last executing test programs:

4m52.651770936s ago: executing program 3 (id=54):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0xbe7}], 0x1, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x8000000000000)
ioctl$ASHMEM_SET_NAME(r2, 0x41007701, &(0x7f00000002c0)='/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='binder\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@uuid_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)

4m51.769726982s ago: executing program 3 (id=62):
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000200)=@known='system.posix_acl_default\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$bpf(0x0, 0x0, 0x0, 0x5085040, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRESHEX=0x0, @ANYBLOB=',\x00'])
r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x31b})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000400000004"])
r2 = socket$inet_udp(0x2, 0x2, 0x0)
fstat(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setreuid(r3, r3)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0xb, 0x0, 0x8e, 0x0, 0x0, 0x2000000}})
r5 = eventfd2(0x8, 0x1)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r5, 0x4})
mount(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000000)='befs\x00', 0x804000, &(0x7f0000000100))
mount$tmpfs(0x0, 0x0, 0x0, 0x400, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r6, &(0x7f0000006b40)={0x2020}, 0x206e)

4m51.748607352s ago: executing program 3 (id=65):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
unshare(0x62040200)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000100)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x108880, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x5479, 0x1035, 0x200000000006, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0xbf4, 0xfff, 0x8000000000005, 0x800000068], 0x2000, 0x80cd4})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, 0x0})
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, 0x0, 0x8000)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x2, &(0x7f0000000200)=[{0x6, 0x20, 0xfb, 0x6}, {0x56, 0x0, 0x5c, 0xff}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0x184)
flock(0xffffffffffffffff, 0x1780f9c373410dea)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r8, 0x0, {0x0, 0x0, 0x0, 0x2a, 0x4000000000000ffb, 0x0, 0x0, 0x9, 0xc, "faf98317e5a114d989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfff, 0x40000000a]}})
writev(r0, &(0x7f0000001580)=[{&(0x7f0000000280)="f2198d6980a7", 0x6}], 0x1)

4m51.487631874s ago: executing program 3 (id=69):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', 0x0)
chroot(&(0x7f00000002c0)='./file0/../file0/../file0/../file0\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_X2APIC_API(r4, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x3})
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000100)={0xf000, 0xeeef0000, 0x9, 0x0, 0x7962})
pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00')
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
recvmsg(r2, &(0x7f00000004c0)={&(0x7f0000000180)=@generic, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/62, 0x3e}, {&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/80, 0x50}, {&(0x7f0000000340)=""/100, 0x64}], 0x4, &(0x7f0000000400)=""/176, 0xb0}, 0x12121)
setsockopt$sock_linger(r5, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close_range(r0, 0xffffffffffffffff, 0x0)

4m51.403129505s ago: executing program 3 (id=70):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6082, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x1000007fd)

4m51.225831426s ago: executing program 3 (id=71):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
r1 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
mkdir(&(0x7f00000008c0)='./bus\x00', 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r3, &(0x7f00000000c0)=""/55, 0x37)
lseek(r3, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/249, 0xf9, 0x2, 0x4}, @fda={0x66646185, 0x7, 0x0, 0x12}, @fda={0x66646185, 0x4, 0x0, 0x23}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

4m51.211244626s ago: executing program 32 (id=71):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
r1 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
mkdir(&(0x7f00000008c0)='./bus\x00', 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r3, &(0x7f00000000c0)=""/55, 0x37)
lseek(r3, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/249, 0xf9, 0x2, 0x4}, @fda={0x66646185, 0x7, 0x0, 0x12}, @fda={0x66646185, 0x4, 0x0, 0x23}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

