab27d9009877b79be54acd336bfe2a6e087abaab004743f5ea4ec8ddfb8086920e8e458a413adb98077a3cf860513cc8a453eb129556c871be7e7232a6130c4332819ad17b289fdb31f8f8854dffb4cfeca6d792567b444c750820a2a8a2e0f93779e61a4966650909369fc8bd5bd2bad4ff95cc8a14f6cd83ae6411b4bfe1a9b5cdf1fcf32c54cef1731edc47d41fa581376b25006fc859b98805d70a157e501a2cb2ab425340965213adfecdb5addb2b4b2ec5cc6935e4e279bb98283fb20dfcd8a2c91aefda9dc5a57bba4d8803d1eb0f4ba9529de01e39c2aa60a91267c31d036a3f669b9377661837f58c6950fdf38986ea13ff5e9c4d966bf999002da1a854d54aa225b259d91eb88425328e7d13b06dea321a151a8dfc44755214da97168e8acf027d66b7fff45ded94fcde53ff80342d4595644549c4ed827225596e2b30480e94eb049b6cd718fe8424d044bb5098e0206047ddb81755e3cb92131dd47ec754b64c4b78f663e364cf8a74cdd9857c81316dc4ccd5f02a84b310abfbc9d6a23ee6d1eaf6b8fc1544cfeb06002c8a40fb0e49859d2073a7b1cb112713518ad5e007d0a256f901469bfa5cae98841f877faeb584d41bfe695da72ca5700ae085f39c99f769502ea9f43c0b84ca4611441d5adb3e5d0a426297e535258748169cad487f97d171c0630642943508206ce648aad2971297f3d4037d73e5fbc73460ca7401b7dbd7807273ae077a81fd0d4bc90b6068e3ec95afcfeab16619306fb23942a4308e8253b35f4912df392dfc5daf35dd842a5a1f78fc294cbdbd504056f0c7779121b5b3db7461e437347452476f3b0bb22e63aa23cb9d3e797c6c95513058d8fb2c27864ac0e1f5001c988e29c79bfa4236c7be41dee5561d825c1f0fbebc0c06cc4712e88ad5efd94f4eb4e93794af42a9752a2ebc57dc2f3881c75bbb23ad25b69619f9f5b07fe114ba291d2b5b4c1c175e1aa3ee3eda55e6126b3ad1e613bf8e0bbac727b879e7796fa0ad100893677a18b53f5eb31db43a97370d3749afa92fd0291fa96b05daa6beb43b9c1c11d9515976976d1cc1e44f35d317299ceb68ea2545f2a2b92b4e1046f6f92c33aae6995593189bb2611576599fd765b8e6fe2e88674ffd57ee8252287b1904d622c36a502db45c72b0d5fc3d983cc44bc955eb43911404667a4ab147d72b69ff2514dfb820ad75758e85df88499cea94ed658b4c1c2f49fe2bbb8d2dd97f844a6df289296cfb9cd5bc8d17aa235e2c4501b1422b25acd6dbc3a91d03904c545320524f9034955ab02f5d058097c37d23984baf808d28b3e12821eb8919a77c1b6a8bdeceecfcc487c39db592817dd378a7c5127b427e7279b2a82f6b8eec6b3fabe0947e353e7a386475b15011de93e2f2891f772ef90f4aba1ee1c4d7321c81ce4dcaa378daeabb93182c319494436dbe67d252a01291cacb59686ebd53c6df21c083e98fa299cf5e9b59f1ccea95c62b1437c8ff8754a6372b5b879ebc3241f6430871eafe35337d75cb68c42862846df4342ab434f7f0a7b9f66824e1e696e3dbecde179592774b7511e5a7a1a06ba601eb5f2a935c7cef0f83ecd412a84afdd05120fceb1afb6445ebfcdff8fffffffb75dddccc45afb4f5bb1308d39309c92c0b61a322d5229881fa5d598113cce54107036ca9f63fe863d257c706fe89d5c7ae59a459c6f15ba48d80da4aff541797b26418acddb987df3544bc4918cdbbdd8dd1bc2163c89635044e7b4da878457727a667c0146a12b4c46639497243259bfe4aa5ea50eb79f39fa9209256c9a685e3e39d6d8b6a9ca7d3554fbff0908ad6c6ecf68e506c20b16cd4a98e3ada9eb0cb3eb0b75b13b6d80bf99eddf2282da52cec085d3a725b71c29395d605e1eb26143290946a3a0d24347fa46145735dbf4eabc12150b8d5f7eeca804d7ed1fecd0132d1b94ebec65cbc07dfd4d54a5140567e77c646bd92666922c43aca8e482c59b970fa43087eb76d6715e4e8e5ebe54ca391383ef685b133534fcc1e5c5eb56f9d76a888506c4ac8d289c37039e0c4f927b0e11e85c5c7ec1cf4b19bebee6014cb89ee57f2ade8d166005e956d46a0c01f60b58299479e8a59a2e88f1a7ffd08b27d92fc2772b338959bd0a1c9cb95075c3cc17043c818345b29b76c0b8ed41c8c7259cc780c657cb9509daec1558453cfe061f54e08523a55d3223897559d51096b680802140800000000000000322e007c2af0c08867291dd732bfe4b24d1d5ae517a7f5903c369ac6b157d42eb6ca8c0d7b50fd533a56c814e7cf04db3012eebd53ec1b123d65ab1e462dc19182b690d56a88ad5a1f4d89f1749b005e88085505cc6d7de8eeee08def67bc1d1519d44b7a62dc07e491f328f786956d9200f00d78829e6af7c1a5835366201374b9487330920d4c57e2f7073292e173acc2424bb0d5e0e9448b4c02f9cfc99bc408110b6a3e9bc3799e4b178c2871069bc7d9ceba564378f02b2932c36f159478b5facd452b595a86d119216af9d860bd3997305320159a69a70fc62284141d23d2dc1e5394b271d99e5570450f1c55807e96c7cbe1b7c2e3e96f69fecf0f375e36e0d2acf145ce2d996c1909402744cce63664a75e480b197c345360321e830e5912d1d7bfe5a129a67fa98e6eda5268fa588047859daa11d087d0dbf0ccc7e120e3a5820cb4f5dc06748317e3f866518eb66e39dc8a68a7411b3403fc8eeab8283dee4d767e8e5842ed922e03ae5b3c9c494d5ebc61527ccd1222740fedd9e469ba6b30761cf387d654081c7e63182860e4548748058914a9cea01caf074fe6a78fafa2b45c516f9f20af9ac6773a400fa9661a872f6b55f0ed52a9be9e9c35502604b924f0eb628d6545da322e0713f9a5587e87e4b04fa495423b7c72093b764adfd1430a2e608b7af3d2bf80fef00e5b69abe386618274921ff57621bb99739de2e066ff17e95eba027f6a35170af3a69e93359a9643e155832d45c1aa9a8f71ad35504b99d3d0a1c11ae108664ea36f4dcded083aee17ac9efe7ee3fdf7b63c7c09bcef62caa88708510d45cea79d323083ddbfe7e5d3d9138f206a7af82ef1d26c85015c3e55a285a35d0052546493536b9061db27291a9292033753b7bddac63dac6f6271689240e43523c434a65e1d35299e386c953d0c92f21057e0b7883e049d20961e75069587eb3df6206496f76bbfd96635bb19837ba2ab193d79072ffb8829306b63697ff104a65031b8a38c24cca9ba23d5cdf753169a00fe2b2c3849f234a7029b657b3324c10d553e601aa97d17024f7bf5a99f96392f4a079a83daa27f4e3b512ee8536e764ce4dc36fd0874dfa502a693e55bd9f116202c5e906703e2c43d84448598b7af78aa60a205c152841e75e23436738ccaa6bbcef87e6a237d86d1a5e38e56c162cd6d61a4fb8b410b1643ad557a22348edfa82c23db11c9abdd8141fce263a66537512e93a930a4801ad862a902c7c1e00eb7c7466b1351318b7196c2a9016c55a05e104e124bdb568132f9397e31b10d04e5284bd029ea2f6a3ed11854e09b5871d6a725c21a9ef5d7e729a90a8206d5f61e6e42e47dda3e31b9134d47872a0dd7a576b665ec6ceaa5fd7d85ed7feede9ac9fc23e40241c0318077edda75b62eb271e28fb3705f7b4950c14b721a3a74a7a4e4de02cef5de76a1602b906016c0892ef37db51b0a1dd53f28b3d896f20abbad1ad0e0220960423267fc6e1779d1150fd584dd184bb43278d2d68ff21ac0daeef5408348cb80f4a9e0e606f6048bbaa517289451f084fffb63c5d904788cfc310b5495528a58f4650dafc4e4675b99d35ebab710ac6fefcee6c51a2835510fb6d2dbd8f97c3e53fb7a23c3f3c0283eb2271504581b9c1fa31e35c117e56a5d668a9c57df3b4e1129ca019a8b877fa4a22768dfbdd9d2154e17f4a7755b065090d88982471bfb242d89af5c6782693a6ab1b1be74dfa5655ac3b5ef4ace8dc595803cf4025bdf5c0e9fbe7a12a3a313311809591da08a2cc6cd8480dc960e1f79fa208440a0e589be5756c36d5830a51c4bdc39c2a85c0431bae3a7331b2ffdf23623693d343a7938a8a8a4dd4d523c6450a705bccbb38427f06f4f84a18adf303c0ddecf4ce2b6cdde4e09a4c31816195f0fe9f05fcdc0609f8a75ad2f23d5c24faaf346c13ec0512a5c29477ac561c878085d1a323f6bab08e2fb9ee57d7bb621ef21caf3609d74036c6dc1d7be0b6058d89dcb8d9aa4462fa0a740be66e3fdaa957f27c5a26dc586ac8c927ab2d7cf1b761798ea4191be8f4423cf1a6727d0c5f27a9969a753573afa584dea82678f3471ba36d726c396d68c671e579120f1a11cd50fa66b26fc2d6cb74ba07edbd5d3a288cf58ed1255381df02b2fb8983b7cf833433d1ab8fdef12651c3507e4b69fbc4b234678cca36761e8da434e5f036f204a1400da15277ef27ac140e2d574b89c0fd617da27e6ce862883bbe81c288834b9477d0d440c15dad505b363fcc1cfef8e2e3a96438809505844196acd0af751dedfced67f209c2ffa9c6da842c93ff4b5fd54a67df904f2f31b4236728c99582a667a8461d397770a657ffa7d514b0f076d7f35e9704a836e7882a2acf0a0ec2158ac7234953c3696abdc791c0b163ee76fbcc5adc18b6fa0f51f76f3d313a0d891f1deb69f6e44289b1aa43a768b8d13270959763a2c45129daeea493a5b0d7b36753b223dca9a8037368653400", 0x2000, &(0x7f0000000700)={&(0x7f0000000100)={0x50, 0xffffffffffffff8c, 0xffffffffffffffff, {0x7, 0x2b, 0x0, 0x300900, 0x0, 0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup3(r5, r0, 0x0)
ppoll(&(0x7f0000000140)=[{r4}], 0x1, 0x0, 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r7)
sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0193a2e89a00000000001fffffff04000180080002"], 0x20}}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
fgetxattr(r1, &(0x7f0000000000)=@known='security.selinux\x00', &(0x7f0000000040)=""/85, 0x55)

46.040112589s ago: executing program 2 (id=7146):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000800)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2, @private2, 0x1, 0x6, 0x0, 0x100, 0x6, 0x5c03c3, r2})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_STATUS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c008000", @ANYRES16=0x0, @ANYBLOB="000326bd7000ffdbdf25050000000c00050000000000000000000c0006000200000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x400c091}, 0x0)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats'])

45.957860366s ago: executing program 2 (id=7147):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20102, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x25)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x6c, 0x0, &(0x7f0000000180)=[@enter_looper, @decrefs, @dead_binder_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000500)={@ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/97, 0x61, 0x0, 0x3c}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x1, 0x2, 0xc}}, &(0x7f0000000280)={0x0, 0x28, 0xfffffdd3}}}, @clear_death={0x400c630f, 0x2}], 0xf7, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832ee972c31e6a0359b8b206c9498c06983956a604106001a616cb4d1c1bb6acb016cfecfc7ec3b0b2b9ad9ab9ad605bc7f30634cd84a3fa558165a23ef2774c87ec29f64cbf0b7d687933d9e1b3d23238f45fa89ff9f03aeed168cc4492998e962f5fc8d328b4204e969666ffdeb879c288373569757aa945c11bfc5a6d01cefde1031b79382c34c2da32f2058e7357c3d1fa5931bb923f0ebd396a976c32940686"})

45.804921418s ago: executing program 2 (id=7148):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x24, 0x2e, 0x21, 0x0, 0x0, {0x19}, [@generic="a890bf6b68b722a6fbc30cf96f8c87"]}, 0x24}}, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x40000000000000, 0xe}, @ptr={0x70742a85, 0x0, &(0x7f0000000080)=""/31, 0x1f, 0x1, 0x39}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x400}], 0x52, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df52fc"})

45.765348051s ago: executing program 2 (id=7149):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0xe6683000)
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f00000000c0))
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003640)={&(0x7f00000035c0)={0x2c, 0x2, 0x3, 0x5, 0x0, 0x0, {0x6, 0x0, 0x7}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x20}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x15}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x12}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x4040)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x102, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x244a02, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r5 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r6 = dup(r5)
connect$unix(r6, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$PTP_SYS_OFFSET(r7, 0x43403d05, 0x0)
read$FUSE(r7, &(0x7f0000001180)={0x2020}, 0x2020)
r8 = eventfd2(0x8, 0x1)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000080)={r8, 0x4, 0x1})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

43.985056624s ago: executing program 0 (id=7155):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x8c, 0x200)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, 0xfffffffffffffffe)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000280)=[@acquire], 0x0, 0x0, 0x0})
r3 = dup3(r2, r0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000000700)=[@decrefs], 0x0, 0x0, 0x0})

43.91590884s ago: executing program 0 (id=7156):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000040)=0xfffffffc, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000080)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/227, 0xe3, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x10}, @ptr={0x70742a85, 0x1, 0x0, 0xffffffffffffffe4, 0x0, 0x32}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

43.865919284s ago: executing program 33 (id=7156):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000040)=0xfffffffc, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000080)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/227, 0xe3, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x10}, @ptr={0x70742a85, 0x1, 0x0, 0xffffffffffffffe4, 0x0, 0x32}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

30.570920812s ago: executing program 34 (id=7149):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0xe6683000)
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f00000000c0))
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003640)={&(0x7f00000035c0)={0x2c, 0x2, 0x3, 0x5, 0x0, 0x0, {0x6, 0x0, 0x7}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x20}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x15}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x12}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x4040)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x102, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x244a02, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r5 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r6 = dup(r5)
connect$unix(r6, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$PTP_SYS_OFFSET(r7, 0x43403d05, 0x0)
read$FUSE(r7, &(0x7f0000001180)={0x2020}, 0x2020)
r8 = eventfd2(0x8, 0x1)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000080)={r8, 0x4, 0x1})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1.946437284s ago: executing program 6 (id=7438):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x380000, @empty, 0x40000002}, 0x1c)
syz_usb_connect(0x0, 0x24, &(0x7f0000001fc0)={{0x12, 0x1, 0x110, 0x81, 0xf8, 0x2f, 0x8, 0x1235, 0x10, 0xc24d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0xc6, 0x8, 0x0, 0x9e, 0x6e, 0x88}}]}}]}}, 0x0)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000480)={@multicast1, @loopback}, 0xc)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000000a40)=""/61, 0x3d}, {&(0x7f0000000340)=""/182, 0xb6}], 0x2, 0x8, 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x11, r0, 0x45809000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1cbd81, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$BLKRRPART(r5, 0x125f, 0x0)

1.756187269s ago: executing program 4 (id=7441):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80080, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x13, 0xffffffffffffffff, 0x0)
r3 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

1.173285816s ago: executing program 6 (id=7446):
pipe2$9p(0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x138) (async, rerun: 32)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') (async, rerun: 32)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00') (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) (async, rerun: 32)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) (async, rerun: 32)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x400017e)
ioctl$FS_IOC_SETFLAGS(r1, 0xc0189436, &(0x7f0000000140)) (async)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x400, &(0x7f0000000100)=ANY=[@ANYBLOB='noswap,huge=never,nr_blocks=G'])
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0xe) (async)
read$FUSE(r0, &(0x7f00000029c0)={0x2020}, 0x2020) (async, rerun: 32)
accept4$tipc(0xffffffffffffffff, 0x0, 0x0, 0x0) (rerun: 32)

1.172847596s ago: executing program 5 (id=7447):
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, 0x0, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setpriority(0x1, 0xffffffffffffffff, 0xd1f4) (async)
getsockopt$inet_int(r1, 0x0, 0x14, &(0x7f0000000080), &(0x7f0000000100)=0x4) (async)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) (async)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) (async)
madvise(&(0x7f0000e28000/0x1000)=nil, 0x1000, 0x16) (async, rerun: 32)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x7f) (async, rerun: 32)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 64)
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000001c0)={'ipvlan1\x00', 0x400}) (rerun: 64)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x204000, 0x0)
fcntl$getflags(r5, 0x403) (async)
connect$inet(0xffffffffffffffff, 0x0, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

1.125059279s ago: executing program 4 (id=7448):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x11, r0, 0x45809000)
personality(0x5400004)
io_setup(0x9, &(0x7f0000000280))
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x809}, {0xa, 0x4e22, 0x0, @empty, 0x7fffffff}, 0x2, {[0x0, 0xab, 0xfffffffe, 0x0, 0xfffffffe, 0x20008, 0x0, 0x2]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x4e22, 0x800, @empty}, 0x0, {[0x0, 0x8000]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x4}, 0x8}, {0xa, 0x0, 0x4, @empty}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x89f, 0x8, 0x1]}}, 0x5c)
setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000340)=0x6, 0x4)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x2000, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1cbd81, 0x0)
ioctl$BLKRRPART(r2, 0x125f, 0x0)

1.066207924s ago: executing program 6 (id=7449):
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = getuid()
setuid(r0)
syz_open_procfs(0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext'])
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x24, &(0x7f0000000380)={[{@no_bf_cache}, {@rlog_wakeup_cnt={'rlog_wakeup_cnt', 0x3d, 0x8}}, {@rlog_wakeup_cnt={'rlog_wakeup_cnt', 0x3d, 0xc}}, {@read_timeout_ms={'read_timeout_ms', 0x3d, 0xfffffffffffffff7}}], [{@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@euid_eq={'euid', 0x3d, r1}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'binder\x00'}}, {@appraise_type}, {@uid_lt={'uid<', r0}}, {@appraise}]})

985.151921ms ago: executing program 5 (id=7450):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138b, 0x4})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x78, &(0x7f0000000100)={@flat=@binder={0x73622a85, 0x10a, 0x5}, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@binder={0x73622a85, 0x100a, 0x1003}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

882.720209ms ago: executing program 1 (id=7451):
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="36000000060000000000000000000000010000000000000001000000000000000d00000000000200243a2c5c212f7ddd5c295edd2d00"], 0x36)

875.75239ms ago: executing program 5 (id=7452):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000580)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f0000000000)={0x2000, 0x19c000})
close_range(r0, 0xffffffffffffffff, 0x0)

733.174841ms ago: executing program 4 (id=7453):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
write$binfmt_aout(r2, &(0x7f0000000500)=ANY=[], 0xff2e)
ioctl$TCXONC(r2, 0x540a, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
write$binfmt_script(r3, &(0x7f0000000400)={'#! ', './file0', [{0x20, '/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda'}, {0x20, '/dev/ashmem\x00'}, {0x20, '/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda'}, {0x20, '\',!\'$*[%{/}'}, {}, {0x20, '/dev/ptmx\x00'}, {0x20, '/dev/ptmx\x00'}, {}], 0xa, "6ab0d7304934c9ab089caf0ee8d8394818ca19a82c733cebaf50b6f4238d9bb14f634411267e8df5cf73fa0731368b71bc517a351ce4da3bb949e6b287d21f39fe6f584493e40087bf92f8fe1558609de4d06ea0ac2258078c0ab582a0d794178cd6dcfd2b6b4a1cc3e0ef88e6820545b5d712ab9478faaf260f88e6c438c7bf871542a88ce09989d4a9bb9e7f4f39dc25262196df736ea7a725f6fe4998188ced2653cd222263e2db0a4ba52b8558271532f317e7710823b495c9143de710278d0f9d4ed4f77d420b6430786e7fa8c71388156548e1c231e7326b"}, 0x385)
ioctl$TCXONC(r2, 0x540a, 0x3)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100))
mprotect(&(0x7f000001b000/0x2000)=nil, 0x2000, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10001)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f00000002c0)='/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda')
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0x3000000, 0x11, r0, 0xd8ced000)

732.144941ms ago: executing program 6 (id=7454):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00"], 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
socket(0x80000000000000a, 0x2, 0x0) (async)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xfffffffe, @remote}}}, 0x109)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r1=>0x0})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r2) (async)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r2)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000dc0)={0x14, r3, 0x101, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x4810)
setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000180)={@remote, r1}, 0x14)
socket(0x80000000000000a, 0x2, 0x0) (async)
r4 = socket(0x80000000000000a, 0x2, 0x0)
r5 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r0)
quotactl_fd$Q_GETFMT(r4, 0xffffffff80000401, 0xee00, &(0x7f0000000440)) (async)
quotactl_fd$Q_GETFMT(r4, 0xffffffff80000401, 0xee00, &(0x7f0000000440))
sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0x50, 0x0, 0x0) (async)
setsockopt$sock_int(r6, 0x1, 0x50, 0x0, 0x0)
close(r0)
read$FUSE(r5, 0x0, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x400a00, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00')
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xfffff, 0x0, 0x0) (async)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xfffff, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) (async)
setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) (async)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

696.423284ms ago: executing program 1 (id=7455):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, 0xffffffffffffffff, 0x4a58c000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
read$FUSE(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0xffffffffffffffda, r0, {0x7, 0x1f, 0x402, 0x206f01a, 0x0, 0x6, 0xfffffffc, 0x1, 0x0, 0x0, 0x112}}, 0x50)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0x5437, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r2, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000180)="d2cf4071eedf8b7b757ad2e20539519ec6afbc267e1742fa0baeb3a05c4375108461", 0x22}, {&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190d54bd6f6c2c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c", 0x21f}], 0x2}}], 0x1, 0x4000001)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f00000021c0)={&(0x7f0000fef000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/4096, 0x1000, 0x0, 0x0}, &(0x7f0000002180)=0x40)
r3 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r3, 0x0, 0xe803, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000a80)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000002140)="df6b", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000200)='\\Q', 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000002200)="7ff2000000000000d26e89867d77979dabde14b6ddc26d385fee89bb810300030000008923a7cbedd6e9a559389671", 0x2f}], 0x1}}], 0x3, 0x4000051)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4800)
splice(r3, 0x0, r4, 0x0, 0xdef, 0x6)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000002100)=0x1, 0x4)
mlockall(0x2)
brk(0x6)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x64800, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f00000020c0)={&(0x7f0000811000/0x1000)=nil, &(0x7f00004a2000/0x3000)=nil, 0x1000, 0x2})
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r5, &(0x7f0000000300)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e20, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
r6 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)

646.335898ms ago: executing program 5 (id=7456):
r0 = socket(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000000)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc)=0x1, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f00000000c0)=0x4)
write(r0, &(0x7f0000000980)="a9", 0x1)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000282000/0x400000)=nil)
syz_kvm_add_vcpu$x86(r4, &(0x7f0000000140)={0x0, 0x0, 0x18})
syz_kvm_add_vcpu$x86(r4, &(0x7f0000000140)={0x0, 0x0})
ioctl$KVM_GET_TSC_KHZ_vm(r3, 0xaea3)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x6c, 0x19, 0x1, 0x0, 0x25dfdbfb, {0x9d, 0xd601, 0x9}, [@nested={0x50, 0x12, 0x0, 0x1, [@nested={0x49, 0xf8, 0x0, 0x1, [@generic="e02b4221d3c744305fd369f30020dc8fcc58a362542a963097bf883548fe5ae164e5e6f4e0fb772aa1dc9e0330c9c8d1a98a1e02167abc021907e655c6053ebde9f7c472a7"]}]}, @typed={0x8, 0xe, 0x0, 0x0, @ipv4=@loopback}]}, 0x6c}, 0x1, 0x0, 0x0, 0x5}, 0x0)
r6 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r6, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r6, 0x0, 0x4, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

521.242868ms ago: executing program 1 (id=7457):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x220100, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
bind$netlink(r1, &(0x7f0000000580)={0x10, 0x0, 0x25dfdbfd}, 0xc)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x200000, 0x0)

520.944548ms ago: executing program 6 (id=7458):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
write$tcp_mem(0xffffffffffffffff, &(0x7f0000000300), 0x48)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r3, 0x0, 0x18, &(0x7f0000000080)=0x80000001, 0x4)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff})
r6 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x8, 0x0)
sendfile(r5, r6, 0x0, 0x2af)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="080086dd0001110004600000a60c6eec00be00443cfffe8000000000000000000000000000aaff020000000000000000000000000001"], 0xfdef)
r7 = socket$inet6(0xa, 0x802, 0x88)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22c81, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000005c0)=[@text64={0x40, 0x0}], 0x1, 0x27, 0x0, 0x0)
ioctl$KVM_GET_CPUID2(r10, 0xc008ae91, &(0x7f00000001c0))
sendto$inet6(r7, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x9, @empty}, 0x1c)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x8f1f9000)
r12 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r12, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
setsockopt$inet_mreqn(r12, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc)
r13 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r11)
sendmsg$IEEE802154_LIST_IFACE(r11, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000f80)={0x20, r13, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000000)

464.372973ms ago: executing program 4 (id=7459):
r0 = creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
rt_sigaction(0x40000022, &(0x7f0000000080)={0x0, 0x80000000, 0x0, {[0x400fff]}}, 0x0, 0x8, &(0x7f0000000180))
r3 = dup(r2) (async)
read$FUSE(r0, &(0x7f0000000600)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18, 0x0, r4}, 0x18) (async)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000"], 0x138) (async, rerun: 32)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@aname={'aname', 0x3d, '!%()-\\)*'}}, {@debug={'debug', 0x3d, 0x4}}]}}) (rerun: 32)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r5, &(0x7f00000029c0)={0x2020}, 0x2020)

396.445968ms ago: executing program 5 (id=7460):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$incfs(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080), 0x3f00, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000540)={0x73622a85, 0x7cab6ced6415609})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x57, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832e"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x90, 0x0, &(0x7f0000000480)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0xa, 0x2, 0x35}, @fda={0x66646185, 0x5, 0x2, 0x18}}, 0x0}, 0x400}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000140)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x0, 0x0, 0x2c}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0})
r2 = accept$nfc_llcp(r1, &(0x7f0000000600), &(0x7f0000000340)=0x60)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000680)=0xe6)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
mount$incfs(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, 0x0) (async)
chdir(&(0x7f00000001c0)='./file0\x00') (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) (async)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080), 0x3f00, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000540)={0x73622a85, 0x7cab6ced6415609}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x57, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832e"}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x90, 0x0, &(0x7f0000000480)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0xa, 0x2, 0x35}, @fda={0x66646185, 0x5, 0x2, 0x18}}, 0x0}, 0x400}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000140)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x0, 0x0, 0x2c}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) (async)
accept$nfc_llcp(r1, &(0x7f0000000600), &(0x7f0000000340)=0x60) (async)
ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000680)=0xe6) (async)

333.350364ms ago: executing program 1 (id=7461):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0xa})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction={0x400c6313, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @acquire={0x40046305, 0x1}], 0x0, 0x0, 0x0})
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)

332.850554ms ago: executing program 6 (id=7462):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0) (async)
r2 = dup3(r1, r0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"])
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x6, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x6, 0x0)
getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000000300)={'broute\x00', 0x0, 0x0, 0x0, [0xffffffffffffffff, 0x18, 0x8, 0x7, 0x3, 0x2]}, &(0x7f0000000180)=0x78)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000006240)={0x0, 0x0, &(0x7f0000006200)={&(0x7f0000005040)={0x14, 0xb, 0x1, 0x70bd28, 0x25dfdbfb, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x0) (async)
sendmsg$nl_generic(r6, &(0x7f0000006240)={0x0, 0x0, &(0x7f0000006200)={&(0x7f0000005040)={0x14, 0xb, 0x1, 0x70bd28, 0x25dfdbfb, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r7, 0x400455c8, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r8, 0x400448e2, &(0x7f0000000280))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r8, 0x800448d2, &(0x7f0000000280)={0x1, &(0x7f0000000500)=[{}]})
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x0) (async)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
r10 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r10, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x4, [{0x11}, {0x0, 0x100000000000000}]}, 0x68) (async)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r10, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x4, [{0x11}, {0x0, 0x100000000000000}]}, 0x68)
socket$inet6(0xa, 0x2, 0x0) (async)
r11 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r11, &(0x7f0000004c40)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x3, @loopback, 0xfffffff9}, 0x1c, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1400000000000000290000000b0000000000000d000000001400000000000000290000000b0000008000000000000000139ed028788df5aa02f2b4a82050e2d6657e394989c889f877504096474a8468804f3272942661ca0e2cba02432894df6863fe14f4b9b7288e3f4ef6837cd3eb4237a78cc74f56f6c934701e28d46448517bd514f3f438cda93ebed64a"], 0x30}}], 0x1, 0x80040c4)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})

167.738886ms ago: executing program 1 (id=7463):
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="36000000060000000000000000000000010000000000000001000000000000000d00000000000200243a2c5c212f7ddd5c295edd2d00"], 0x36)

101.651792ms ago: executing program 4 (id=7464):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@rand_addr=' \x01\x00', @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x40000000, 0x2, 0x0, 0x0, 0x0, 0x2}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8)
r3 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0)
sendmmsg(r1, &(0x7f0000000180), 0x3ef, 0x0)
write(r0, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

1.31051ms ago: executing program 1 (id=7465):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
getpriority(0x1, r0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
ioctl$ASHMEM_GET_NAME(r1, 0x40047703, 0x0)

948.07µs ago: executing program 5 (id=7466):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x83008}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="00042bbd700000dcdf56871be2f5b0b312f175c12555"], 0x1c}, 0x1, 0x0, 0x0, 0x24044010}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$netlink(r2, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="2c0000002c0001000000000000000800020000008f6af491d2c9b1"], 0x2c}], 0x1}, 0xcc000) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x66742, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x60a00, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) (async)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000008c0)=ANY=[@ANYBLOB="1c00edefa1cb7ad66f6c32743700c9063aabbdb6d72a2632c697143e2c3002736e73023fbe8a973926e055093bc290f00c1ce37300000000000000000000000000000000000000000000000000000000000000a0b2c77e5cd7fa6a4521476359cabd62c95984987bf6a97d1c55a08a1a2b7113f069b3332e07c9b693b8281ff437f83f46e1572834a2414205f24aa92de833b9388f301f6774dac7aea04648a4a3313bde53ccf1b8b0cfb8330a6deb4d5119328d382f8efbe8add1c2593c44522c13d0c5982341c1369556dfa54e7502"], 0x1c}], 0x1, 0x0, 0x0, 0x400c841}, 0x0)
madvise(&(0x7f00001ba000/0x2000)=nil, 0x2000, 0x15) (async)
ioctl$KVM_GET_MSRS_cpu(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x40000107, 0x0, 0x2b34988d}]}) (async)
r6 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000105804105000000000000109022d00010700000009040005050300000009210002080122940309058103"], 0x0)
syz_usb_control_io(r6, 0x0, 0x0) (async)
write(0xffffffffffffffff, &(0x7f0000000080)="9035d1a1facb75", 0x7) (async)
syz_usb_control_io$hid(r6, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) (async)
socketpair(0x1, 0x6, 0x2, &(0x7f0000000080)) (async)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000280)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8, @ANYRES64], 0x0) (async)
mkdirat(0xffffffffffffffff, &(0x7f00000006c0)='./file0\x00', 0x80) (async)
r8 = syz_io_uring_setup(0x11c8, &(0x7f0000000400)={0x0, 0x5682, 0x80, 0x2, 0xb6}, &(0x7f0000000080), &(0x7f0000000140))
syz_io_uring_setup(0x3c5f, &(0x7f0000000240)={0x0, 0x0, 0x27, 0x2, 0x0, 0x0, r8}, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r4, 0x4a58c000) (async)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
pipe(&(0x7f0000000180)={<r9=>0xffffffffffffffff})
fcntl$dupfd(r9, 0x3, 0xffffffffffffffff) (async)
syz_usb_connect$uac1(0x6, 0xe3, &(0x7f0000000780)=ANY=[@ANYBLOB="12015002000000106b1d01014000010203010902d10003019b00090904000000010100000a240100fc0702010209240303f8030101010c240205000106060a0001060c2402050202050001800808090401000001020000090401010101020000072401080404000b24020101010902a57db10f24020204000f00001dc2a0041a9609050109d8520308090725010207ff070904020000010200000904020101010200001024020200000010089d9f35952e2279092402010d040603320d240201010440515f438680be43240202010004001cff0905820900040907020725018109540f6f7b4879878dfa576b91394bf9d2cbf0185cc6e924888c9e975dc2261618c577f65da62d76136fa003111f966a86def9760c"], &(0x7f0000000580)={0xa, &(0x7f00000003c0)={0xa, 0x6, 0x250, 0x4, 0x0, 0x1, 0x10, 0xf2}, 0xbf, &(0x7f0000000600)=ANY=[@ANYBLOB="050fbf00029e10023a1233a1af8a2d0cfb001fe6428e3cedd0c88e1faaa46620b5e6543af236abcbd6dda24f1bb5b8e079e1c44e1c94218b3a64126f7868bd71709961ee9f79584d49d3233fda3cce27b20824b61d7adb342f18912ac792e96726b3f6c25c51b091ab57eb44dd9aab864c1a226eabb242b2bdc7721ac95edccc0a17aae45df865796f5840929024fddb1bf61fbedd96a7338b349d77109083a27d4af61c100a81040001000ff008006fc0ff00c000ff00c03f00003f000000"], 0x3, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x416}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x1401}}, {0x3a, &(0x7f0000000700)=ANY=[@ANYBLOB="2203dcf15da4d6aa1574ffb2c5dea86707b24210c846ec302160ca66b5752ec889c6844d6cd0f70e2f5e7418d6ba"]}]}) (async)
fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000005dc0), 0x0, 0x0, 0x1)
write(r3, &(0x7f0000001c00)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6798428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc000f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb68ec4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b330e7735bf1c7e0e26aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3ca6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad744941039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d3de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca3064b954915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4f624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc607185701065a8b84a2f2502af8e68d0fe7635ac502f1b9ef82e61102b303d5f6483c0169ac112d9010a022c58e3f80f0cfb16f906a3df335d42df851aeee62f85bb93c87e7b8b171054c2b7d77a8e4f04c0ed12076233729e6f82e46e8065bb8d870c27bdd427ebf21cd8cb83fd53667a48a42c0ffe91d1fc078b616cb9b763c448aa7c7156df9485535ae508cc87b66a340af762db602326d02af73557e3fba164c12cc92ee61ae4dea1a65c32d3acab702227e9484a927777f07bcd7b5e3616012d9ec79802e2830e7732590a83bfe1bd710ff70bfb53b0b6c711c10cfa6902f645bcebaf64e0805731061f5478d801601c1deeb2d14c26aa130d1d31a235f97d93902ba1ea08be27", 0xfffffdbf)

0s ago: executing program 4 (id=7467):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) (async)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0xa0, &(0x7f0000000400)=ANY=[@ANYRES16]) (async)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0xa0, &(0x7f0000000400)=ANY=[@ANYRES16])
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netstat\x00')
pread64(r2, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x5c5182, 0x0) (async)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x5c5182, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf) (async)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000140)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0) (async)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x13, 0x0, 0x0)
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000240))
sendmsg$NL80211_CMD_DEL_TX_TS(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x30, r4, 0x711, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x12}}}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xe}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0xc810) (async)
sendmsg$NL80211_CMD_DEL_TX_TS(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x30, r4, 0x711, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x12}}}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xe}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0xc810)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x167342, 0x0) (async)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x167342, 0x0)
readv(r8, &(0x7f0000000140)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1)

kernel console output (not intermixed with test programs):