5.717524711s ago: executing program 1 (id=4674):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x1e1802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ppoll(&(0x7f0000000040)=[{r0, 0x2380}], 0x1f, 0x0, 0x0, 0xffffffffffffffe8)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d7379737465225f75dd47d0b90b893a03ffdf"]) (async)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d7379737465225f75dd47d0b90b893a03ffdf"])
syz_usb_connect(0x6, 0x3dc, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xbe, 0xb7, 0x68, 0x40, 0x5246, 0xc1d0, 0xb131, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3ca, 0x1, 0xb, 0x2, 0x0, 0xe, [{{0x9, 0x4, 0x19, 0x8, 0xd, 0x7, 0x1, 0x1, 0x40, [@cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, "85b9ed"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x9, 0xa, 0x3, 0x40}, {0x6, 0x24, 0x1a, 0x0, 0x4}, [@mdlm_detail={0x32, 0x24, 0x13, 0x24, "11dcdd9225b4ba04ec64f29f4db73b75de95f3d486a010c5a79d51adf590c7840ee38125007c8182c34f6a6bc405"}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x6, 0x5, 0x80}, @mbim_extended={0x8, 0x24, 0x1c, 0xa1a5, 0xde, 0x6c2}, @mbim={0xc, 0x24, 0x1b, 0x4, 0x80, 0x53, 0x81, 0x7f, 0x6}, @mbim={0xc, 0x24, 0x1b, 0xdd5d, 0xb, 0x8, 0xf, 0x7, 0x3}, @mdlm_detail={0x8b, 0x24, 0x13, 0x1, "de1b64da53e518cee4daf82103cd263d1f6e9ff69f3323862b30b316b1b3d2b8080d7c8f76e1d86e403a96087ae8156f43427172a5131d827e6825241aee3004f24b87cead4975bb8658b98b7f07df938ef6d987d4f97ef01898693f32b05ac0ac0676344be67ae72ed455c01198d416b6001a9c12e65e736ba37b399c4629d62edb5dfd0d88d0"}]}], [{{0x9, 0x5, 0xd, 0x10, 0x3f7, 0x4, 0x0, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x6886}]}}, {{0x9, 0x5, 0x4, 0x8, 0x8, 0x3, 0xc, 0xa, [@generic={0x1e, 0xc, "9a66c814cdbc344559de4db519c0a0cedba4156e46d3f38a18b7c915"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x200, 0x1, 0xff, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x182, 0x77, 0xc53e}]}}, {{0x9, 0x5, 0xf, 0x0, 0x10, 0x8, 0x81, 0x1, [@generic={0x11, 0x6, "5e13585de9a53cba8c5fdaa97e2e7c"}]}}, {{0x9, 0x5, 0xf, 0x1, 0x20, 0x81, 0x1, 0x7}}, {{0x9, 0x5, 0x1, 0xc, 0x3ff, 0xfe, 0xf8, 0x4d, [@generic={0x4a, 0x90a1c16eeb8cbfe, "c6693ece728a4953581187b30b019905818e04e6c2bfb8a9f30249b2b33956abc667806aba43782d573b9dc608737bd71d60e38f71fb654684840981ca5d0b48e7f38655503e75d5"}]}}, {{0x9, 0x5, 0x5, 0x1, 0x40, 0x7, 0x40, 0x1, [@generic={0x32, 0x33, "ea86f875d097bf5f6c38846887fd500c3a93761b724e6c1386f5c175b99a1a96d50f11cf4586a8ea79e848592aece778"}]}}, {{0x9, 0x5, 0x9, 0x1, 0x10, 0x1, 0x40, 0x36, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x16, 0x8001}]}}, {{0x9, 0x5, 0x9, 0x0, 0x8, 0x3, 0x9d, 0xda, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0x1}]}}, {{0x9, 0x5, 0x0, 0x10, 0x400, 0x9, 0x2, 0x6}}, {{0x9, 0x5, 0xc, 0x9, 0x10, 0x6, 0xfc, 0x3, [@generic={0xa8, 0x14, "95ed39bf8cf7635f2f9259bd2c461cb7da21b6c30914fe434101cfe5d0885d43c34149fb2fe0d6c286b080003a13297df54424ffc4ac2de488238552d947c59f43bf83dc3fa6f5679d4fad74489f30f9722191b16c263d83be801924df86d845cdeeb6cc0957a3111146b98738e3d573cbe026144dd6da730455c2417f3d0575f36cf216f8ec41f7fb85788757c20befe1025afb971f2678ded86164d999456cb7e84ed82a30"}]}}, {{0x9, 0x5, 0x7, 0x10, 0x40, 0x8, 0x80, 0x13, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x45, 0x3}]}}, {{0x9, 0x5, 0xe, 0x10, 0x40, 0x1, 0x7, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xb, 0xc}, @generic={0xc2, 0x10, "ab5514eaa3baaba3e5e4f16a0856418a370977a6d5e0138dc0d7a6b92542f55eee42ea207de9c15e061c5a354cd294d83cc47e273bd171b3f10ca06ad3c4d81aba8a684928df18dbb803f5f7a08f89410127c731c7a0e5fe61d0b1edf8d75aed8899d6af7ed07b0b2961b9deb54aca725935bf10be3759f549e84b77a59cdd4e5428e1ef79efe88d924f79f099b89362e1fab971a02f508dfcaaf8ae924a09f838e2294b78b6afb6422abb5e35eec3b1a946b397f7c4d0bfdc54a5d892a39ac4"}]}}]}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0xd, 0x8, 0x8, 0xff, 0xcb}, 0xa7, &(0x7f00000000c0)={0x5, 0xf, 0xa7, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xd0, "f47fcf76765fc313bc99585749eb0f7d"}, @wireless={0xb, 0x10, 0x1, 0x8, 0xb7, 0x9, 0x3, 0xf, 0x8}, @generic={0x83, 0x10, 0x4, "9ef98e1b90081d9b41aeeb5172ee05351e6017e9d7df66b84cd14b656ab500c9943a5f136681a81d2ece174d5a470101ab5f19680c5aaed6596dfee9a0ebaf39ffaca401967cb0d9d12205f1e12d2cbebf4385c2f19b2a0354f4cfb12a0dd054eee305aaaa5ace3bb16c25a7d7e4beb5e89094a4058f5808a12950171390dc70"}]}, 0x1, [{0x4, &(0x7f0000000040)=@lang_id={0x4, 0x3, 0x603e}}]})