SB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.689280][  T675] usb 2-1: config 0 descriptor??
[  559.900190][  T675] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 66 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  560.099517][  T331] usb 2-1: USB disconnect, device number 66
[  560.112367][  T331] usblp0: removed
[  560.254363][ T7538] usb 5-1: reset high-speed USB device number 17 using dummy_hcd
[  561.334952][T22086] binder: Bad value for 'max'
[  561.844354][  T329] usb 5-1: USB disconnect, device number 17
[  562.210569][   T36] kauditd_printk_skb: 462 callbacks suppressed
[  562.210589][   T36] audit: type=1400 audit(2000000516.268:29875): avc:  denied  { read write } for  pid=21338 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  562.315894][   T36] audit: type=1400 audit(2000000516.268:29876): avc:  denied  { read write open } for  pid=21338 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  562.381818][   T36] audit: type=1400 audit(2000000516.268:29877): avc:  denied  { ioctl } for  pid=21338 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  562.399961][T22102] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  562.492168][   T36] audit: type=1400 audit(2000000516.378:29878): avc:  denied  { read } for  pid=22099 comm="syz.1.7195" name="event2" dev="devtmpfs" ino=208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  562.709976][   T36] audit: type=1400 audit(2000000516.378:29879): avc:  denied  { read open } for  pid=22099 comm="syz.1.7195" path="/dev/input/event2" dev="devtmpfs" ino=208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  562.822997][   T36] audit: type=1400 audit(2000000516.408:29880): avc:  denied  { ioctl } for  pid=22099 comm="syz.1.7195" path="/dev/input/event2" dev="devtmpfs" ino=208 ioctlcmd=0x4503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  562.993450][   T36] audit: type=1400 audit(2000000516.408:29881): avc:  denied  { read } for  pid=22099 comm="syz.1.7195" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  563.065019][   T36] audit: type=1400 audit(2000000516.408:29882): avc:  denied  { read open } for  pid=22099 comm="syz.1.7195" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  563.139461][   T36] audit: type=1400 audit(2000000516.438:29883): avc:  denied  { read } for  pid=22101 comm="syz.4.7196" name="binder0" dev="binder" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  563.244356][   T36] audit: type=1400 audit(2000000516.438:29884): avc:  denied  { read open } for  pid=22101 comm="syz.4.7196" path="/dev/binderfs/binder0" dev="binder" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  563.384660][T22115] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  563.498976][T22115] pim6reg1: entered promiscuous mode
[  563.574363][T22115] pim6reg1: entered allmulticast mode
[  563.591771][T22067] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  563.639244][T22067] CPU: 0 UID: 0 PID: 22067 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  563.639281][T22067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  563.639298][T22067] Call Trace:
[  563.639306][T22067]  <TASK>
[  563.639317][T22067]  __dump_stack+0x21/0x30
[  563.639355][T22067]  dump_stack_lvl+0x10c/0x190
[  563.639387][T22067]  ? __cfi_dump_stack_lvl+0x10/0x10
[  563.639418][T22067]  ? ___ratelimit+0x3f7/0x5a0
[  563.639453][T22067]  dump_stack+0x19/0x20
[  563.639483][T22067]  dump_header+0xd7/0x490
[  563.639507][T22067]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  563.639538][T22067]  oom_kill_process+0x4c0/0x7e0
[  563.639567][T22067]  ? sched_clock_cpu+0x75/0x400
[  563.639599][T22067]  out_of_memory+0x7ee/0xbd0
[  563.639624][T22067]  ? __cfi_out_of_memory+0x10/0x10
[  563.639666][T22067]  ? mutex_lock_killable+0x92/0x1c0
[  563.639690][T22067]  ? __cfi_mutex_lock_killable+0x10/0x10
[  563.639716][T22067]  mem_cgroup_out_of_memory+0x279/0x350
[  563.639740][T22067]  ? drain_obj_stock+0xed0/0xed0
[  563.639764][T22067]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  563.639788][T22067]  try_charge_memcg+0x8f7/0xde0
[  563.639821][T22067]  ? __cfi_try_charge_memcg+0x10/0x10
[  563.639853][T22067]  ? __alloc_pages_noprof+0x31f/0x7b0
[  563.639884][T22067]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  563.639914][T22067]  ? __folio_batch_add_and_move+0x2ab/0x370
[  563.639944][T22067]  __mem_cgroup_charge+0xf6/0x410
[  563.639979][T22067]  ? _raw_spin_lock+0x8c/0x120
[  563.640008][T22067]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  563.640044][T22067]  shmem_alloc_and_add_folio+0x86d/0x1050
[  563.640075][T22067]  ? put_swap_device+0x130/0x130
[  563.640101][T22067]  ? shmem_huge_global_enabled+0x2da/0x360
[  563.640126][T22067]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  563.640151][T22067]  ? __kasan_check_write+0x18/0x20
[  563.640185][T22067]  ? _raw_spin_lock+0x8c/0x120
[  563.640215][T22067]  shmem_get_folio_gfp+0x5f0/0x1380
[  563.640243][T22067]  ? shmem_get_folio+0xc0/0xc0
[  563.640265][T22067]  ? follow_page_pte+0xa5c/0xb90
[  563.640296][T22067]  ? inode_to_bdi+0x6d/0x100
[  563.640328][T22067]  shmem_write_begin+0xf4/0x270
[  563.640355][T22067]  generic_perform_write+0x330/0x960
[  563.640391][T22067]  ? __cfi_generic_perform_write+0x10/0x10
[  563.640423][T22067]  ? down_write+0xe9/0x2a0
[  563.640449][T22067]  ? file_update_time+0xa3/0x220
[  563.640481][T22067]  shmem_file_write_iter+0x105/0x130
[  563.640511][T22067]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  563.640542][T22067]  __kernel_write_iter+0x392/0x830
[  563.640564][T22067]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  563.640595][T22067]  ? __cfi___kernel_write_iter+0x10/0x10
[  563.640631][T22067]  ? get_dump_page+0x160/0x220
[  563.640665][T22067]  ? __asan_memset+0x39/0x50
[  563.640698][T22067]  ? iov_iter_bvec+0xc0/0x180
[  563.640726][T22067]  dump_user_range+0xb06/0xdf0
[  563.640749][T22067]  ? __cfi_dump_emit+0x10/0x10
[  563.640784][T22067]  ? __cfi_dump_user_range+0x10/0x10
[  563.640807][T22067]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  563.640842][T22067]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  563.640878][T22067]  elf_core_dump+0x2cd9/0x3810
[  563.640910][T22067]  ? __cfi_elf_core_dump+0x10/0x10
[  563.640945][T22067]  ? dump_interrupted+0xf0/0xf0
[  563.640979][T22067]  ? filp_open+0x182/0x1d0
[  563.641009][T22067]  ? 0xffffffffff600000
[  563.641029][T22067]  do_coredump+0x1bfa/0x2bd0
[  563.641067][T22067]  ? __cfi_do_coredump+0x10/0x10
[  563.641101][T22067]  ? asm_exc_page_fault+0x2b/0x30
[  563.641133][T22067]  ? __kasan_slab_free+0x6a/0x80
[  563.641156][T22067]  ? kmem_cache_free+0x1c1/0x510
[  563.641191][T22067]  ? get_signal+0xa75/0x14f0
[  563.641220][T22067]  get_signal+0x11fd/0x14f0
[  563.641250][T22067]  arch_do_signal_or_restart+0x96/0x720
[  563.641284][T22067]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  563.641323][T22067]  irqentry_exit_to_user_mode+0x4e/0xb0
[  563.641350][T22067]  irqentry_exit+0x16/0x60
[  563.641374][T22067]  exc_page_fault+0x66/0xc0
[  563.641397][T22067]  asm_exc_page_fault+0x2b/0x30
[  563.641420][T22067] RIP: 0033:0x7fd308f8ebf1
[  563.641439][T22067] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  563.641459][T22067] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  563.641480][T22067] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  563.641496][T22067] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  563.641513][T22067] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  563.641528][T22067] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  563.641543][T22067] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  563.641564][T22067]  </TASK>
[  563.641574][T22067] memory: usage 307200kB, limit 307200kB, failcnt 18604
[  564.109143][T22067] memory+swap: usage 431588kB, limit 9007199254740988kB, failcnt 0
[  564.117132][T22067] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  564.124025][T22067] Memory cgroup stats for /syz5:
[  564.124183][T22067] cache 313794560
[  564.135063][T22067] rss 163840
[  564.138419][T22067] rss_huge 0
[  564.141651][T22067] shmem 313794560
[  564.148977][T22067] mapped_file 0
[  564.152475][T22067] dirty 0
[  564.156332][T22067] writeback 0
[  564.159670][T22067] workingset_refault_anon 8
[  564.164188][T22067] workingset_refault_file 0
[  564.170132][T22067] swap 127434752
[  564.173740][T22067] swapcached 561152
[  564.178493][T22067] pgpgin 113497
[  564.181976][T22067] pgpgout 36712
[  564.187056][T22067] pgfault 12075
[  564.190543][T22067] pgmajfault 1
[  564.193974][T22067] inactive_anon 127938560
[  564.199448][T22067] active_anon 186548224
[  564.203635][T22067] inactive_file 0
[  564.208787][T22067] active_file 0
[  564.212277][T22067] unevictable 0
[  564.216632][T22067] hierarchical_memory_limit 314572800
[  564.222033][T22067] hierarchical_memsw_limit 9223372036854771712
[  564.234364][T22067] total_cache 313794560
[  564.238579][T22067] total_rss 163840
[  564.242332][T22067] total_rss_huge 0
[  564.257092][T22067] total_shmem 313794560
[  564.261781][T22067] total_mapped_file 0
[  564.273011][T22067] total_dirty 0
[  564.280704][T22067] total_writeback 0
[  564.288122][T22067] total_workingset_refault_anon 8
[  564.293238][T22067] total_workingset_refault_file 0
[  564.306091][T22067] total_swap 127434752
[  564.310216][T22067] total_swapcached 561152
[  564.323777][T22067] total_pgpgin 113497
[  564.334343][T22067] total_pgpgout 36712
[  564.341761][T22067] total_pgfault 12075
[  564.355804][T22067] total_pgmajfault 1
[  564.359758][T22067] total_inactive_anon 127938560
[  564.380301][T22067] total_active_anon 186548224
[  564.389166][T22132] rust_binder: 22131 RLIMIT_NICE not set
[  564.390749][T22067] total_inactive_file 0
[  564.406693][T22067] total_active_file 0
[  564.411847][T22067] total_unevictable 0
[  564.418229][T22067] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22058,uid=0
[  564.433883][T22067] Memory cgroup out of memory: Killed process 22058 (syz.5.7189) total-vm:90104kB, anon-rss:880kB, file-rss:55424kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  564.607122][T22063] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  564.681442][T22063] CPU: 1 UID: 0 PID: 22063 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  564.681479][T22063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  564.681495][T22063] Call Trace:
[  564.681503][T22063]  <TASK>
[  564.681514][T22063]  __dump_stack+0x21/0x30
[  564.681551][T22063]  dump_stack_lvl+0x10c/0x190
[  564.681582][T22063]  ? __cfi_dump_stack_lvl+0x10/0x10
[  564.681613][T22063]  ? ___ratelimit+0x3f7/0x5a0
[  564.681648][T22063]  dump_stack+0x19/0x20
[  564.681678][T22063]  dump_header+0xd7/0x490
[  564.681702][T22063]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  564.681733][T22063]  oom_kill_process+0x4c0/0x7e0
[  564.681761][T22063]  ? sched_clock_cpu+0x75/0x400
[  564.681793][T22063]  out_of_memory+0x7ee/0xbd0
[  564.681828][T22063]  ? __cfi_out_of_memory+0x10/0x10
[  564.681855][T22063]  ? mutex_lock_killable+0x104/0x1c0
[  564.681880][T22063]  ? __cfi_mutex_lock_killable+0x10/0x10
[  564.681910][T22063]  mem_cgroup_out_of_memory+0x279/0x350
[  564.681934][T22063]  ? drain_obj_stock+0xed0/0xed0
[  564.681958][T22063]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  564.681981][T22063]  try_charge_memcg+0x8f7/0xde0
[  564.682014][T22063]  ? __cfi_try_charge_memcg+0x10/0x10
[  564.682046][T22063]  ? __alloc_pages_noprof+0x31f/0x7b0
[  564.682076][T22063]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  564.682106][T22063]  ? __folio_batch_add_and_move+0x2ab/0x370
[  564.682136][T22063]  __mem_cgroup_charge+0xf6/0x410
[  564.682170][T22063]  ? _raw_spin_lock+0x8c/0x120
[  564.682200][T22063]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  564.682237][T22063]  shmem_alloc_and_add_folio+0x86d/0x1050
[  564.682266][T22063]  ? put_swap_device+0x130/0x130
[  564.682293][T22063]  ? shmem_huge_global_enabled+0x2da/0x360
[  564.682319][T22063]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  564.682344][T22063]  ? __kasan_check_write+0x18/0x20
[  564.682378][T22063]  ? _raw_spin_lock+0x8c/0x120
[  564.682408][T22063]  shmem_get_folio_gfp+0x5f0/0x1380
[  564.682436][T22063]  ? shmem_get_folio+0xc0/0xc0
[  564.682459][T22063]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  564.682492][T22063]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  564.682547][T22063]  ? inode_to_bdi+0x6d/0x100
[  564.682578][T22063]  shmem_write_begin+0xf4/0x270
[  564.682605][T22063]  generic_perform_write+0x330/0x960
[  564.682641][T22063]  ? __cfi_generic_perform_write+0x10/0x10
[  564.682673][T22063]  ? down_write+0xe9/0x2a0
[  564.682697][T22063]  ? mnt_get_write_access_file+0x1af/0x3b0
[  564.682728][T22063]  ? mnt_put_write_access_file+0xc2/0x100
[  564.682759][T22063]  ? file_update_time+0x1ef/0x220
[  564.682791][T22063]  shmem_file_write_iter+0x105/0x130
[  564.682829][T22063]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  564.682860][T22063]  __kernel_write_iter+0x392/0x830
[  564.682882][T22063]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  564.682913][T22063]  ? __cfi___kernel_write_iter+0x10/0x10
[  564.682954][T22063]  ? get_dump_page+0x160/0x220
[  564.682983][T22063]  ? __asan_memset+0x39/0x50
[  564.683016][T22063]  ? iov_iter_bvec+0xc0/0x180
[  564.683043][T22063]  dump_user_range+0xb06/0xdf0
[  564.683066][T22063]  ? __cfi_dump_emit+0x10/0x10
[  564.683102][T22063]  ? __cfi_dump_user_range+0x10/0x10
[  564.683124][T22063]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  564.683159][T22063]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  564.683195][T22063]  elf_core_dump+0x2cd9/0x3810
[  564.683226][T22063]  ? __cfi_elf_core_dump+0x10/0x10
[  564.683262][T22063]  ? dump_interrupted+0xf0/0xf0
[  564.683296][T22063]  ? filp_open+0x182/0x1d0
[  564.683325][T22063]  ? 0xffffffffff600000
[  564.683346][T22063]  do_coredump+0x1bfa/0x2bd0
[  564.683383][T22063]  ? __cfi_do_coredump+0x10/0x10
[  564.683417][T22063]  ? asm_exc_page_fault+0x2b/0x30
[  564.683449][T22063]  ? __kasan_slab_free+0x6a/0x80
[  564.683482][T22063]  ? kmem_cache_free+0x1c1/0x510
[  564.683517][T22063]  ? get_signal+0xa75/0x14f0
[  564.683547][T22063]  get_signal+0x11fd/0x14f0
[  564.683580][T22063]  arch_do_signal_or_restart+0x96/0x720
[  564.683617][T22063]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  564.683656][T22063]  irqentry_exit_to_user_mode+0x4e/0xb0
[  564.683683][T22063]  irqentry_exit+0x16/0x60
[  564.683707][T22063]  exc_page_fault+0x66/0xc0
[  564.683732][T22063]  asm_exc_page_fault+0x2b/0x30
[  564.683754][T22063] RIP: 0033:0x7fd308f8ebf1
[  564.683773][T22063] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  564.683794][T22063] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  564.683815][T22063] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  564.683842][T22063] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  564.683859][T22063] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  564.683874][T22063] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  564.683889][T22063] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  564.683911][T22063]  </TASK>
[  565.160228][T22063] memory: usage 306620kB, limit 307200kB, failcnt 21749
[  565.172036][T22063] memory+swap: usage 428732kB, limit 9007199254740988kB, failcnt 0
[  565.180043][T22063] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  565.187016][T22063] Memory cgroup stats for /syz5:
[  565.187182][T22063] cache 312795136
[  565.195998][T22063] rss 188416
[  565.199213][T22063] rss_huge 0
[  565.202422][T22063] shmem 312795136
[  565.207857][T22063] mapped_file 0
[  565.211354][T22063] dirty 0
[  565.214879][T22063] writeback 0
[  565.218209][T22063] workingset_refault_anon 8
[  565.222717][T22063] workingset_refault_file 0
[  565.244369][T22063] swap 117370880
[  565.247969][T22063] swapcached 24576
[  565.328368][T22063] pgpgin 114841
[  565.331895][T22063] pgpgout 38416
[  565.389083][T22063] pgfault 12171
[  565.392601][T22063] pgmajfault 1
[  565.435833][T22063] inactive_anon 184688640
[  565.440219][T22063] active_anon 126894080
[  565.476336][T22063] inactive_file 0
[  565.480048][T22063] active_file 0
[  565.483527][T22063] unevictable 0
[  565.487071][T22063] hierarchical_memory_limit 314572800
[  565.492510][T22063] hierarchical_memsw_limit 9223372036854771712
[  565.498747][T22063] total_cache 312795136
[  565.502923][T22063] total_rss 188416
[  565.506699][T22063] total_rss_huge 0
[  565.510449][T22063] total_shmem 312795136
[  565.515134][T22063] total_mapped_file 0
[  565.515712][T22139] netlink: 'syz.4.7207': attribute type 12 has an invalid length.
[  565.519166][T22063] total_dirty 0
[  565.530484][T22063] total_writeback 0
[  565.535388][T22063] total_workingset_refault_anon 8
[  565.540474][T22063] total_workingset_refault_file 0
[  565.545607][T22063] total_swap 117370880
[  565.549712][T22063] total_swapcached 24576
[  565.553972][T22063] total_pgpgin 114841
[  565.558086][T22063] total_pgpgout 38416
[  565.562268][T22063] total_pgfault 12171
[  565.566574][T22063] total_pgmajfault 1
[  565.570586][T22063] total_inactive_anon 184688640
[  565.575495][T22063] total_active_anon 126894080
[  565.580218][T22063] total_inactive_file 0
[  565.584436][T22063] total_active_file 0
[  565.588466][T22063] total_unevictable 0
[  565.592553][T22063] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22059,uid=0
[  565.607604][T22063] Memory cgroup out of memory: Killed process 22059 (syz.5.7189) total-vm:90104kB, anon-rss:880kB, file-rss:50432kB, shmem-rss:0kB, UID:0 pgtables:172kB oom_score_adj:1000
[  565.687273][T22065] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  565.724344][T22065] CPU: 1 UID: 0 PID: 22065 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  565.724383][T22065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  565.724397][T22065] Call Trace:
[  565.724406][T22065]  <TASK>
[  565.724414][T22065]  __dump_stack+0x21/0x30
[  565.724451][T22065]  dump_stack_lvl+0x10c/0x190
[  565.724482][T22065]  ? __cfi_dump_stack_lvl+0x10/0x10
[  565.724513][T22065]  ? ___ratelimit+0x3f7/0x5a0
[  565.724557][T22065]  dump_stack+0x19/0x20
[  565.724585][T22065]  dump_header+0xd7/0x490
[  565.724609][T22065]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  565.724641][T22065]  oom_kill_process+0x4c0/0x7e0
[  565.724668][T22065]  ? sched_clock_cpu+0x75/0x400
[  565.724698][T22065]  out_of_memory+0x7ee/0xbd0
[  565.724726][T22065]  ? __cfi_out_of_memory+0x10/0x10
[  565.724751][T22065]  ? mutex_lock_killable+0x104/0x1c0
[  565.724775][T22065]  ? __cfi_mutex_lock_killable+0x10/0x10
[  565.724801][T22065]  mem_cgroup_out_of_memory+0x279/0x350
[  565.724825][T22065]  ? drain_obj_stock+0xed0/0xed0
[  565.724848][T22065]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  565.724871][T22065]  try_charge_memcg+0x8f7/0xde0
[  565.724903][T22065]  ? __cfi_try_charge_memcg+0x10/0x10
[  565.724935][T22065]  ? __alloc_pages_noprof+0x31f/0x7b0
[  565.724966][T22065]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  565.724992][T22065]  ? __folio_batch_add_and_move+0x2ab/0x370
[  565.725017][T22065]  __mem_cgroup_charge+0xf6/0x410
[  565.725048][T22065]  ? _raw_spin_lock+0x8c/0x120
[  565.725076][T22065]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  565.725109][T22065]  shmem_alloc_and_add_folio+0x86d/0x1050
[  565.725140][T22065]  ? put_swap_device+0x130/0x130
[  565.725167][T22065]  ? shmem_huge_global_enabled+0x2da/0x360
[  565.725193][T22065]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  565.725219][T22065]  ? __kasan_check_write+0x18/0x20
[  565.725253][T22065]  ? _raw_spin_lock+0x8c/0x120
[  565.725283][T22065]  shmem_get_folio_gfp+0x5f0/0x1380
[  565.725311][T22065]  ? shmem_get_folio+0xc0/0xc0
[  565.725333][T22065]  ? follow_page_pte+0xa5c/0xb90
[  565.725362][T22065]  ? inode_to_bdi+0x6d/0x100
[  565.725393][T22065]  shmem_write_begin+0xf4/0x270
[  565.725420][T22065]  generic_perform_write+0x330/0x960
[  565.725456][T22065]  ? __cfi_generic_perform_write+0x10/0x10
[  565.725489][T22065]  ? down_write+0xe9/0x2a0
[  565.725535][T22065]  ? file_update_time+0xa3/0x220
[  565.725567][T22065]  shmem_file_write_iter+0x105/0x130
[  565.725597][T22065]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  565.725627][T22065]  __kernel_write_iter+0x392/0x830
[  565.725650][T22065]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  565.725681][T22065]  ? __cfi___kernel_write_iter+0x10/0x10
[  565.725717][T22065]  ? get_dump_page+0x160/0x220
[  565.725745][T22065]  ? __asan_memset+0x39/0x50
[  565.725779][T22065]  ? iov_iter_bvec+0xc0/0x180
[  565.725865][T22065]  dump_user_range+0xb06/0xdf0
[  565.725895][T22065]  ? __cfi_dump_emit+0x10/0x10
[  565.725929][T22065]  ? __cfi_dump_user_range+0x10/0x10
[  565.725951][T22065]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  565.725986][T22065]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  565.726029][T22065]  elf_core_dump+0x2cd9/0x3810
[  565.726065][T22065]  ? __cfi_elf_core_dump+0x10/0x10
[  565.726100][T22065]  ? dump_interrupted+0xf0/0xf0
[  565.726132][T22065]  ? filp_open+0x182/0x1d0
[  565.726160][T22065]  ? 0xffffffffff600000
[  565.726180][T22065]  do_coredump+0x1bfa/0x2bd0
[  565.726218][T22065]  ? __cfi_do_coredump+0x10/0x10
[  565.726251][T22065]  ? asm_exc_page_fault+0x2b/0x30
[  565.726286][T22065]  ? __kasan_slab_free+0x6a/0x80
[  565.726311][T22065]  ? kmem_cache_free+0x1c1/0x510
[  565.726345][T22065]  ? get_signal+0xa75/0x14f0
[  565.726376][T22065]  get_signal+0x11fd/0x14f0
[  565.726409][T22065]  arch_do_signal_or_restart+0x96/0x720
[  565.726447][T22065]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  565.726515][T22065]  irqentry_exit_to_user_mode+0x4e/0xb0
[  565.726543][T22065]  irqentry_exit+0x16/0x60
[  565.726567][T22065]  exc_page_fault+0x66/0xc0
[  565.726591][T22065]  asm_exc_page_fault+0x2b/0x30
[  565.726613][T22065] RIP: 0033:0x7fd308f8ebf1
[  565.726634][T22065] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  565.726655][T22065] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  565.726678][T22065] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  565.726696][T22065] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  565.726713][T22065] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  565.726729][T22065] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  565.726745][T22065] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  565.726767][T22065]  </TASK>
[  565.726829][T22065] memory: usage 304648kB, limit 307200kB, failcnt 23094
[  566.216605][T22065] memory+swap: usage 432140kB, limit 9007199254740988kB, failcnt 0
[  566.224746][T22065] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  566.231800][T22065] Memory cgroup stats for /syz5:
[  566.231967][T22065] cache 314421248
[  566.240840][T22065] rss 102400
[  566.244062][T22065] rss_huge 0
[  566.248129][T22065] shmem 314421248
[  566.251907][T22065] mapped_file 0
[  566.256905][T22065] dirty 0
[  566.259879][T22065] writeback 0
[  566.263594][T22065] workingset_refault_anon 8
[  566.269350][T22065] workingset_refault_file 0
[  566.273955][T22065] swap 127938560
[  566.278440][T22065] swapcached 57344
[  566.282188][T22065] pgpgin 129867
[  566.286621][T22065] pgpgout 53067
[  566.290117][T22065] pgfault 13116
[  566.293938][T22065] pgmajfault 1
[  566.305552][T22065] inactive_anon 121851904
[  566.314384][  T675] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  566.315539][T22065] active_anon 192720896
[  566.344344][T22065] inactive_file 0
[  566.351644][T22065] active_file 0
[  566.356045][T22065] unevictable 0
[  566.359672][T22065] hierarchical_memory_limit 314572800
[  566.365995][T22065] hierarchical_memsw_limit 9223372036854771712
[  566.372253][T22065] total_cache 314421248
[  566.377353][T22065] total_rss 102400
[  566.381099][T22065] total_rss_huge 0
[  566.384945][T22065] total_shmem 314421248
[  566.389229][T22065] total_mapped_file 0
[  566.393219][T22065] total_dirty 0
[  566.396879][T22065] total_writeback 0
[  566.400811][T22065] total_workingset_refault_anon 8
[  566.406027][T22065] total_workingset_refault_file 0
[  566.411124][T22065] total_swap 127938560
[  566.415472][T22065] total_swapcached 57344
[  566.419747][T22065] total_pgpgin 129867
[  566.423769][T22065] total_pgpgout 53067
[  566.427796][T22065] total_pgfault 13116
[  566.431808][T22065] total_pgmajfault 1
[  566.435783][T22065] total_inactive_anon 121851904
[  566.440645][T22065] total_active_anon 192720896
[  566.445353][T22065] total_inactive_file 0
[  566.449520][T22065] total_active_file 0
[  566.453498][T22065] total_unevictable 0
[  566.457519][T22065] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22073,uid=0
[  566.472504][  T675] usb 2-1: device descriptor read/64, error -71
[  566.472635][T22065] Memory cgroup out of memory: Killed process 22073 (syz.5.7189) total-vm:90104kB, anon-rss:880kB, file-rss:55040kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  566.561994][T22079] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  566.624874][T22079] CPU: 0 UID: 0 PID: 22079 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  566.624915][T22079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  566.624933][T22079] Call Trace:
[  566.624942][T22079]  <TASK>
[  566.624954][T22079]  __dump_stack+0x21/0x30
[  566.624999][T22079]  dump_stack_lvl+0x10c/0x190
[  566.625035][T22079]  ? __cfi_dump_stack_lvl+0x10/0x10
[  566.625071][T22079]  ? ___ratelimit+0x3f7/0x5a0
[  566.625110][T22079]  dump_stack+0x19/0x20
[  566.625143][T22079]  dump_header+0xd7/0x490
[  566.625168][T22079]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  566.625203][T22079]  oom_kill_process+0x4c0/0x7e0
[  566.625234][T22079]  ? sched_clock_cpu+0x75/0x400
[  566.625270][T22079]  out_of_memory+0x7ee/0xbd0
[  566.625301][T22079]  ? __cfi_out_of_memory+0x10/0x10
[  566.625330][T22079]  ? mutex_lock_killable+0x104/0x1c0
[  566.625422][T22079]  ? __cfi_mutex_lock_killable+0x10/0x10
[  566.625452][T22079]  mem_cgroup_out_of_memory+0x279/0x350
[  566.625479][T22079]  ? drain_obj_stock+0xed0/0xed0
[  566.625506][T22079]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  566.625532][T22079]  try_charge_memcg+0x8f7/0xde0
[  566.625568][T22079]  ? __cfi_try_charge_memcg+0x10/0x10
[  566.625604][T22079]  ? __alloc_pages_noprof+0x31f/0x7b0
[  566.625638][T22079]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  566.625672][T22079]  ? __folio_batch_add_and_move+0x2ab/0x370
[  566.625705][T22079]  __mem_cgroup_charge+0xf6/0x410
[  566.625744][T22079]  ? _raw_spin_lock+0x8c/0x120
[  566.625777][T22079]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  566.625817][T22079]  shmem_alloc_and_add_folio+0x86d/0x1050
[  566.625851][T22079]  ? put_swap_device+0x130/0x130
[  566.625880][T22079]  ? shmem_huge_global_enabled+0x2da/0x360
[  566.625909][T22079]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  566.625937][T22079]  ? __kasan_check_write+0x18/0x20
[  566.625973][T22079]  ? _raw_spin_lock+0x8c/0x120
[  566.626006][T22079]  shmem_get_folio_gfp+0x5f0/0x1380
[  566.626034][T22079]  ? shmem_get_folio+0xc0/0xc0
[  566.626058][T22079]  ? follow_page_pte+0xa5c/0xb90
[  566.626092][T22079]  ? inode_to_bdi+0x6d/0x100
[  566.626125][T22079]  shmem_write_begin+0xf4/0x270
[  566.626154][T22079]  generic_perform_write+0x330/0x960
[  566.626193][T22079]  ? __cfi_generic_perform_write+0x10/0x10
[  566.626229][T22079]  ? down_write+0xe9/0x2a0
[  566.626256][T22079]  ? file_update_time+0xa3/0x220
[  566.626290][T22079]  shmem_file_write_iter+0x105/0x130
[  566.626324][T22079]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  566.626368][T22079]  __kernel_write_iter+0x392/0x830
[  566.626392][T22079]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  566.626425][T22079]  ? __cfi___kernel_write_iter+0x10/0x10
[  566.626465][T22079]  ? get_dump_page+0x160/0x220
[  566.626497][T22079]  ? __asan_memset+0x39/0x50
[  566.626534][T22079]  ? iov_iter_bvec+0xc0/0x180
[  566.626564][T22079]  dump_user_range+0xb06/0xdf0
[  566.626590][T22079]  ? __cfi_dump_emit+0x10/0x10
[  566.626630][T22079]  ? __cfi_dump_user_range+0x10/0x10
[  566.626655][T22079]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  566.626694][T22079]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  566.626732][T22079]  elf_core_dump+0x2cd9/0x3810
[  566.626765][T22079]  ? __cfi_elf_core_dump+0x10/0x10
[  566.626803][T22079]  ? dump_interrupted+0xf0/0xf0
[  566.626842][T22079]  ? filp_open+0x182/0x1d0
[  566.626876][T22079]  ? 0xffffffffff600000
[  566.626898][T22079]  do_coredump+0x1bfa/0x2bd0
[  566.626941][T22079]  ? __cfi_do_coredump+0x10/0x10
[  566.626978][T22079]  ? asm_exc_page_fault+0x2b/0x30
[  566.627015][T22079]  ? __kasan_slab_free+0x6a/0x80
[  566.627043][T22079]  ? kmem_cache_free+0x1c1/0x510
[  566.627081][T22079]  ? get_signal+0xa75/0x14f0
[  566.627114][T22079]  get_signal+0x11fd/0x14f0
[  566.627151][T22079]  arch_do_signal_or_restart+0x96/0x720
[  566.627191][T22079]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  566.627235][T22079]  irqentry_exit_to_user_mode+0x4e/0xb0
[  566.627265][T22079]  irqentry_exit+0x16/0x60
[  566.627292][T22079]  exc_page_fault+0x66/0xc0
[  566.627319][T22079]  asm_exc_page_fault+0x2b/0x30
[  566.627353][T22079] RIP: 0033:0x7fd308f8ebf1
[  566.627375][T22079] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  566.627398][T22079] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  566.627422][T22079] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  566.627443][T22079] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  566.627461][T22079] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  566.627478][T22079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  566.627495][T22079] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  566.627518][T22079]  </TASK>
[  566.628173][T22079] memory: usage 302868kB, limit 307200kB, failcnt 25245
[  567.095857][T22079] memory+swap: usage 430960kB, limit 9007199254740988kB, failcnt 0
[  567.103796][T22079] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  567.110722][T22079] Memory cgroup stats for /syz5:
[  567.110879][T22079] cache 314290176
[  567.119540][T22079] rss 208896
[  567.122824][T22079] rss_huge 0
[  567.126091][T22079] shmem 314290176
[  567.129753][T22079] mapped_file 0
[  567.133221][T22079] dirty 0
[  567.136619][T22079] writeback 0
[  567.140020][T22079] workingset_refault_anon 44
[  567.144652][T22079] workingset_refault_file 0
[  567.149276][T22079] swap 127832064
[  567.152821][T22079] swapcached 159744
[  567.156680][T22079] pgpgin 138553
[  567.160154][T22079] pgpgout 61753
[  567.163611][T22079] pgfault 13611
[  567.167294][T22079] pgmajfault 21
[  567.170769][T22079] inactive_anon 136916992
[  567.175168][T22079] active_anon 177655808
[  567.179343][T22079] inactive_file 0
[  567.182981][T22079] active_file 0
[  567.186497][T22079] unevictable 0
[  567.189971][T22079] hierarchical_memory_limit 314572800
[  567.195380][T22079] hierarchical_memsw_limit 9223372036854771712
[  567.201551][T22079] total_cache 314290176
[  567.205826][T22079] total_rss 208896
[  567.209573][T22079] total_rss_huge 0
[  567.213312][T22079] total_shmem 314290176
[  567.217551][T22079] total_mapped_file 0
[  567.221564][T22079] total_dirty 0
[  567.225121][  T675] usb 2-1: device descriptor read/64, error -71
[  567.228578][   T36] kauditd_printk_skb: 950 callbacks suppressed
[  567.228606][   T36] audit: type=1400 audit(2000000521.298:30835): avc:  denied  { read write } for  pid=21338 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  567.231432][T22079] total_writeback 0
[  567.247848][   T36] audit: type=1400 audit(2000000521.308:30836): avc:  denied  { read write open } for  pid=21338 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  567.262088][T22079] total_workingset_refault_anon 44
[  567.284512][   T36] audit: type=1400 audit(2000000521.308:30837): avc:  denied  { ioctl } for  pid=21338 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  567.330881][ T2556] bridge_slave_1: left allmulticast mode
[  567.339381][ T2556] bridge_slave_1: left promiscuous mode
[  567.343127][T22079] total_workingset_refault_file 0
[  567.345847][ T2556] bridge0: port 2(bridge_slave_1) entered disabled state
[  567.357718][T22079] total_swap 127832064
[  567.358217][   T36] audit: type=1400 audit(2000000521.388:30838): avc:  denied  { create } for  pid=22164 comm="syz.4.7214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  567.367914][T22079] total_swapcached 159744
[  567.387408][ T2556] bridge_slave_0: left allmulticast mode
[  567.393094][ T2556] bridge_slave_0: left promiscuous mode
[  567.394389][   T36] audit: type=1400 audit(2000000521.398:30840): avc:  denied  { create } for  pid=22164 comm="syz.4.7214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  567.401043][ T2556] bridge0: port 1(bridge_slave_0) entered disabled state
[  567.418569][   T36] audit: type=1400 audit(2000000521.398:30839): avc:  denied  { ioctl } for  pid=22148 comm="syz.1.7209" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  567.435482][T22079] total_pgpgin 138553
[  567.451381][   T36] audit: type=1400 audit(2000000521.398:30841): avc:  denied  { ioctl } for  pid=22148 comm="syz.1.7209" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  567.457298][T22079] total_pgpgout 61753
[  567.484724][ T2556] bridge_slave_1: left allmulticast mode
[  567.494379][  T675] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  567.500703][   T36] audit: type=1400 audit(2000000521.398:30842): avc:  denied  { ioctl } for  pid=22164 comm="syz.4.7214" path="socket:[95911]" dev="sockfs" ino=95911 ioctlcmd=0x8953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  567.514397][ T2556] bridge_slave_1: left promiscuous mode
[  567.543697][T22079] total_pgfault 13611
[  567.545001][T22170] rust_binder: Failed copying into alloc: EFAULT
[  567.547731][T22170] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  567.547770][T22079] total_pgmajfault 21
[  567.554198][T22170] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  567.566576][ T2556] bridge0: port 2(bridge_slave_1) entered disabled state
[  567.583387][   T36] audit: type=1400 audit(2000000521.398:30843): avc:  denied  { read write } for  pid=22164 comm="syz.4.7214" name="binder0" dev="binder" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  567.594383][T22079] total_inactive_anon 136916992
[  567.607120][T22170] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:212
[  567.612256][   T36] audit: type=1400 audit(2000000521.398:30844): avc:  denied  { read write open } for  pid=22164 comm="syz.4.7214" path="/dev/binderfs/binder0" dev="binder" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  567.612743][ T2556] bridge_slave_0: left allmulticast mode
[  567.617259][T22079] total_active_anon 177655808
[  567.648321][T22079] total_inactive_file 0
[  567.652774][ T2556] bridge_slave_0: left promiscuous mode
[  567.658738][T22079] total_active_file 0
[  567.672067][T22079] total_unevictable 0
[  567.676149][  T675] usb 2-1: device descriptor read/64, error -71
[  567.678110][ T2556] bridge0: port 1(bridge_slave_0) entered disabled state
[  567.690353][T22079] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22072,uid=0
[  567.706059][T22079] Memory cgroup out of memory: Killed process 22072 (syz.5.7189) total-vm:90104kB, anon-rss:880kB, file-rss:52992kB, shmem-rss:0kB, UID:0 pgtables:176kB oom_score_adj:1000
[  567.822094][T22084] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  567.864415][T22084] CPU: 1 UID: 0 PID: 22084 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  567.864456][T22084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  567.864471][T22084] Call Trace:
[  567.864479][T22084]  <TASK>
[  567.864489][T22084]  __dump_stack+0x21/0x30
[  567.864526][T22084]  dump_stack_lvl+0x10c/0x190
[  567.864557][T22084]  ? __cfi_dump_stack_lvl+0x10/0x10
[  567.864586][T22084]  ? ___ratelimit+0x3f7/0x5a0
[  567.864621][T22084]  dump_stack+0x19/0x20
[  567.864651][T22084]  dump_header+0xd7/0x490
[  567.864673][T22084]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  567.864702][T22084]  oom_kill_process+0x4c0/0x7e0
[  567.864730][T22084]  ? sched_clock_cpu+0x75/0x400
[  567.864763][T22084]  out_of_memory+0x7ee/0xbd0
[  567.864789][T22084]  ? __cfi_out_of_memory+0x10/0x10
[  567.864815][T22084]  ? mutex_lock_killable+0x104/0x1c0
[  567.864839][T22084]  ? __cfi_mutex_lock_killable+0x10/0x10
[  567.864864][T22084]  mem_cgroup_out_of_memory+0x279/0x350
[  567.864888][T22084]  ? drain_obj_stock+0xed0/0xed0
[  567.864912][T22084]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  567.864935][T22084]  try_charge_memcg+0x8f7/0xde0
[  567.864968][T22084]  ? __cfi_try_charge_memcg+0x10/0x10
[  567.864997][T22084]  ? __alloc_pages_noprof+0x31f/0x7b0
[  567.865025][T22084]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  567.865053][T22084]  ? __folio_batch_add_and_move+0x2ab/0x370
[  567.865080][T22084]  __mem_cgroup_charge+0xf6/0x410
[  567.865112][T22084]  ? _raw_spin_lock+0x8c/0x120
[  567.865139][T22084]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  567.865174][T22084]  shmem_alloc_and_add_folio+0x86d/0x1050
[  567.865201][T22084]  ? put_swap_device+0x130/0x130
[  567.865226][T22084]  ? shmem_huge_global_enabled+0x2da/0x360
[  567.865250][T22084]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  567.865274][T22084]  ? __kasan_check_write+0x18/0x20
[  567.865309][T22084]  ? _raw_spin_lock+0x8c/0x120
[  567.865348][T22084]  shmem_get_folio_gfp+0x5f0/0x1380
[  567.865375][T22084]  ? shmem_get_folio+0xc0/0xc0
[  567.865397][T22084]  ? follow_page_pte+0xa5c/0xb90
[  567.865426][T22084]  ? inode_to_bdi+0x6d/0x100
[  567.865458][T22084]  shmem_write_begin+0xf4/0x270
[  567.865485][T22084]  generic_perform_write+0x330/0x960
[  567.865520][T22084]  ? __cfi_generic_perform_write+0x10/0x10
[  567.865552][T22084]  ? down_write+0xe9/0x2a0
[  567.865578][T22084]  ? file_update_time+0xa3/0x220
[  567.865609][T22084]  shmem_file_write_iter+0x105/0x130
[  567.865640][T22084]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  567.865671][T22084]  __kernel_write_iter+0x392/0x830
[  567.865691][T22084]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  567.865723][T22084]  ? __cfi___kernel_write_iter+0x10/0x10
[  567.865758][T22084]  ? get_dump_page+0x160/0x220
[  567.865786][T22084]  ? __asan_memset+0x39/0x50
[  567.865818][T22084]  ? iov_iter_bvec+0xc0/0x180
[  567.865844][T22084]  dump_user_range+0xb06/0xdf0
[  567.865868][T22084]  ? __cfi_dump_emit+0x10/0x10
[  567.865899][T22084]  ? __cfi_dump_user_range+0x10/0x10
[  567.865919][T22084]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  567.865952][T22084]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  567.865987][T22084]  elf_core_dump+0x2cd9/0x3810
[  567.866016][T22084]  ? __cfi_elf_core_dump+0x10/0x10
[  567.866049][T22084]  ? dump_interrupted+0xf0/0xf0
[  567.866081][T22084]  ? filp_open+0x182/0x1d0
[  567.866110][T22084]  ? 0xffffffffff600000
[  567.866130][T22084]  do_coredump+0x1bfa/0x2bd0
[  567.866166][T22084]  ? __cfi_do_coredump+0x10/0x10
[  567.866199][T22084]  ? asm_exc_page_fault+0x2b/0x30
[  567.866228][T22084]  ? __kasan_slab_free+0x6a/0x80
[  567.866249][T22084]  ? kmem_cache_free+0x1c1/0x510
[  567.866282][T22084]  ? get_signal+0xa75/0x14f0
[  567.866309][T22084]  get_signal+0x11fd/0x14f0
[  567.866347][T22084]  arch_do_signal_or_restart+0x96/0x720
[  567.866382][T22084]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  567.866421][T22084]  irqentry_exit_to_user_mode+0x4e/0xb0
[  567.866448][T22084]  irqentry_exit+0x16/0x60
[  567.866471][T22084]  exc_page_fault+0x66/0xc0
[  567.866495][T22084]  asm_exc_page_fault+0x2b/0x30
[  567.866517][T22084] RIP: 0033:0x7fd308f8ebf1
[  567.866537][T22084] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  567.866559][T22084] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  567.866581][T22084] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  567.866599][T22084] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  567.866616][T22084] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  567.866632][T22084] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  567.866648][T22084] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  567.866669][T22084]  </TASK>
[  567.866679][T22084] memory: usage 306732kB, limit 307200kB, failcnt 27518
[  567.889997][T22172] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false
[  567.966543][T22084] memory+swap: usage 432296kB, limit 9007199254740988kB, failcnt 0
[  568.000309][  T675] usb 2-1: device descriptor read/64, error -71
[  568.041475][T22084] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  568.274984][  T675] usb usb2-port1: attempt power cycle
[  568.308880][T22084] Memory cgroup stats for /syz5:
[  568.403753][T22084] cache 311562240
[  568.413138][T22084] rss 212992
[  568.417280][T22084] rss_huge 0
[  568.420514][T22084] shmem 311562240
[  568.424167][T22084] mapped_file 0
[  568.429263][T22084] dirty 0
[  568.432336][T22084] writeback 0
[  568.436528][T22084] workingset_refault_anon 46
[  568.441143][T22084] workingset_refault_file 0
[  568.446616][T22084] swap 126181376
[  568.450188][T22084] swapcached 163840
[  568.454017][T22084] pgpgin 145611
[  568.458709][T22084] pgpgout 69475
[  568.462220][T22084] pgfault 13990
[  568.466684][T22084] pgmajfault 22
[  568.470826][ T2556] tipc: Disabling bearer <udp:syz2>
[  568.472650][T22084] inactive_anon 165896192
[  568.481583][T22084] active_anon 145952768
[  568.484396][ T2556] tipc: Left network mode
[  568.486753][T22084] inactive_file 0
[  568.504379][T22084] active_file 0
[  568.507934][T22084] unevictable 0
[  568.511616][T22084] hierarchical_memory_limit 314572800
[  568.521813][ T2556] veth1_macvtap: left promiscuous mode
[  568.524351][T22084] hierarchical_memsw_limit 9223372036854771712
[  568.533500][T22084] total_cache 311562240
[  568.534401][ T2556] veth0_vlan: left promiscuous mode
[  568.554337][T22084] total_rss 212992
[  568.558123][T22084] total_rss_huge 0
[  568.561873][T22084] total_shmem 311562240
[  568.566787][T22084] total_mapped_file 0
[  568.572827][ T2556] veth1_macvtap: left promiscuous mode
[  568.582668][T22084] total_dirty 0
[  568.586448][ T2556] veth0_vlan: left promiscuous mode
[  568.592015][T22084] total_writeback 0
[  568.596951][T22084] total_workingset_refault_anon 46
[  568.602409][T22084] total_workingset_refault_file 0
[  568.622494][T22084] total_swap 126181376
[  568.631695][T22084] total_swapcached 163840
[  568.636149][T22084] total_pgpgin 145611
[  568.640215][T22084] total_pgpgout 69475
[  568.644236][T22084] total_pgfault 13990
[  568.648289][T22084] total_pgmajfault 22
[  568.652432][T22084] total_inactive_anon 165896192
[  568.657377][T22084] total_active_anon 145952768
[  568.662131][T22084] total_inactive_file 0
[  568.664440][  T675] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  568.666387][T22084] total_active_file 0
[  568.677946][T22084] total_unevictable 0
[  568.682039][T22084] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22082,uid=0
[  568.697594][T22084] Memory cgroup out of memory: Killed process 22082 (syz.5.7189) total-vm:90104kB, anon-rss:880kB, file-rss:57648kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000
[  568.697774][  T675] usb 2-1: device descriptor read/8, error -71
[  568.742433][T22069] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  568.761817][T22182] rust_binder: 221: no such ref 2
[  568.794403][T22069] CPU: 1 UID: 0 PID: 22069 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  568.794445][T22069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  568.794460][T22069] Call Trace:
[  568.794468][T22069]  <TASK>
[  568.794479][T22069]  __dump_stack+0x21/0x30
[  568.794515][T22069]  dump_stack_lvl+0x10c/0x190
[  568.794543][T22069]  ? __cfi_dump_stack_lvl+0x10/0x10
[  568.794572][T22069]  ? ___ratelimit+0x3f7/0x5a0
[  568.794606][T22069]  dump_stack+0x19/0x20
[  568.794633][T22069]  dump_header+0xd7/0x490
[  568.794656][T22069]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  568.794685][T22069]  oom_kill_process+0x4c0/0x7e0
[  568.794712][T22069]  ? sched_clock_cpu+0x75/0x400
[  568.794743][T22069]  out_of_memory+0x7ee/0xbd0
[  568.794768][T22069]  ? __cfi_out_of_memory+0x10/0x10
[  568.794793][T22069]  ? mutex_lock_killable+0x104/0x1c0
[  568.794817][T22069]  ? __cfi_mutex_lock_killable+0x10/0x10
[  568.794842][T22069]  mem_cgroup_out_of_memory+0x279/0x350
[  568.794866][T22069]  ? drain_obj_stock+0xed0/0xed0
[  568.794888][T22069]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  568.794910][T22069]  try_charge_memcg+0x8f7/0xde0
[  568.794942][T22069]  ? __cfi_try_charge_memcg+0x10/0x10
[  568.794973][T22069]  ? __alloc_pages_noprof+0x31f/0x7b0
[  568.795002][T22069]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  568.795032][T22069]  __mem_cgroup_charge+0xf6/0x410
[  568.795066][T22069]  ? _raw_spin_lock+0x8c/0x120
[  568.795095][T22069]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  568.795130][T22069]  shmem_alloc_and_add_folio+0x86d/0x1050
[  568.795160][T22069]  ? __cfi_preempt_schedule_irq+0x10/0x10
[  568.795195][T22069]  ? put_swap_device+0x130/0x130
[  568.795228][T22069]  ? irqentry_exit+0x4a/0x60
[  568.795253][T22069]  ? shmem_huge_global_enabled+0x2da/0x360
[  568.795279][T22069]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  568.795303][T22069]  ? shmem_get_folio_gfp+0x518/0x1380
[  568.795328][T22069]  shmem_get_folio_gfp+0x5f0/0x1380
[  568.795356][T22069]  ? shmem_get_folio+0xc0/0xc0
[  568.795378][T22069]  ? follow_page_pte+0xa5c/0xb90
[  568.795408][T22069]  ? inode_to_bdi+0x6d/0x100
[  568.795438][T22069]  shmem_write_begin+0xf4/0x270
[  568.795465][T22069]  generic_perform_write+0x330/0x960
[  568.795499][T22069]  ? __cfi_generic_perform_write+0x10/0x10
[  568.795531][T22069]  ? down_write+0xe9/0x2a0
[  568.795556][T22069]  ? file_update_time+0xa3/0x220
[  568.795588][T22069]  shmem_file_write_iter+0x105/0x130
[  568.795617][T22069]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  568.795647][T22069]  __kernel_write_iter+0x392/0x830
[  568.795669][T22069]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  568.795699][T22069]  ? __cfi___kernel_write_iter+0x10/0x10
[  568.795734][T22069]  ? get_dump_page+0x160/0x220
[  568.795761][T22069]  ? __asan_memset+0x39/0x50
[  568.795794][T22069]  ? iov_iter_bvec+0xc0/0x180
[  568.795820][T22069]  dump_user_range+0xb06/0xdf0
[  568.795843][T22069]  ? __cfi_dump_emit+0x10/0x10
[  568.795879][T22069]  ? __cfi_dump_user_range+0x10/0x10
[  568.795900][T22069]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  568.795935][T22069]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  568.795971][T22069]  elf_core_dump+0x2cd9/0x3810
[  568.796002][T22069]  ? __cfi_elf_core_dump+0x10/0x10
[  568.796036][T22069]  ? dump_interrupted+0xf0/0xf0
[  568.796070][T22069]  ? filp_open+0x182/0x1d0
[  568.796099][T22069]  ? 0xffffffffff600000
[  568.796118][T22069]  do_coredump+0x1bfa/0x2bd0
[  568.796155][T22069]  ? __cfi_do_coredump+0x10/0x10
[  568.796188][T22069]  ? asm_exc_page_fault+0x2b/0x30
[  568.796227][T22069]  ? __kasan_slab_free+0x6a/0x80
[  568.796251][T22069]  ? kmem_cache_free+0x1c1/0x510
[  568.796284][T22069]  ? get_signal+0xa75/0x14f0
[  568.796314][T22069]  get_signal+0x11fd/0x14f0
[  568.796346][T22069]  arch_do_signal_or_restart+0x96/0x720
[  568.796381][T22069]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  568.796419][T22069]  irqentry_exit_to_user_mode+0x4e/0xb0
[  568.796445][T22069]  irqentry_exit+0x16/0x60
[  568.796468][T22069]  exc_page_fault+0x66/0xc0
[  568.796493][T22069]  asm_exc_page_fault+0x2b/0x30
[  568.796515][T22069] RIP: 0033:0x7fd308f8ebf1
[  568.796535][T22069] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  568.796556][T22069] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  568.796579][T22069] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  568.796597][T22069] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  568.796614][T22069] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  568.796631][T22069] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  568.796646][T22069] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  568.796668][T22069]  </TASK>
[  568.796677][T22069] memory: usage 300724kB, limit 307200kB, failcnt 29010
[  568.885027][  T675] usb 2-1: device descriptor read/8, error -71
[  569.090942][T22069] memory+swap: usage 394104kB, limit 9007199254740988kB, failcnt 0
[  569.322286][T22069] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  569.330060][T22069] Memory cgroup stats for /syz5:
[  569.330227][T22069] cache 299212800
[  569.341239][T22069] rss 278528
[  569.347804][T22069] rss_huge 0
[  569.351180][T22069] shmem 299212800
[  569.356277][T22069] mapped_file 0
[  569.359837][T22069] dirty 0
[  569.362925][T22069] writeback 0
[  569.367838][T22069] workingset_refault_anon 71
[  569.372580][T22069] workingset_refault_file 0
[  569.379903][T22069] swap 127737856
[  569.390703][T22069] swapcached 249856
[  569.395934][T22069] pgpgin 154166
[  569.405356][T22069] pgpgout 81023
[  569.409156][T22069] pgfault 14160
[  569.414567][T22180] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.421634][T22180] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.444392][T22180] bridge_slave_0: entered allmulticast mode
[  569.450825][T22180] bridge_slave_0: entered promiscuous mode
[  569.467547][T22069] pgmajfault 30
[  569.476431][T22180] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.477610][T22069] inactive_anon 121675776
[  569.483515][T22180] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.483595][T22180] bridge_slave_1: entered allmulticast mode
[  569.499814][T22069] active_anon 177917952
[  569.505985][T22069] inactive_file 0
[  569.514045][T22069] active_file 0
[  569.520223][T22069] unevictable 0
[  569.525819][T22069] hierarchical_memory_limit 314572800
[  569.531335][T22069] hierarchical_memsw_limit 9223372036854771712
[  569.538820][T22069] total_cache 299212800
[  569.544875][T22180] bridge_slave_1: entered promiscuous mode
[  569.550407][T22069] total_rss 278528
[  569.562284][T22069] total_rss_huge 0
[  569.582647][T22069] total_shmem 299212800
[  569.590424][T22069] total_mapped_file 0
[  569.603720][T22069] total_dirty 0
[  569.607552][T22069] total_writeback 0
[  569.611393][T22069] total_workingset_refault_anon 71
[  569.616756][T22069] total_workingset_refault_file 0
[  569.621821][T22069] total_swap 127737856
[  569.626096][T22069] total_swapcached 249856
[  569.634339][T22069] total_pgpgin 154166
[  569.638364][T22069] total_pgpgout 81023
[  569.653344][T22069] total_pgfault 14160
[  569.684347][T22069] total_pgmajfault 30
[  569.700086][T22069] total_inactive_anon 121675776
[  569.718185][T22069] total_active_anon 177917952
[  569.739258][T22069] total_inactive_file 0
[  569.746021][T22069] total_active_file 0
[  569.753219][T22069] total_unevictable 0
[  569.763577][T22069] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22076,uid=0
[  569.791023][T22069] Memory cgroup out of memory: Killed process 22076 (syz.5.7189) total-vm:90104kB, anon-rss:1008kB, file-rss:57648kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000
[  570.294364][  T675] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  570.335731][  T675] usb 2-1: Using ep0 maxpacket: 32
[  570.405340][  T675] usb 2-1: config 8 has an invalid interface number: 1 but max is 0
[  570.413538][  T675] usb 2-1: config 8 has no interface number 0
[  570.496969][  T675] usb 2-1: config 8 interface 1 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[  570.579013][  T675] usb 2-1: config 8 interface 1 altsetting 128 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  570.597781][T22083] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  570.613880][  T675] usb 2-1: config 8 interface 1 altsetting 128 has a duplicate endpoint with address 0x2, skipping
[  570.656079][T22083] CPU: 1 UID: 0 PID: 22083 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  570.656116][T22083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  570.656131][T22083] Call Trace:
[  570.656139][T22083]  <TASK>
[  570.656149][T22083]  __dump_stack+0x21/0x30
[  570.656186][T22083]  dump_stack_lvl+0x10c/0x190
[  570.656218][T22083]  ? __cfi_dump_stack_lvl+0x10/0x10
[  570.656249][T22083]  ? ___ratelimit+0x3f7/0x5a0
[  570.656292][T22083]  dump_stack+0x19/0x20
[  570.656322][T22083]  dump_header+0xd7/0x490
[  570.656345][T22083]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  570.656376][T22083]  oom_kill_process+0x4c0/0x7e0
[  570.656404][T22083]  ? sched_clock_cpu+0x75/0x400
[  570.656433][T22083]  out_of_memory+0x7ee/0xbd0
[  570.656461][T22083]  ? __cfi_out_of_memory+0x10/0x10
[  570.656487][T22083]  ? mutex_lock_killable+0x92/0x1c0
[  570.656512][T22083]  ? __cfi_mutex_lock_killable+0x10/0x10
[  570.656538][T22083]  mem_cgroup_out_of_memory+0x279/0x350
[  570.656562][T22083]  ? drain_obj_stock+0xed0/0xed0
[  570.656586][T22083]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  570.656609][T22083]  try_charge_memcg+0x8f7/0xde0
[  570.656642][T22083]  ? __cfi_try_charge_memcg+0x10/0x10
[  570.656673][T22083]  ? __alloc_pages_noprof+0x31f/0x7b0
[  570.656704][T22083]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  570.656733][T22083]  ? __folio_batch_add_and_move+0x2ab/0x370
[  570.656763][T22083]  __mem_cgroup_charge+0xf6/0x410
[  570.656797][T22083]  ? _raw_spin_lock+0x8c/0x120
[  570.656827][T22083]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  570.656860][T22083]  shmem_alloc_and_add_folio+0x86d/0x1050
[  570.656888][T22083]  ? put_swap_device+0x130/0x130
[  570.656915][T22083]  ? shmem_huge_global_enabled+0x2da/0x360
[  570.656940][T22083]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  570.656965][T22083]  ? __kasan_check_write+0x18/0x20
[  570.657000][T22083]  ? _raw_spin_lock+0x8c/0x120
[  570.657030][T22083]  shmem_get_folio_gfp+0x5f0/0x1380
[  570.657057][T22083]  ? shmem_get_folio+0xc0/0xc0
[  570.657080][T22083]  ? follow_page_pte+0xa5c/0xb90
[  570.657109][T22083]  ? inode_to_bdi+0x6d/0x100
[  570.657141][T22083]  shmem_write_begin+0xf4/0x270
[  570.657169][T22083]  generic_perform_write+0x330/0x960
[  570.657204][T22083]  ? __cfi_generic_perform_write+0x10/0x10
[  570.657236][T22083]  ? down_write+0xe9/0x2a0
[  570.657262][T22083]  ? file_update_time+0xa3/0x220
[  570.657299][T22083]  shmem_file_write_iter+0x105/0x130
[  570.657328][T22083]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  570.657360][T22083]  __kernel_write_iter+0x392/0x830
[  570.657382][T22083]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  570.657412][T22083]  ? __cfi___kernel_write_iter+0x10/0x10
[  570.657447][T22083]  ? get_dump_page+0x160/0x220
[  570.657475][T22083]  ? __asan_memset+0x39/0x50
[  570.657507][T22083]  ? iov_iter_bvec+0xc0/0x180
[  570.657535][T22083]  dump_user_range+0xb06/0xdf0
[  570.657559][T22083]  ? __cfi_dump_emit+0x10/0x10
[  570.657599][T22083]  ? __cfi_dump_user_range+0x10/0x10
[  570.657621][T22083]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  570.657656][T22083]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  570.657691][T22083]  elf_core_dump+0x2cd9/0x3810
[  570.657724][T22083]  ? __cfi_elf_core_dump+0x10/0x10
[  570.657760][T22083]  ? dump_interrupted+0xf0/0xf0
[  570.657794][T22083]  ? filp_open+0x182/0x1d0
[  570.657824][T22083]  ? 0xffffffffff600000
[  570.657844][T22083]  do_coredump+0x1bfa/0x2bd0
[  570.657882][T22083]  ? __cfi_do_coredump+0x10/0x10
[  570.657915][T22083]  ? asm_exc_page_fault+0x2b/0x30
[  570.657946][T22083]  ? __kasan_slab_free+0x6a/0x80
[  570.657971][T22083]  ? kmem_cache_free+0x1c1/0x510
[  570.658007][T22083]  ? get_signal+0xa75/0x14f0
[  570.658037][T22083]  get_signal+0x11fd/0x14f0
[  570.658069][T22083]  arch_do_signal_or_restart+0x96/0x720
[  570.658104][T22083]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  570.658139][T22083]  irqentry_exit_to_user_mode+0x4e/0xb0
[  570.658165][T22083]  irqentry_exit+0x16/0x60
[  570.658188][T22083]  exc_page_fault+0x66/0xc0
[  570.658211][T22083]  asm_exc_page_fault+0x2b/0x30
[  570.658233][T22083] RIP: 0033:0x7fd308f8ebf1
[  570.658253][T22083] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  570.658285][T22083] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  570.658307][T22083] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  570.658325][T22083] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  570.658342][T22083] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  570.658358][T22083] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  570.658373][T22083] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  570.658395][T22083]  </TASK>
[  570.660942][T22083] memory: usage 305228kB, limit 307200kB, failcnt 32715
[  570.668308][  T675] usb 2-1: config 8 interface 1 altsetting 128 endpoint 0xD has invalid maxpacket 50594, setting to 1024
[  570.708969][T22083] memory+swap: usage 430476kB, limit 9007199254740988kB, failcnt 0
[  570.764870][  T675] usb 2-1: config 8 interface 1 altsetting 128 bulk endpoint 0x1 has invalid maxpacket 32
[  570.855013][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.861682][  T675] usb 2-1: config 8 interface 1 altsetting 128 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  570.864088][ T2557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.896103][  T675] usb 2-1: config 8 interface 1 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[  570.916772][T22083] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  570.924918][  T675] usb 2-1: config 8 interface 1 altsetting 128 bulk endpoint 0x9 has invalid maxpacket 64
[  570.927217][T22083] Memory cgroup stats for 
[  570.931868][  T675] usb 2-1: config 8 interface 1 altsetting 128 has a duplicate endpoint with address 0x8D, skipping
[  570.937474][T22083] /syz5
[  570.943150][  T675] usb 2-1: config 8 interface 1 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[  570.947461][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.956671][  T675] usb 2-1: config 8 interface 1 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[  570.959828][ T2557] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.966052][  T675] usb 2-1: config 8 interface 1 has no altsetting 0
[  570.970068][T22083] :
[  570.980454][  T675] usb 2-1: New USB device found, idVendor=0e41, idProduct=4650, bcdDevice=fb.38
[  570.983962][T22083] cache 313978880
[  570.990762][  T675] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.993326][T22083] rss 307200
[  570.999985][  T675] usb 2-1: Product: 휾逹
[  571.003474][T22083] rss_huge 0
[  571.012705][  T675] usb 2-1: Manufacturer: 쁏쨉외ɪ⠛낾蟹齈鱜砥섕뇑릠ᐍ挙㈉鴳糠赴復沜欨뜇⼻㫌ጜ｝ᡱ꬞ꅾ㍩ὠ酼夅駀ꆃ嗿⨢諻턺ⅼ뭪咿뙏䃂㼬榷∱栕徆⊻麑퀰젣諢车薖翟ᷛ놲枚稒蜸٨逻඲뢌笞⺿싌䈩쌩㘷觖ᐟ직ᕥᶰ蔱Ｂ뢺麉凨ꏃ
[  571.034712][T22083] shmem 313978880
[  571.038121][  T675] usb 2-1: SerialNumber: syz
[  571.040040][T22083] mapped_file 0
[  571.073538][T22180] veth0_vlan: entered promiscuous mode
[  571.085872][  T329] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  571.104638][T22198] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  571.111893][T22083] dirty 0
[  571.129744][T22198] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  571.192286][T22180] veth1_macvtap: entered promiscuous mode
[  571.198138][T22083] writeback 0
[  571.379244][  T675] usb 2-1: USB disconnect, device number 70
[  571.422307][T22083] workingset_refault_anon 83
[  571.438261][T22083] workingset_refault_file 0
[  571.442828][T22083] swap 127729664
[  571.446713][T22083] swapcached 266240
[  571.450758][T22083] pgpgin 184972
[  571.454244][T22083] pgpgout 108196
[  571.457884][T22083] pgfault 16363
[  571.461361][T22083] pgmajfault 35
[  571.464953][T22083] inactive_anon 244355072
[  571.469844][T22083] active_anon 70103040
[  571.474480][T22083] inactive_file 0
[  571.478782][T22083] active_file 0
[  571.483221][T22083] unevictable 0
[  571.486810][  T329] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  571.496631][T22083] hierarchical_memory_limit 314572800
[  571.497505][  T329] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  571.511364][T22083] hierarchical_memsw_limit 9223372036854771712
[  571.517651][T22083] total_cache 313978880
[  571.521902][T22083] total_rss 307200
[  571.525738][T22083] total_rss_huge 0
[  571.529480][T22083] total_shmem 313978880
[  571.533697][T22083] total_mapped_file 0
[  571.538323][T22083] total_dirty 0
[  571.542459][  T329] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  571.552441][  T329] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  571.561175][T22083] total_writeback 0
[  571.565114][T22083] total_workingset_refault_anon 83
[  571.570303][T22083] total_workingset_refault_file 0
[  571.575425][  T329] usb 6-1: SerialNumber: syz
[  571.582146][T22083] total_swap 127729664
[  571.586513][T22083] total_swapcached 266240
[  571.591612][T22083] total_pgpgin 184972
[  571.595717][T22083] total_pgpgout 108196
[  571.600189][T22083] total_pgfault 16363
[  571.604268][T22083] total_pgmajfault 35
[  571.609631][T22083] total_inactive_anon 244355072
[  571.614581][T22083] total_active_anon 70103040
[  571.619919][T22083] total_inactive_file 0
[  571.632774][T22083] total_active_file 0
[  571.637885][T22083] total_unevictable 0
[  571.642419][T22083] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22061,uid=0
[  571.658806][T22083] Memory cgroup out of memory: Killed process 22061 (syz.5.7189) total-vm:90104kB, anon-rss:1008kB, file-rss:57648kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000
[  571.731877][T22069] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  571.779784][T22069] CPU: 0 UID: 0 PID: 22069 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  571.779824][T22069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  571.779840][T22069] Call Trace:
[  571.779848][T22069]  <TASK>
[  571.779859][T22069]  __dump_stack+0x21/0x30
[  571.779897][T22069]  dump_stack_lvl+0x10c/0x190
[  571.779929][T22069]  ? __cfi_dump_stack_lvl+0x10/0x10
[  571.779961][T22069]  ? ___ratelimit+0x3f7/0x5a0
[  571.779997][T22069]  dump_stack+0x19/0x20
[  571.780045][T22069]  dump_header+0xd7/0x490
[  571.780069][T22069]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  571.780101][T22069]  oom_kill_process+0x4c0/0x7e0
[  571.780129][T22069]  ? sched_clock_cpu+0x75/0x400
[  571.780161][T22069]  out_of_memory+0x7ee/0xbd0
[  571.780189][T22069]  ? __cfi_out_of_memory+0x10/0x10
[  571.780216][T22069]  ? mutex_lock_killable+0x104/0x1c0
[  571.780241][T22069]  ? __cfi_mutex_lock_killable+0x10/0x10
[  571.780266][T22069]  mem_cgroup_out_of_memory+0x279/0x350
[  571.780290][T22069]  ? drain_obj_stock+0xed0/0xed0
[  571.780314][T22069]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  571.780338][T22069]  try_charge_memcg+0x8f7/0xde0
[  571.780371][T22069]  ? __cfi_try_charge_memcg+0x10/0x10
[  571.780403][T22069]  ? __alloc_pages_noprof+0x31f/0x7b0
[  571.780434][T22069]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  571.780464][T22069]  ? __folio_batch_add_and_move+0x2ab/0x370
[  571.780494][T22069]  __mem_cgroup_charge+0xf6/0x410
[  571.780529][T22069]  ? _raw_spin_lock+0x8c/0x120
[  571.780558][T22069]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  571.780595][T22069]  shmem_alloc_and_add_folio+0x86d/0x1050
[  571.780625][T22069]  ? put_swap_device+0x130/0x130
[  571.780651][T22069]  ? shmem_huge_global_enabled+0x2da/0x360
[  571.780677][T22069]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  571.780702][T22069]  ? __kasan_check_write+0x18/0x20
[  571.780735][T22069]  ? _raw_spin_lock+0x8c/0x120
[  571.780765][T22069]  shmem_get_folio_gfp+0x5f0/0x1380
[  571.780794][T22069]  ? shmem_get_folio+0xc0/0xc0
[  571.780817][T22069]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  571.780851][T22069]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  571.780885][T22069]  ? inode_to_bdi+0x6d/0x100
[  571.780917][T22069]  shmem_write_begin+0xf4/0x270
[  571.780944][T22069]  generic_perform_write+0x330/0x960
[  571.780980][T22069]  ? __cfi_generic_perform_write+0x10/0x10
[  571.781020][T22069]  ? down_write+0xe9/0x2a0
[  571.781045][T22069]  ? mnt_get_write_access_file+0x1af/0x3b0
[  571.781076][T22069]  ? mnt_put_write_access_file+0xc2/0x100
[  571.781107][T22069]  ? file_update_time+0x1ef/0x220
[  571.781138][T22069]  shmem_file_write_iter+0x105/0x130
[  571.781169][T22069]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  571.781200][T22069]  __kernel_write_iter+0x392/0x830
[  571.781222][T22069]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  571.781254][T22069]  ? __cfi___kernel_write_iter+0x10/0x10
[  571.781290][T22069]  ? get_dump_page+0x160/0x220
[  571.781319][T22069]  ? __asan_memset+0x39/0x50
[  571.781352][T22069]  ? iov_iter_bvec+0xc0/0x180
[  571.781379][T22069]  dump_user_range+0xb06/0xdf0
[  571.781403][T22069]  ? __cfi_dump_emit+0x10/0x10
[  571.781438][T22069]  ? __cfi_dump_user_range+0x10/0x10
[  571.781460][T22069]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  571.781495][T22069]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  571.781531][T22069]  elf_core_dump+0x2cd9/0x3810
[  571.781563][T22069]  ? __cfi_elf_core_dump+0x10/0x10
[  571.781598][T22069]  ? dump_interrupted+0xf0/0xf0
[  571.781632][T22069]  ? filp_open+0x182/0x1d0
[  571.781661][T22069]  ? 0xffffffffff600000
[  571.781682][T22069]  do_coredump+0x1bfa/0x2bd0
[  571.781720][T22069]  ? __cfi_do_coredump+0x10/0x10
[  571.781753][T22069]  ? asm_exc_page_fault+0x2b/0x30
[  571.781786][T22069]  ? __kasan_slab_free+0x6a/0x80
[  571.781811][T22069]  ? kmem_cache_free+0x1c1/0x510
[  571.781846][T22069]  ? get_signal+0xa75/0x14f0
[  571.781876][T22069]  get_signal+0x11fd/0x14f0
[  571.781926][T22069]  arch_do_signal_or_restart+0x96/0x720
[  571.781964][T22069]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  571.782015][T22069]  irqentry_exit_to_user_mode+0x4e/0xb0
[  571.782039][T22069]  irqentry_exit+0x16/0x60
[  571.782062][T22069]  exc_page_fault+0x66/0xc0
[  571.782087][T22069]  asm_exc_page_fault+0x2b/0x30
[  571.782110][T22069] RIP: 0033:0x7fd308f8ebf1
[  571.782130][T22069] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  571.782151][T22069] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  571.782174][T22069] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  571.782192][T22069] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  571.782209][T22069] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  571.782225][T22069] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  571.782240][T22069] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  571.782262][T22069]  </TASK>
[  571.782272][T22069] memory: usage 306856kB, limit 307200kB, failcnt 33045
[  572.282610][  T329] usb 6-1: 0:2 : does not exist
[  572.314383][  T329] usb 6-1: unit 5 not found!
[  572.343399][   T36] kauditd_printk_skb: 380 callbacks suppressed
[  572.343421][   T36] audit: type=1400 audit(2000000526.398:31225): avc:  denied  { create } for  pid=22219 comm="syz.1.7228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  572.392009][  T329] usb 6-1: USB disconnect, device number 5
[  572.399157][T22220] random: crng reseeded on system resumption
[  572.447957][T22069] memory+swap: usage 431972kB, limit 9007199254740988kB, failcnt 0
[  572.458792][T22221] overlayfs: failed to resolve './file1': -2
[  572.467200][T22069] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  572.494385][   T36] audit: type=1400 audit(2000000526.438:31226): avc:  denied  { connect } for  pid=22219 comm="syz.1.7228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  572.520040][   T36] audit: type=1400 audit(2000000526.468:31227): avc:  denied  { write } for  pid=22219 comm="syz.1.7228" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  572.575184][T22220] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22220 comm=syz.1.7228
[  572.594362][T22069] Memory cgroup stats for /syz5:
[  572.594517][T22069] cache 314118144
[  572.607493][T21641] udevd[21641]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  572.623413][T22069] rss 294912
[  572.627602][T22069] rss_huge 0
[  572.630959][T22069] shmem 314118144
[  572.634361][   T36] audit: type=1400 audit(2000000526.468:31228): avc:  denied  { write open } for  pid=22219 comm="syz.1.7228" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  572.637627][T22069] mapped_file 0
[  572.714360][T22069] dirty 0
[  572.714348][   T36] audit: type=1400 audit(2000000526.478:31229): avc:  denied  { read write } for  pid=22217 comm="syz.6.7227" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  572.714389][   T36] audit: type=1400 audit(2000000526.478:31230): avc:  denied  { read write open } for  pid=22217 comm="syz.6.7227" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  572.719560][T22069] writeback 0
[  572.751242][   T45] usb 7-1: new low-speed USB device number 2 using dummy_hcd
[  572.804395][   T36] audit: type=1400 audit(2000000526.518:31231): avc:  denied  { mounton } for  pid=22219 comm="syz.1.7228" path="/138/bus" dev="tmpfs" ino=784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  572.854366][   T36] audit: type=1400 audit(2000000526.558:31232): avc:  denied  { ioctl } for  pid=22217 comm="syz.6.7227" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  572.867254][T22069] workingset_refault_anon 84
[  572.885122][T22069] workingset_refault_file 0
[  572.889662][T22069] swap 127881216
[  572.894966][T22069] swapcached 114688
[  572.898887][T22069] pgpgin 194403
[  572.902397][T22069] pgpgout 117631
[  572.908825][   T36] audit: type=1400 audit(2000000526.558:31233): avc:  denied  { ioctl } for  pid=22217 comm="syz.6.7227" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  572.924260][T22069] pgfault 16595
[  572.970864][T22069] pgmajfault 36
[  572.986527][T22069] inactive_anon 79450112
[  572.990103][   T36] audit: type=1400 audit(2000000526.558:31234): avc:  denied  { ioctl } for  pid=22217 comm="syz.6.7227" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  573.019150][T22069] active_anon 234483712
[  573.023358][T22069] inactive_file 0
[  573.026380][   T45] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  573.044556][   T45] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.046551][T22069] active_file 0
[  573.054098][   T45] usb 7-1: config 0 descriptor??
[  573.084336][T22069] unevictable 0
[  573.098055][T22069] hierarchical_memory_limit 314572800
[  573.103534][T22069] hierarchical_memsw_limit 9223372036854771712
[  573.130994][T22226] rust_binder: Error while translating object.
[  573.131052][T22226] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  573.148730][T22069] total_cache 314118144
[  573.152071][T22226] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:227
[  573.191031][T22069] total_rss 294912
[  573.228047][T22069] total_rss_huge 0
[  573.231940][T22069] total_shmem 314118144
[  573.247993][T22230] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  573.252195][T22230] rust_binder: Failed to allocate buffer. len:216, is_oneway:false
[  573.262838][T22069] total_mapped_file 0
[  573.275282][   T45] asix 7-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  573.295930][T22069] total_dirty 0
[  573.299469][T22069] total_writeback 0
[  573.303411][T22069] total_workingset_refault_anon 84
[  573.338723][T22069] total_workingset_refault_file 0
[  573.343928][T22069] total_swap 127881216
[  573.373593][T22069] total_swapcached 114688
[  573.389987][T22237] syz.1.7233: attempt to access beyond end of device
[  573.389987][T22237] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  573.408551][T22069] total_pgpgin 194403
[  573.412546][T22237] exFAT-fs (loop1): unable to read boot sector
[  573.424672][T22234] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7235'.
[  573.425523][T22069] total_pgpgout 117631
[  573.434288][T22237] exFAT-fs (loop1): failed to read boot sector
[  573.457931][T22234] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7235'.
[  573.460216][T22069] total_pgfault 16595
[  573.474354][T22237] exFAT-fs (loop1): failed to recognize exfat type
[  573.478797][T22218] fuse: Bad value for 'rootmode'
[  573.489217][T22069] total_pgmajfault 36
[  573.501701][T22069] total_inactive_anon 79450112
[  573.510483][   T45] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  573.520548][T22069] total_active_anon 234483712
[  573.525358][T22069] total_inactive_file 0
[  573.549082][   T45] asix 7-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  573.566886][T22069] total_active_file 0
[  573.579792][T22069] total_unevictable 0
[  573.586056][T22069] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22067,uid=0
[  573.604506][   T45] asix 7-1:0.0: probe with driver asix failed with error -71
[  573.630663][T22069] Memory cgroup out of memory: Killed process 22067 (syz.5.7189) total-vm:90104kB, anon-rss:880kB, file-rss:57648kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000
[  573.648817][   T45] usb 7-1: USB disconnect, device number 2
[  573.742910][T22078] syz.5.7189 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  573.779210][T22078] CPU: 0 UID: 0 PID: 22078 Comm: syz.5.7189 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  573.779247][T22078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  573.779264][T22078] Call Trace:
[  573.779272][T22078]  <TASK>
[  573.779282][T22078]  __dump_stack+0x21/0x30
[  573.779320][T22078]  dump_stack_lvl+0x10c/0x190
[  573.779351][T22078]  ? __cfi_dump_stack_lvl+0x10/0x10
[  573.779383][T22078]  ? ___ratelimit+0x3f7/0x5a0
[  573.779420][T22078]  dump_stack+0x19/0x20
[  573.779450][T22078]  dump_header+0xd7/0x490
[  573.779474][T22078]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  573.779505][T22078]  oom_kill_process+0x4c0/0x7e0
[  573.779534][T22078]  ? sched_clock_cpu+0x75/0x400
[  573.779568][T22078]  out_of_memory+0x7ee/0xbd0
[  573.779595][T22078]  ? __cfi_out_of_memory+0x10/0x10
[  573.779622][T22078]  ? mutex_lock_killable+0x104/0x1c0
[  573.779646][T22078]  ? __cfi_mutex_lock_killable+0x10/0x10
[  573.779673][T22078]  mem_cgroup_out_of_memory+0x279/0x350
[  573.779698][T22078]  ? drain_obj_stock+0xed0/0xed0
[  573.779722][T22078]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  573.779746][T22078]  try_charge_memcg+0x8f7/0xde0
[  573.779777][T22078]  ? __cfi_try_charge_memcg+0x10/0x10
[  573.779808][T22078]  ? __alloc_pages_noprof+0x31f/0x7b0
[  573.779839][T22078]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  573.779868][T22078]  ? __folio_batch_add_and_move+0x2ab/0x370
[  573.779898][T22078]  __mem_cgroup_charge+0xf6/0x410
[  573.779933][T22078]  ? _raw_spin_lock+0x8c/0x120
[  573.779963][T22078]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  573.780001][T22078]  shmem_alloc_and_add_folio+0x86d/0x1050
[  573.780040][T22078]  ? put_swap_device+0x130/0x130
[  573.780066][T22078]  ? shmem_huge_global_enabled+0x2da/0x360
[  573.780091][T22078]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  573.780116][T22078]  ? __kasan_check_write+0x18/0x20
[  573.780149][T22078]  ? _raw_spin_lock+0x8c/0x120
[  573.780179][T22078]  shmem_get_folio_gfp+0x5f0/0x1380
[  573.780208][T22078]  ? shmem_get_folio+0xc0/0xc0
[  573.780231][T22078]  ? follow_page_pte+0xa5c/0xb90
[  573.780261][T22078]  ? inode_to_bdi+0x6d/0x100
[  573.780293][T22078]  shmem_write_begin+0xf4/0x270
[  573.780320][T22078]  generic_perform_write+0x330/0x960
[  573.780355][T22078]  ? __cfi_generic_perform_write+0x10/0x10
[  573.780386][T22078]  ? down_write+0xe9/0x2a0
[  573.780411][T22078]  ? file_update_time+0xa3/0x220
[  573.780443][T22078]  shmem_file_write_iter+0x105/0x130
[  573.780475][T22078]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  573.780505][T22078]  __kernel_write_iter+0x392/0x830
[  573.780528][T22078]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  573.780559][T22078]  ? __cfi___kernel_write_iter+0x10/0x10
[  573.780594][T22078]  ? get_dump_page+0x160/0x220
[  573.780622][T22078]  ? __asan_memset+0x39/0x50
[  573.780654][T22078]  ? iov_iter_bvec+0xc0/0x180
[  573.780681][T22078]  dump_user_range+0xb06/0xdf0
[  573.780706][T22078]  ? __cfi_dump_emit+0x10/0x10
[  573.780741][T22078]  ? __cfi_dump_user_range+0x10/0x10
[  573.780764][T22078]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  573.780800][T22078]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  573.780833][T22078]  ? kasan_check_range+0x92/0x2a0
[  573.780861][T22078]  elf_core_dump+0x2cd9/0x3810
[  573.780892][T22078]  ? __cfi_elf_core_dump+0x10/0x10
[  573.780927][T22078]  ? dump_interrupted+0xf0/0xf0
[  573.780961][T22078]  ? filp_open+0x182/0x1d0
[  573.780992][T22078]  ? 0xffffffffff600000
[  573.781012][T22078]  do_coredump+0x1bfa/0x2bd0
[  573.781056][T22078]  ? __cfi_do_coredump+0x10/0x10
[  573.781089][T22078]  ? asm_exc_page_fault+0x2b/0x30
[  573.781121][T22078]  ? __kasan_slab_free+0x6a/0x80
[  573.781144][T22078]  ? kmem_cache_free+0x1c1/0x510
[  573.781179][T22078]  ? get_signal+0xa75/0x14f0
[  573.781209][T22078]  get_signal+0x11fd/0x14f0
[  573.781242][T22078]  arch_do_signal_or_restart+0x96/0x720
[  573.781279][T22078]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  573.781319][T22078]  irqentry_exit_to_user_mode+0x4e/0xb0
[  573.781347][T22078]  irqentry_exit+0x16/0x60
[  573.781370][T22078]  exc_page_fault+0x66/0xc0
[  573.781394][T22078]  asm_exc_page_fault+0x2b/0x30
[  573.781416][T22078] RIP: 0033:0x7fd308f8ebf1
[  573.781435][T22078] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  573.781457][T22078] RSP: 002b:00000000fffffd10 EFLAGS: 00010217
[  573.781479][T22078] RAX: 0000000000000000 RBX: 00007fd3091b6180 RCX: 00007fd308f8ebe9
[  573.781498][T22078] RDX: 0000000000000000 RSI: 00000000fffffd10 RDI: 0000000001000000
[  573.781515][T22078] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  573.781532][T22078] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  573.781548][T22078] R13: 00007fd3091b6218 R14: 00007fd3091b6180 R15: 00007fff946d9428
[  573.781571][T22078]  </TASK>
[  573.781580][T22078] memory: usage 304712kB, limit 307200kB, failcnt 34040
[  574.326588][T22257] netlink: 240 bytes leftover after parsing attributes in process `syz.5.7240'.
[  574.423260][T22078] memory+swap: usage 410164kB, limit 9007199254740988kB, failcnt 0
[  574.433695][T22078] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  574.448074][T22078] Memory cgroup stats for /syz5:
[  574.448245][T22078] cache 292052992
[  574.457888][T22078] rss 139264
[  574.461200][T22078] rss_huge 0
[  574.484395][T22078] shmem 292052992
[  574.491454][T22078] mapped_file 0
[  574.532350][T22078] dirty 0
[  574.544506][T22078] writeback 4096
[  574.555002][T22078] workingset_refault_anon 87
[  574.597930][T22078] workingset_refault_file 0
[  574.614404][T22078] swap 127913984
[  574.633204][T22078] swapcached 81920
[  574.649888][T22078] pgpgin 199632
[  574.663179][T22078] pgpgout 128295
[  574.674355][T22078] pgfault 17081
[  574.685928][T22078] pgmajfault 40
[  574.699853][T22078] inactive_anon 157556736
[  574.717499][T22078] active_anon 134328320
[  574.732671][T22078] inactive_file 0
[  574.748933][T22078] active_file 0
[  574.763448][T22078] unevictable 0
[  574.781567][T22078] hierarchical_memory_limit 314572800
[  574.793579][T22078] hierarchical_memsw_limit 9223372036854771712
[  574.809987][T22078] total_cache 292052992
[  574.820074][T22078] total_rss 139264
[  574.832685][T22078] total_rss_huge 0
[  574.836101][T22272] fuse: Bad value for 'rootmode'
[  574.837497][T22078] total_shmem 292052992
[  574.846304][T22078] total_mapped_file 0
[  574.855580][T22078] total_dirty 0
[  574.863475][T22078] total_writeback 4096
[  574.889476][T22078] total_workingset_refault_anon 87
[  574.907729][T22078] total_workingset_refault_file 0
[  574.931524][T22078] total_swap 127913984
[  574.941440][T22078] total_swapcached 81920
[  574.946437][T22078] total_pgpgin 199632
[  574.952760][T22078] total_pgpgout 128295
[  574.962155][T22078] total_pgfault 17081
[  574.971666][T22078] total_pgmajfault 40
[  574.990842][T22078] total_inactive_anon 157556736
[  575.003358][T22078] total_active_anon 134328320
[  575.010223][T22078] total_inactive_file 0
[  575.015057][T22078] total_active_file 0
[  575.019141][T22078] total_unevictable 0
[  575.023181][T22078] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22064,uid=0
[  575.039374][T22078] Memory cgroup out of memory: Killed process 22064 (syz.5.7189) total-vm:90104kB, anon-rss:1008kB, file-rss:57520kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000
[  575.139838][T22274] syz.5.7246 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  575.144377][   T45] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  575.165139][T22274] CPU: 0 UID: 0 PID: 22274 Comm: syz.5.7246 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  575.165183][T22274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  575.165201][T22274] Call Trace:
[  575.165210][T22274]  <TASK>
[  575.165221][T22274]  __dump_stack+0x21/0x30
[  575.165263][T22274]  dump_stack_lvl+0x10c/0x190
[  575.165297][T22274]  ? __cfi_dump_stack_lvl+0x10/0x10
[  575.165331][T22274]  ? ___ratelimit+0x3f7/0x5a0
[  575.165367][T22274]  dump_stack+0x19/0x20
[  575.165399][T22274]  dump_header+0xd7/0x490
[  575.165429][T22274]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  575.165464][T22274]  oom_kill_process+0x4c0/0x7e0
[  575.165495][T22274]  ? sched_clock_cpu+0x75/0x400
[  575.165530][T22274]  out_of_memory+0x7ee/0xbd0
[  575.165559][T22274]  ? __cfi_out_of_memory+0x10/0x10
[  575.165587][T22274]  ? mutex_lock_killable+0x92/0x1c0
[  575.165613][T22274]  ? __cfi_mutex_lock_killable+0x10/0x10
[  575.165640][T22274]  mem_cgroup_out_of_memory+0x279/0x350
[  575.165676][T22274]  ? drain_obj_stock+0xed0/0xed0
[  575.165702][T22274]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  575.165726][T22274]  try_charge_memcg+0x8f7/0xde0
[  575.165761][T22274]  ? rcu_read_unlock_special+0xab/0x480
[  575.165795][T22274]  ? __cfi_try_charge_memcg+0x10/0x10
[  575.165824][T22274]  ? __alloc_pages_noprof+0x31f/0x7b0
[  575.165855][T22274]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  575.165887][T22274]  __mem_cgroup_charge+0xf6/0x410
[  575.165925][T22274]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  575.165962][T22274]  ? do_vfs_ioctl+0x1713/0x1e30
[  575.166001][T22274]  folio_prealloc+0x67/0x240
[  575.166031][T22274]  do_pte_missing+0x164c/0x4240
[  575.166062][T22274]  ? pte_marker_clear+0x1b0/0x1b0
[  575.166093][T22274]  ? __pte_offset_map+0x1b0/0x230
[  575.166128][T22274]  ? pte_offset_map_rw_nolock+0xba/0x110
[  575.166164][T22274]  handle_mm_fault+0x1166/0x1b90
[  575.166194][T22274]  ? __cfi_handle_mm_fault+0x10/0x10
[  575.166219][T22274]  ? lock_vma_under_rcu+0x49d/0x530
[  575.166249][T22274]  ? __fget_files+0x2c5/0x340
[  575.166276][T22274]  do_user_addr_fault+0x96c/0x1200
[  575.166316][T22274]  exc_page_fault+0x59/0xc0
[  575.166343][T22274]  asm_exc_page_fault+0x2b/0x30
[  575.166366][T22274] RIP: 0033:0x7fd308e4e1ee
[  575.166388][T22274] Code: f6 31 c0 e8 b4 f2 13 00 48 81 c4 90 00 00 00 48 98 5b c3 66 0f 1f 84 00 00 00 00 00 41 54 55 53 48 89 fb 48 81 ec d0 00 00 00 <48> 89 74 24 28 48 89 54 24 30 48 89 4c 24 38 4c 89 44 24 40 4c 89
[  575.166411][T22274] RSP: 002b:00007fd309e7ff70 EFLAGS: 00010202
[  575.166435][T22274] RAX: 0000000000000000 RBX: 00007fd309013167 RCX: 00007fd309022eef
[  575.166454][T22274] RDX: 0000000000004d4d RSI: 0000000000000000 RDI: 00007fd309013167
[  575.166472][T22274] RBP: 00007fd3091b5fa0 R08: 000000002c77ccf8 R09: 7fffffffffffffff
[  575.166493][T22274] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  575.166510][T22274] R13: 00007fd3091b6038 R14: 00007fd3091b5fa0 R15: 00007fff946d9428
[  575.166533][T22274]  </TASK>
[  575.166596][T22274] memory: usage 307196kB, limit 307200kB, failcnt 35909
[  575.413462][   T45] usb 5-1: Using ep0 maxpacket: 32
[  575.624578][T22294] rust_binder: 453: no such ref 0
[  575.654358][   T45] usb 5-1: config 0 has no interfaces?
[  575.659903][   T45] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  575.674333][T22274] memory+swap: usage 403372kB, limit 9007199254740988kB, failcnt 0
[  575.753206][T22274] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  575.762345][T22297] 9pnet_fd: Insufficient options for proto=fd
[  575.768605][   T45] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.793652][T22274] Memory cgroup stats for /syz5:
[  575.793853][T22274] cache 295809024
[  575.820149][   T45] usb 5-1: config 0 descriptor??
[  575.865093][T22274] rss 294912
[  575.868361][T22274] rss_huge 0
[  575.904387][T22274] shmem 295809024
[  575.908097][T22274] mapped_file 0
[  575.954450][T22274] dirty 0
[  575.957466][T22274] writeback 4096
[  575.961040][T22274] workingset_refault_anon 114
[  576.006070][T22274] workingset_refault_file 0
[  576.022797][T22274] swap 127852544
[  576.034204][T22274] swapcached 143360
[  576.058441][T22274] pgpgin 212976
[  576.091847][T22274] pgpgout 140658
[  576.119702][T22274] pgfault 17621
[  576.153849][T22274] pgmajfault 67
[  576.167206][T22274] inactive_anon 79564800
[  576.171543][T22274] active_anon 215453696
[  576.214371][T22274] inactive_file 0
[  576.244331][T22274] active_file 0
[  576.247876][T22274] unevictable 0
[  576.294372][T22274] hierarchical_memory_limit 314572800
[  576.299813][T22274] hierarchical_memsw_limit 9223372036854771712
[  576.372572][T22274] total_cache 295809024
[  576.404345][T22274] total_rss 294912
[  576.408118][T22274] total_rss_huge 0
[  576.428111][T22274] total_shmem 295809024
[  576.432324][T22274] total_mapped_file 0
[  576.462654][T22274] total_dirty 0
[  576.474345][T22274] total_writeback 4096
[  576.478465][T22274] total_workingset_refault_anon 114
[  576.514053][T22274] total_workingset_refault_file 0
[  576.534263][T22274] total_swap 127852544
[  576.550462][T22274] total_swapcached 143360
[  576.573346][T22274] total_pgpgin 212976
[  576.583775][T22274] total_pgpgout 140658
[  576.599343][T22274] total_pgfault 17621
[  576.603388][T22274] total_pgmajfault 67
[  576.611635][T22307] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  576.624383][T22274] total_inactive_anon 79564800
[  576.629208][T22274] total_active_anon 215453696
[  576.633921][T22274] total_inactive_file 0
[  576.648668][T22307] tipc: Disabling bearer <eth:syzkaller0>
[  576.675507][T22274] total_active_file 0
[  576.679566][T22274] total_unevictable 0
[  576.683575][T22274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.7189,pid=22069,uid=0
[  576.704358][T22016] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  576.747524][T22274] Memory cgroup out of memory: Killed process 22069 (syz.5.7189) total-vm:90104kB, anon-rss:880kB, file-rss:59824kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000
[  576.940415][T22016] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  576.992442][T22016] usb 7-1: config 0 has no interfaces?
[  577.044396][T22016] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  577.084774][T22016] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  577.098127][T22314] 9pnet_fd: Insufficient options for proto=fd
[  577.143941][T22016] usb 7-1: Product: syz
[  577.174376][T22016] usb 7-1: Manufacturer: syz
[  577.179035][T22016] usb 7-1: SerialNumber: syz
[  577.205268][T22016] usb 7-1: config 0 descriptor??
[  577.379378][   T36] kauditd_printk_skb: 484 callbacks suppressed
[  577.379399][   T36] audit: type=1400 audit(2000000531.438:31719): avc:  denied  { read } for  pid=22318 comm="syz.5.7258" name="binder1" dev="binder" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  577.455519][T22319] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7258'.
[  577.529544][   T36] audit: type=1400 audit(2000000531.438:31720): avc:  denied  { read open } for  pid=22318 comm="syz.5.7258" path="/dev/binderfs/binder1" dev="binder" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  577.565043][ T2556] macsec0: left allmulticast mode
[  577.570133][ T2556] veth1_macvtap: left allmulticast mode
[  577.633800][ T2556] macsec0: left promiscuous mode
[  577.661671][   T36] audit: type=1400 audit(2000000531.488:31721): avc:  denied  { create } for  pid=22318 comm="syz.5.7258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  577.664689][ T2556] bridge0: port 4(macsec0) entered disabled state
[  577.695590][   T45] usb 5-1: USB disconnect, device number 18
[  577.799951][   T36] audit: type=1400 audit(2000000531.578:31722): avc:  denied  { read write } for  pid=20238 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  577.845368][ T2556] veth0_to_bond: left allmulticast mode
[  577.850998][ T2556] veth0_to_bond: left promiscuous mode
[  577.884481][ T2556] bridge0: port 3(veth0_to_bond) entered disabled state
[  577.893784][ T2556] bridge_slave_1: left allmulticast mode
[  577.909667][   T36] audit: type=1400 audit(2000000531.578:31723): avc:  denied  { read write open } for  pid=20238 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  577.939056][ T2556] bridge_slave_1: left promiscuous mode
[  577.964462][ T2556] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.989467][ T2556] bridge_slave_0: left allmulticast mode
[  577.996374][ T2556] bridge_slave_0: left promiscuous mode
[  578.007649][   T36] audit: type=1400 audit(2000000531.578:31724): avc:  denied  { ioctl } for  pid=20238 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  578.044320][ T2556] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.110966][   T36] audit: type=1400 audit(2000000531.618:31725): avc:  denied  { read } for  pid=22304 comm="syz.6.7254" dev="nsfs" ino=4026532295 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  578.145983][T22336] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7262'.
[  578.168668][   T36] audit: type=1400 audit(2000000531.618:31726): avc:  denied  { read open } for  pid=22304 comm="syz.6.7254" path="net:[4026532295]" dev="nsfs" ino=4026532295 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  578.196089][T22335] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 0
[  578.202700][T22336] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7262'.
[  578.250579][T22335] rust_binder: Write failure EINVAL in pid:472
[  578.254824][   T36] audit: type=1400 audit(2000000531.618:31727): avc:  denied  { create } for  pid=22304 comm="syz.6.7254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  578.283636][   T36] audit: type=1400 audit(2000000531.638:31728): avc:  denied  { read write } for  pid=22318 comm="syz.5.7258" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  578.325401][ T2556] veth1_macvtap: left promiscuous mode
[  578.331063][ T2556] veth0_vlan: left promiscuous mode
[  578.793028][T22359] fuse: Unknown parameter '�ser_id'
[  578.924359][T22042] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  579.084367][T22042] usb 5-1: Using ep0 maxpacket: 32
[  579.094123][T22042] usb 5-1: unable to get BOS descriptor or descriptor too short
[  579.105223][T22042] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  579.115435][T22042] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  579.127549][T22042] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  579.136770][T22042] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.144816][T22042] usb 5-1: Product: syz
[  579.149071][T22042] usb 5-1: Manufacturer: syz
[  579.153761][T22042] usb 5-1: SerialNumber: syz
[  579.512989][T22380] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:488
[  579.606329][T22042] usb 5-1: skipping empty audio interface (v1)
[  579.641853][T22042] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  579.657144][T22042] usb 5-1: USB disconnect, device number 19
[  579.677562][T21641] udevd[21641]: setting owner of /dev/bus/usb/005/019 to uid=0, gid=0 failed: No such file or directory
[  579.705473][T22388] netlink: 'syz.1.7276': attribute type 11 has an invalid length.
[  579.896807][T21641] udevd[21641]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  580.064351][T22399] rust_binder: Failed to allocate buffer. len:96, is_oneway:true
[  580.416398][T22412] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  580.499755][T22415] vcan0: entered allmulticast mode
[  580.531440][T22414] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7287'.
[  580.584361][T22407] tipc: Disabling bearer <eth:syzkaller0>
[  580.844685][T22426] TCP: TCP_TX_DELAY enabled
[  581.108571][T22042] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  581.119514][T22438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  581.144578][T22438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  581.245102][T22452] /dev/rnullb0: Can't open blockdev
[  581.304389][T22042] usb 6-1: Using ep0 maxpacket: 32
[  581.321151][T22042] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  581.337747][T22042] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  581.347394][T22042] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  581.357427][T22042] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  581.368143][T22042] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  581.379119][T22042] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  581.392926][T22042] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  581.404099][T22042] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.415295][T22042] usb 6-1: config 0 descriptor??
[  581.524358][   T45] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  581.631799][T22042] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  581.683119][   T45] usb 5-1: Using ep0 maxpacket: 32
[  581.705680][   T45] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  581.736577][   T45] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  581.762006][   T45] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  581.777135][   T45] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  581.792019][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.801713][   T45] usb 5-1: Product: syz
[  581.806777][   T45] usb 5-1: Manufacturer: syz
[  581.811568][   T45] usb 5-1: SerialNumber: syz
[  581.838047][T22042] usb 6-1: USB disconnect, device number 6
[  581.874585][T22042] usblp0: removed
[  582.226038][ T2556] bridge_slave_1: left allmulticast mode
[  582.231948][ T2556] bridge_slave_1: left promiscuous mode
[  582.239907][ T2556] bridge0: port 2(bridge_slave_1) entered disabled state
[  582.248735][ T2556] bridge_slave_0: left allmulticast mode
[  582.254734][ T2556] bridge_slave_0: left promiscuous mode
[  582.260480][ T2556] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.377756][ T2556] tipc: Left network mode
[  582.396093][   T36] kauditd_printk_skb: 713 callbacks suppressed
[  582.396114][   T36] audit: type=1400 audit(2000000536.458:32442): avc:  denied  { sys_module } for  pid=22464 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  582.425433][ T2556] veth1_macvtap: left promiscuous mode
[  582.435392][ T2556] >: left promiscuous mode
[  582.437696][   T36] audit: type=1400 audit(2000000536.488:32443): avc:  denied  { ioctl } for  pid=22453 comm="syz.4.7300" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  582.465563][   T36] audit: type=1400 audit(2000000536.488:32444): avc:  denied  { ioctl } for  pid=22453 comm="syz.4.7300" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  582.505998][   T36] audit: type=1400 audit(2000000536.498:32445): avc:  denied  { read } for  pid=22465 comm="syz.5.7306" name="binder0" dev="binder" ino=35 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  582.534977][   T36] audit: type=1400 audit(2000000536.498:32446): avc:  denied  { read open } for  pid=22465 comm="syz.5.7306" path="/dev/binderfs/binder0" dev="binder" ino=35 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  582.569827][T22466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:165
[  582.571798][   T36] audit: type=1400 audit(2000000536.498:32447): avc:  denied  { read } for  pid=22465 comm="syz.5.7306" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  582.605662][   T36] audit: type=1400 audit(2000000536.498:32448): avc:  denied  { read open } for  pid=22465 comm="syz.5.7306" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  582.630456][   T36] audit: type=1400 audit(2000000536.498:32449): avc:  denied  { ioctl } for  pid=22465 comm="syz.5.7306" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  582.660251][   T36] audit: type=1400 audit(2000000536.598:32450): avc:  denied  { read write } for  pid=22465 comm="syz.5.7306" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  582.690190][   T36] audit: type=1400 audit(2000000536.598:32451): avc:  denied  { read write open } for  pid=22465 comm="syz.5.7306" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  582.733175][T22464] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.741929][T22464] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.749713][T22464] bridge_slave_0: entered allmulticast mode
[  582.756241][T22464] bridge_slave_0: entered promiscuous mode
[  582.766713][T22464] bridge0: port 2(bridge_slave_1) entered blocking state
[  582.773836][T22464] bridge0: port 2(bridge_slave_1) entered disabled state
[  582.790847][T22464] bridge_slave_1: entered allmulticast mode
[  582.797380][T22464] bridge_slave_1: entered promiscuous mode
[  582.808748][T22472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.817745][T22472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  583.045931][T22479] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  583.052582][T22464] bridge0: port 2(bridge_slave_1) entered blocking state
[  583.062158][T22464] bridge0: port 2(bridge_slave_1) entered forwarding state
[  583.069536][T22464] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.076616][T22464] bridge0: port 1(bridge_slave_0) entered forwarding state
[  583.168406][ T2556] bridge0: port 1(bridge_slave_0) entered disabled state
[  583.177859][ T2556] bridge0: port 2(bridge_slave_1) entered disabled state
[  583.225805][ T2574] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.232904][ T2574] bridge0: port 1(bridge_slave_0) entered forwarding state
[  583.249028][ T2574] bridge0: port 2(bridge_slave_1) entered blocking state
[  583.256160][ T2574] bridge0: port 2(bridge_slave_1) entered forwarding state
[  583.458120][T22464] veth0_vlan: entered promiscuous mode
[  583.597415][T22464] veth1_macvtap: entered promiscuous mode
[  583.709515][   T45] cdc_ncm 5-1:1.0: bind() failure
[  583.716104][   T45] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  583.733617][   T45] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  583.760393][   T45] usb 5-1: USB disconnect, device number 20
[  584.132991][T22524] rust_binder: Write failure EFAULT in pid:2
[  584.206436][T22529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.226577][T22529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.754475][   T45] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  584.805977][T22543] loop7: detected capacity change from 0 to 7
[  584.812508][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  584.821723][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  584.833298][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  584.842539][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  584.851482][T22543]  loop7: unable to read partition table
[  584.857328][T22543] loop_reread_partitions: partition scan of loop7 () failed (rc=-5)
[  584.874341][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  584.883662][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  584.893527][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  584.902829][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  584.904398][   T45] usb 6-1: device descriptor read/64, error -71
[  584.912776][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  584.926214][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  584.938638][T22547] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  584.945734][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  584.945775][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  584.964320][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  584.973482][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  584.984905][T22547] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 144, size: 97)
[  584.984933][T22547] rust_binder: Error while translating object.
[  585.010292][T22547] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  585.017200][T22547] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:7
[  585.026740][T22548] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  585.052565][T22548] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:7
[  585.091960][T22547] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:7
[  585.144816][T22547] 9pnet_virtio: no channels available for device /dev/rnullb0
[  585.214998][   T45] usb 6-1: device descriptor read/64, error -71
[  585.464410][   T45] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  585.604404][   T45] usb 6-1: device descriptor read/64, error -71
[  585.844393][   T45] usb 6-1: device descriptor read/64, error -71
[  585.954492][   T45] usb usb6-port1: attempt power cycle
[  586.110350][T22562] binder: Bad value for 'stats'
[  586.181624][T22564] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  586.193991][T22564] rust_binder: Read failure Err(EFAULT) in pid:295
[  586.201639][T22564] netlink: 292 bytes leftover after parsing attributes in process `syz.4.7330'.
[  586.261670][T22567] 9pnet: p9_errstr2errno: server reported unknown error 1844674407
[  586.304361][   T45] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  586.354144][   T45] usb 6-1: device descriptor read/8, error -71
[  586.497077][   T45] usb 6-1: device descriptor read/8, error -71
[  586.764411][   T45] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  586.774415][T21008] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  586.786648][   T45] usb 6-1: device descriptor read/8, error -71
[  586.927746][   T45] usb 6-1: device descriptor read/8, error -71
[  586.932490][T21008] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  586.943091][T21008] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.951208][T21008] usb 5-1: Product: syz
[  586.955443][T21008] usb 5-1: Manufacturer: syz
[  586.960042][T21008] usb 5-1: SerialNumber: syz
[  587.034504][   T45] usb usb6-port1: unable to enumerate USB device
[  587.487225][   T36] kauditd_printk_skb: 649 callbacks suppressed
[  587.487248][   T36] audit: type=1400 audit(2000000541.538:33101): avc:  denied  { read write } for  pid=21940 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  587.536773][   T36] audit: type=1400 audit(2000000541.548:33102): avc:  denied  { read write open } for  pid=21940 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  587.564326][   T36] audit: type=1400 audit(2000000541.548:33103): avc:  denied  { ioctl } for  pid=21940 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  587.597864][T22609] audit: audit_backlog=65 > audit_backlog_limit=64
[  587.598071][T22610] audit: audit_backlog=65 > audit_backlog_limit=64
[  587.604573][T22609] audit: audit_lost=120 audit_rate_limit=0 audit_backlog_limit=64
[  587.611090][T22610] audit: audit_lost=121 audit_rate_limit=0 audit_backlog_limit=64
[  587.620846][   T36] audit: type=1400 audit(2000000541.598:33104): avc:  denied  { create } for  pid=22605 comm="syz.4.7333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  587.628945][T22611] audit: audit_backlog=65 > audit_backlog_limit=64
[  587.648680][T22609] audit: backlog limit exceeded
[  587.929198][T21008] rust_binder: 22615: removing orphan mapping 0:8
[  588.577319][T22639] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7343'.
[  588.786341][T22652] can: request_module (can-proto-3) failed.
[  588.959269][T22654] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7348'.
[  588.990559][T22654] netlink: 'syz.6.7348': attribute type 27 has an invalid length.
[  589.048682][T22654] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  589.494229][T22678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  589.503300][T22678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  589.544255][T22016] usb 5-1: USB disconnect, device number 21
[  589.623802][T22684] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  589.625660][T22684] rust_binder: Failed to allocate buffer. len:24, is_oneway:false
[  589.688285][T22688] fuse: Unknown parameter 'P&�͹�-�I/9�
q��ɾ�놨
�6fPR)e��/��@h���V��ϤV�q4�j�7�a������:>)|
[  589.688285][T22688] Z-jn(�K���c5�j`'
[  589.811287][T22692] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  589.914374][  T675] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  590.079780][  T675] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  590.101826][  T675] usb 2-1: config 0 has no interfaces?
[  590.112651][  T675] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  590.130386][  T675] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  590.139986][  T675] usb 2-1: Product: syz
[  590.145010][  T675] usb 2-1: Manufacturer: syz
[  590.149672][  T675] usb 2-1: SerialNumber: syz
[  590.167655][  T675] usb 2-1: config 0 descriptor??
[  590.536829][T22686] bridge0: port 2(bridge_slave_1) entered disabled state
[  590.544166][T22686] bridge0: port 1(bridge_slave_0) entered disabled state
[  590.616788][   T45] usb 2-1: USB disconnect, device number 71
[  590.887711][T22739] 9pnet_fd: Insufficient options for proto=fd
[  590.939005][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=57 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  590.952417][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=62 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  590.971034][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  590.986223][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  591.006242][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=33 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  591.046406][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  591.062628][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  591.077374][T22743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pid=22743 comm=syz.4.7378
[  591.409298][T22765] rust_binder: 22760 RLIMIT_NICE not set
[  591.421303][  T675] rust_binder: 22759: removing orphan mapping 0:24
[  591.725213][T22778] rust_binder: Write failure EFAULT in pid:259
[  591.813268][T22783] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  592.161474][T22793] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  592.373418][T22799] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:376
[  592.504339][   T36] kauditd_printk_skb: 1244 callbacks suppressed
[  592.504365][   T36] audit: type=1400 audit(2000000546.558:34217): avc:  denied  { read write } for  pid=21940 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  592.614338][   T36] audit: type=1400 audit(2000000546.558:34218): avc:  denied  { read write open } for  pid=21940 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  592.659867][   T36] audit: type=1400 audit(2000000546.558:34219): avc:  denied  { ioctl } for  pid=21940 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  592.704350][ T7538] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  592.725645][T22805] binder: Bad value for 'max'
[  592.727885][   T36] audit: type=1400 audit(2000000546.628:34220): avc:  denied  { create } for  pid=22801 comm="syz.5.7397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  592.765782][T22806] loop7: detected capacity change from 0 to 7
[  592.814430][   T36] audit: type=1400 audit(2000000546.648:34221): avc:  denied  { ioctl } for  pid=22798 comm="syz.4.7395" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  592.841141][   T36] audit: type=1400 audit(2000000546.658:34222): avc:  denied  { read write } for  pid=22464 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  592.888187][   T36] audit: type=1400 audit(2000000546.658:34223): avc:  denied  { read write open } for  pid=22464 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  592.921836][ T7538] usb 5-1: unable to get BOS descriptor or descriptor too short
[  592.936169][ T7538] usb 5-1: not running at top speed; connect to a high speed hub
[  592.939360][   T36] audit: type=1400 audit(2000000546.658:34224): avc:  denied  { ioctl } for  pid=22464 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  592.967472][ T7538] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  592.986760][   T36] audit: type=1400 audit(2000000546.668:34225): avc:  denied  { read } for  pid=22801 comm="syz.5.7397" dev="nsfs" ino=4026532306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  592.998570][ T7538] usb 5-1: config 1 has no interface number 1
[  593.009584][   T36] audit: type=1400 audit(2000000546.668:34226): avc:  denied  { read open } for  pid=22801 comm="syz.5.7397" path="net:[4026532306]" dev="nsfs" ino=4026532306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  593.051823][ T7538] usb 5-1: too many endpoints for config 1 interface 2 altsetting 2: 56, using maximum allowed: 30
[  593.069784][ T7538] usb 5-1: config 1 interface 2 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 56
[  593.084771][ T7538] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1552, setting to 1023
[  593.100642][ T7538] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  593.116970][ T7538] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.133781][ T7538] usb 5-1: Product: syz
[  593.146091][ T7538] usb 5-1: Manufacturer: syz
[  593.161759][ T7538] usb 5-1: SerialNumber: syz
[  593.434451][ T7538] usb 5-1: USB disconnect, device number 22
[  593.648798][T21641] udevd[21641]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  593.819381][T22830] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7403'.
[  593.891811][T22831] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:278
[  594.084340][T22836] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  594.114230][T22836] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  594.132835][T22836] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  594.133622][T22842] rust_binder: 379: no such ref 2
[  594.145277][T22841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.164976][T22836] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  594.165283][T22836] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  594.180620][T22838] rust_binder: Failed to allocate buffer. len:24, is_oneway:false
[  594.191745][T22841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.265486][T22841] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7407'.
[  594.289251][T22841] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7407'.
[  594.304961][T22841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.318258][T22841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.330986][T22841] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22841 comm=syz.6.7407
[  594.442731][T22850] futex_wake_op: syz.5.7410 tries to shift op by 32; fix this program
[  594.464347][ T7538] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  594.624343][ T7538] usb 2-1: Using ep0 maxpacket: 32
[  594.636718][ T7538] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  594.654597][ T7538] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  594.671270][ T7538] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  594.690864][ T7538] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  594.711512][ T7538] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  594.731955][ T7538] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  594.751597][ T7538] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  594.761826][ T7538] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.772863][ T7538] usb 2-1: config 0 descriptor??
[  594.993986][T22864] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  594.994011][T22864] rust_binder: Read failure Err(EFAULT) in pid:384
[  595.101154][ T7538] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 72 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  595.159692][ T7538] usb 2-1: USB disconnect, device number 72
[  595.177770][ T7538] usblp0: removed
[  595.201086][T22876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.211323][ T2574] Bluetooth: hci0: Frame reassembly failed (-84)
[  595.219900][T22876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.227024][T22872] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  595.270227][T22874] rust_binder: 300: no such ref 0
[  595.398508][T22889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.424568][T22889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.844356][T22042] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  595.994349][T22042] usb 5-1: Using ep0 maxpacket: 16
[  596.001775][T22042] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[  596.013714][T22042] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  596.022899][T22042] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.031011][T22042] usb 5-1: Product: syz
[  596.035230][T22042] usb 5-1: Manufacturer: syz
[  596.039972][T22042] usb 5-1: SerialNumber: syz
[  596.048934][T22042] usb 5-1: config 0 descriptor??
[  596.074227][T22042] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  596.084472][T22042] usb 5-1: Detected FT232R
[  596.241717][T22912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.272295][T22042] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  596.273505][T22912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  596.391138][T22924] binder: Unknown parameter '00000000000000000000000'
[  596.512826][T22900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.535441][T22900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  596.712778][T22932] netlink: 'syz.6.7434': attribute type 11 has an invalid length.
[  596.968439][T22943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.994538][T22943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.099160][T22951] x_tables: unsorted underflow at hook 2
[  597.145472][T22953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.167437][T22953] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.178473][T22954] rust_binder: Failed to allocate buffer. len:24, is_oneway:false
[  597.214363][ T6118] Bluetooth: hci0: command 0x1003 tx timeout
[  597.224550][T21753] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  597.442805][T22042] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71
[  597.466211][T22042] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  597.484455][T22042] usb 5-1: USB disconnect, device number 23
[  597.494096][T22042] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  597.522437][T22042] ftdi_sio 5-1:0.0: device disconnected
[  597.541776][   T36] kauditd_printk_skb: 811 callbacks suppressed
[  597.541798][   T36] audit: type=1400 audit(2000000551.598:35038): avc:  denied  { read write } for  pid=21940 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  597.634122][   T36] audit: type=1400 audit(2000000551.598:35039): avc:  denied  { read write open } for  pid=21940 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  597.725207][   T36] audit: type=1400 audit(2000000551.598:35040): avc:  denied  { ioctl } for  pid=21940 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  597.794938][   T36] audit: type=1400 audit(2000000551.628:35041): avc:  denied  { create } for  pid=22961 comm="syz.5.7444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  597.873687][   T36] audit: type=1400 audit(2000000551.628:35042): avc:  denied  { setopt } for  pid=22961 comm="syz.5.7444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  597.891228][T22980] rust_binder: Got transaction with invalid offset.
[  597.904432][T22980] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  597.912334][T22980] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:319
[  597.963834][   T36] audit: type=1400 audit(2000000551.658:35043): avc:  denied  { read write } for  pid=21940 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  598.045236][T22985] audit: audit_backlog=65 > audit_backlog_limit=64
[  598.058749][T21338] audit: audit_backlog=65 > audit_backlog_limit=64
[  598.072169][T22985] audit: audit_lost=166 audit_rate_limit=0 audit_backlog_limit=64
[  598.080117][T21338] audit: audit_lost=167 audit_rate_limit=0 audit_backlog_limit=64
[  598.196784][T22988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.233391][T22988] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.387657][T23003] /dev/rnullb0: Can't open blockdev
[  598.598757][T23009] rust_binder: Write failure EINVAL in pid:82
[  598.625429][ T2557] Bluetooth: hci0: Frame reassembly failed (-84)
[  598.646882][T23012] incfs: Unexpected inode type
[  598.785690][T23012] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:325
[  598.806077][T22016] rust_binder: 23010: removing orphan mapping 0:24
[  598.852587][T22016] rust_binder: 0: removing orphan mapping 24:1112
[  598.861351][T22761] ------------[ cut here ]------------
[  598.866989][T22761] WARNING: CPU: 1 PID: 22761 at fs/inode.c:340 drop_nlink+0xce/0x110
[  598.875244][T22761] Modules linked in:
[  598.879448][T22761] CPU: 1 UID: 0 PID: 22761 Comm: syz.5.7385 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  598.891179][T22761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  598.901329][T22761] RIP: 0010:drop_nlink+0xce/0x110
[  598.906468][T22761] Code: 04 00 00 be 08 00 00 00 e8 6f 48 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 1c 98 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[  598.926222][T22761] RSP: 0018:ffffc9000261f860 EFLAGS: 00010293
[  598.932327][T22761] RAX: ffffffff81edc76e RBX: ffff88814b920b98 RCX: ffff888130e68000
[  598.940397][T22761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  598.948555][T22761] RBP: ffffc9000261f888 R08: 0000000000000003 R09: 0000000000000004
[  598.956597][T22761] R10: dffffc0000000000 R11: fffff520004c3efc R12: dffffc0000000000
[  598.964627][T22761] R13: 1ffff1102972417c R14: ffff88814b920be0 R15: 0000000000000000
[  598.972725][T22761] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  598.981739][T22761] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  598.988390][T22761] CR2: 00007ffee30f5010 CR3: 00000000072a8000 CR4: 00000000003526b0
[  598.996448][T22761] Call Trace:
[  598.999753][T22761]  <TASK>
[  599.002710][T22761]  shmem_rmdir+0x5f/0x90
[  599.007031][T22761]  vfs_rmdir+0x3e0/0x560
[  599.011315][T22761]  incfs_kill_sb+0x109/0x230
[  599.016000][T22761]  deactivate_locked_super+0xd5/0x2a0
[  599.021416][T22761]  deactivate_super+0xb8/0xe0
[  599.026171][T22761]  cleanup_mnt+0x3f1/0x480
[  599.030669][T22761]  __cleanup_mnt+0x1d/0x40
[  599.035157][T22761]  task_work_run+0x1e3/0x250
[  599.039783][T22761]  ? __cfi_task_work_run+0x10/0x10
[  599.044962][T22761]  ? free_nsproxy+0x223/0x290
[  599.049846][T22761]  do_exit+0x9bc/0x2630
[  599.054424][T22761]  ? __sched_text_start+0x10/0x10
[  599.059486][T22761]  ? __cfi_do_exit+0x10/0x10
[  599.064122][T22761]  ? __kasan_check_write+0x18/0x20
[  599.069657][T22761]  ? _raw_spin_lock_irq+0x8d/0x120
[  599.074837][T22761]  ? __kasan_check_read+0x15/0x20
[  599.079895][T22761]  ? cgroup_update_frozen+0x160/0x990
[  599.085336][T22761]  do_group_exit+0x22a/0x300
[  599.089960][T22761]  ? cgroup_leave_frozen+0x16c/0x2b0
[  599.095294][T22761]  get_signal+0x139d/0x14f0
[  599.099844][T22761]  arch_do_signal_or_restart+0x96/0x720
[  599.105464][T22761]  ? common_nsleep+0x93/0xb0
[  599.110082][T22761]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  599.116292][T22761]  ? __se_sys_clock_nanosleep+0x300/0x390
[  599.122053][T22761]  ? __kasan_check_read+0x15/0x20
[  599.127178][T22761]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  599.133293][T22761]  syscall_exit_to_user_mode+0x58/0xb0
[  599.138837][T22761]  do_syscall_64+0x64/0xf0
[  599.143291][T22761]  ? clear_bhb_loop+0x50/0xa0
[  599.148035][T22761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  599.153964][T22761] RIP: 0033:0x7fd308fc14a5
[  599.158432][T22761] Code: Unable to access opcode bytes at 0x7fd308fc147b.
[  599.165552][T22761] RSP: 002b:00007fd309e7ff80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  599.173985][T22761] RAX: fffffffffffffdfc RBX: 00007fd3091b5fa0 RCX: 00007fd308fc14a5
[  599.182016][T22761] RDX: 00007fd309e7ffc0 RSI: 0000000000000000 RDI: 0000000000000000
[  599.190323][T22761] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  599.198580][T22761] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  599.206620][T22761] R13: 00007fd3091b6038 R14: 00007fd3091b5fa0 R15: 00007fff946d9428
[  599.214830][T22761]  </TASK>
[  599.217871][T22761] ---[ end trace 0000000000000000 ]---
[  599.223486][T22761] ==================================================================
[  599.231587][T22761] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[  599.237938][T22761] Write of size 4 at addr 0000000000000168 by task syz.5.7385/22761
[  599.246117][T22761] 
[  599.248465][T22761] CPU: 1 UID: 0 PID: 22761 Comm: syz.5.7385 Tainted: G        W          syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  599.248493][T22761] Tainted: [W]=WARN
[  599.248499][T22761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  599.248523][T22761] Call Trace:
[  599.248531][T22761]  <TASK>
[  599.248539][T22761]  __dump_stack+0x21/0x30
[  599.248566][T22761]  dump_stack_lvl+0x10c/0x190
[  599.248588][T22761]  ? __cfi_dump_stack_lvl+0x10/0x10
[  599.248612][T22761]  print_report+0x3d/0x70
[  599.248630][T22761]  kasan_report+0x163/0x1a0
[  599.248649][T22761]  ? ihold+0x24/0x70
[  599.248668][T22761]  ? _raw_spin_unlock+0x45/0x60
[  599.248690][T22761]  ? ihold+0x24/0x70
[  599.248708][T22761]  kasan_check_range+0x299/0x2a0
[  599.248727][T22761]  __kasan_check_write+0x18/0x20
[  599.248751][T22761]  ihold+0x24/0x70
[  599.248770][T22761]  vfs_rmdir+0x26a/0x560
[  599.248792][T22761]  incfs_kill_sb+0x109/0x230
[  599.248817][T22761]  deactivate_locked_super+0xd5/0x2a0
[  599.248840][T22761]  deactivate_super+0xb8/0xe0
[  599.248861][T22761]  cleanup_mnt+0x3f1/0x480
[  599.248880][T22761]  __cleanup_mnt+0x1d/0x40
[  599.248898][T22761]  task_work_run+0x1e3/0x250
[  599.248919][T22761]  ? __cfi_task_work_run+0x10/0x10
[  599.248939][T22761]  ? free_nsproxy+0x223/0x290
[  599.248962][T22761]  do_exit+0x9bc/0x2630
[  599.248991][T22761]  ? __sched_text_start+0x10/0x10
[  599.249025][T22761]  ? __cfi_do_exit+0x10/0x10
[  599.249052][T22761]  ? __kasan_check_write+0x18/0x20
[  599.249076][T22761]  ? _raw_spin_lock_irq+0x8d/0x120
[  599.249098][T22761]  ? __kasan_check_read+0x15/0x20
[  599.249121][T22761]  ? cgroup_update_frozen+0x160/0x990
[  599.249139][T22761]  do_group_exit+0x22a/0x300
[  599.249159][T22761]  ? cgroup_leave_frozen+0x16c/0x2b0
[  599.249176][T22761]  get_signal+0x139d/0x14f0
[  599.249199][T22761]  arch_do_signal_or_restart+0x96/0x720
[  599.249224][T22761]  ? common_nsleep+0x93/0xb0
[  599.249240][T22761]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  599.249265][T22761]  ? __se_sys_clock_nanosleep+0x300/0x390
[  599.249292][T22761]  ? __kasan_check_read+0x15/0x20
[  599.249316][T22761]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  599.249338][T22761]  syscall_exit_to_user_mode+0x58/0xb0
[  599.249357][T22761]  do_syscall_64+0x64/0xf0
[  599.249379][T22761]  ? clear_bhb_loop+0x50/0xa0
[  599.249397][T22761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  599.249415][T22761] RIP: 0033:0x7fd308fc14a5
[  599.249429][T22761] Code: Unable to access opcode bytes at 0x7fd308fc147b.
[  599.249438][T22761] RSP: 002b:00007fd309e7ff80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  599.249457][T22761] RAX: fffffffffffffdfc RBX: 00007fd3091b5fa0 RCX: 00007fd308fc14a5
[  599.249470][T22761] RDX: 00007fd309e7ffc0 RSI: 0000000000000000 RDI: 0000000000000000
[  599.249482][T22761] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  599.249493][T22761] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  599.249505][T22761] R13: 00007fd3091b6038 R14: 00007fd3091b5fa0 R15: 00007fff946d9428
[  599.249528][T22761]  </TASK>
[  599.249534][T22761] ==================================================================
[  599.548993][T22761] Disabling lock debugging due to kernel taint
[  599.555481][T22761] BUG: kernel NULL pointer dereference, address: 0000000000000168
[  599.563310][T22761] #PF: supervisor write access in kernel mode
[  599.569409][T22761] #PF: error_code(0x0002) - not-present page
[  599.575412][T22761] PGD 0 P4D 0 
[  599.578865][T22761] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[  599.584967][T22761] CPU: 1 UID: 0 PID: 22761 Comm: syz.5.7385 Tainted: G    B   W          syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  599.598196][T22761] Tainted: [B]=BAD_PAGE, [W]=WARN
[  599.603245][T22761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  599.613495][T22761] RIP: 0010:ihold+0x2a/0x70
[  599.618015][T22761] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 13 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 3f ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd
[  599.637651][T22761] RSP: 0018:ffffc9000261f8a0 EFLAGS: 00010246
[  599.643744][T22761] RAX: ffff888130e68000 RBX: 0000000000000000 RCX: ffff888130e68000
[  599.651729][T22761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  599.659890][T22761] RBP: ffffc9000261f8b0 R08: ffffffff8896a947 R09: 1ffffffff112d528
[  599.667961][T22761] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff88814b920ba4
[  599.676015][T22761] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  599.684185][T22761] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  599.693136][T22761] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  599.699826][T22761] CR2: 0000000000000168 CR3: 00000000072a8000 CR4: 00000000003526b0
[  599.707808][T22761] Call Trace:
[  599.711097][T22761]  <TASK>
[  599.714062][T22761]  vfs_rmdir+0x26a/0x560
[  599.718321][T22761]  incfs_kill_sb+0x109/0x230
[  599.723042][T22761]  deactivate_locked_super+0xd5/0x2a0
[  599.728690][T22761]  deactivate_super+0xb8/0xe0
[  599.733390][T22761]  cleanup_mnt+0x3f1/0x480
[  599.737906][T22761]  __cleanup_mnt+0x1d/0x40
[  599.742360][T22761]  task_work_run+0x1e3/0x250
[  599.746959][T22761]  ? __cfi_task_work_run+0x10/0x10
[  599.752080][T22761]  ? free_nsproxy+0x223/0x290
[  599.756771][T22761]  do_exit+0x9bc/0x2630
[  599.760960][T22761]  ? __sched_text_start+0x10/0x10
[  599.766001][T22761]  ? __cfi_do_exit+0x10/0x10
[  599.770667][T22761]  ? __kasan_check_write+0x18/0x20
[  599.776004][T22761]  ? _raw_spin_lock_irq+0x8d/0x120
[  599.781237][T22761]  ? __kasan_check_read+0x15/0x20
[  599.786310][T22761]  ? cgroup_update_frozen+0x160/0x990
[  599.791811][T22761]  do_group_exit+0x22a/0x300
[  599.796447][T22761]  ? cgroup_leave_frozen+0x16c/0x2b0
[  599.801775][T22761]  get_signal+0x139d/0x14f0
[  599.806324][T22761]  arch_do_signal_or_restart+0x96/0x720
[  599.811913][T22761]  ? common_nsleep+0x93/0xb0
[  599.816547][T22761]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  599.823056][T22761]  ? __se_sys_clock_nanosleep+0x300/0x390
[  599.828840][T22761]  ? __kasan_check_read+0x15/0x20
[  599.833914][T22761]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  599.840040][T22761]  syscall_exit_to_user_mode+0x58/0xb0
[  599.845539][T22761]  do_syscall_64+0x64/0xf0
[  599.849989][T22761]  ? clear_bhb_loop+0x50/0xa0
[  599.855124][T22761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  599.861227][T22761] RIP: 0033:0x7fd308fc14a5
[  599.865652][T22761] Code: Unable to access opcode bytes at 0x7fd308fc147b.
[  599.872673][T22761] RSP: 002b:00007fd309e7ff80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  599.881093][T22761] RAX: fffffffffffffdfc RBX: 00007fd3091b5fa0 RCX: 00007fd308fc14a5
[  599.889077][T22761] RDX: 00007fd309e7ffc0 RSI: 0000000000000000 RDI: 0000000000000000
[  599.897060][T22761] RBP: 00007fd309011e19 R08: 0000000000000000 R09: 0000000000000000
[  599.905125][T22761] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  599.913194][T22761] R13: 00007fd3091b6038 R14: 00007fd3091b5fa0 R15: 00007fff946d9428
[  599.921190][T22761]  </TASK>
[  599.924214][T22761] Modules linked in:
[  599.928109][T22761] CR2: 0000000000000168
[  599.932257][T22761] ---[ end trace 0000000000000000 ]---
[  599.937710][T22761] RIP: 0010:ihold+0x2a/0x70
[  599.942251][T22761] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 13 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 3f ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd
[  599.961862][T22761] RSP: 0018:ffffc9000261f8a0 EFLAGS: 00010246
[  599.967958][T22761] RAX: ffff888130e68000 RBX: 0000000000000000 RCX: ffff888130e68000
[  599.975954][T22761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  599.983990][T22761] RBP: ffffc9000261f8b0 R08: ffffffff8896a947 R09: 1ffffffff112d528
[  599.991980][T22761] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff88814b920ba4
[  600.000023][T22761] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  600.008005][T22761] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  600.016975][T22761] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  600.023561][T22761] CR2: 0000000000000168 CR3: 00000000072a8000 CR4: 00000000003526b0
[  600.031541][T22761] Kernel panic - not syncing: Fatal exception
[  600.038056][T22761] Kernel Offset: disabled
[  600.042384][T22761] Rebooting in 86400 seconds..