4.757846318s ago: executing program 0 (id=4676):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect$printer(0x4, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x8, 0x60, 0x6, [{{0x9, 0x4, 0x0, 0x8, 0x2, 0x7, 0x1, 0x1, 0x2, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0xf, 0x80, 0xff}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r2, 0x550c, &(0x7f0000000440))
ioctl$EVIOCSCLOCKID(r1, 0x40084504, 0x0)

3.836244914s ago: executing program 0 (id=4677):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000080)=ANY=[], &(0x7f0000000180)=0x2c) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1006, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async, rerun: 64)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x68080, 0x0) (rerun: 64)
close(r3) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000540), 0x3c) (async)
setsockopt$inet6_tcp_int(r4, 0x11a, 0x3, &(0x7f0000000100)=0x304, 0x4)
socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
close_range(r1, 0xffffffffffffffff, 0x0)

3.818812454s ago: executing program 0 (id=4678):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x14b040, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x5) (async, rerun: 64)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) (async, rerun: 64)
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000001d80)='\x00\x00`/\x00\x00\x00\x1f\x00x\x85\x1c \xf3<r\xbc\xfe\x00\x00\x00\x04\xbb\x0642\x9c\x1aQ\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a  \x9a\x9f\xfc\"\xee\xc4\x93Q\x82,\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\x00\x00\x00\x000Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\t\x00\x00\x00\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\x89]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8CoB\xdc\xc26\x06\x10\x92\xc7\xa55\x9f\x04\x00*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03\xae\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\xedo\x92\xae\r\x05\xfa\x99\x15\x87\x14\x13$\t\x01\x00\x00\x00\x00\x00\x00\x00\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\f\x03\xbb\x14\xa7\xda\x19M\xa3!\x95\xa0\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00f\x8a\x9b\xe2\xa7k9\xd9`=}\t\x82\nw!y\x91\xbeM\xdck=\xcc\xef\x16vt\x1d\x1c\xa3\xee\x13\x16\xdbb0\b`/c\x9f\x8c\xee\xb1\x1a\xcf\x8ba\x11Oh\xc7\xb8\x8e#\xeeAh\xd9\x15\xc6\xe7>\x95\xe2\xdaQ\x0e\xc0E\xdd\xc3^7Y\xd2\xf0\xf7DZ\x12\xce\xba\vI$[v\x00\x830p\xd4\xbf\xa3\xf28\xab\xd4e\xc9z\xff\xfc\xeb\x04\xff\x98\xda\x01.gT\xcb7!W\x98\xc4\xa5\xb4\xc3\xd8\x94\xe6\xd7\x9e\xed\x1f\xafBF\xd6\xbfu5=.\x92\xc8-\xcc~6Y\xa7K\xd5=v\xdctJ\xba\x17\x18\xc8x\x95\xd8\xb2\xd6\x10)\xcfs\xaf\xf5E\x18\xa2*\x82\tU\xd3\xf7Y\x1d\x175\x04X2\xa3K\xab\x14\xec\xc9\x9c?\xa9\xc4\xc7\xe3{\xbfA\x16\xfcY\nR\x93\xb3\xcd\x0fg\xf6L3\xe87\x8aX\x82Y\x95\v\xbf%\xef\x83\x02\xc1\xd5c}\x18(\x13\x9e\xe7\xb2$\xee\xc4\x94\x00\xf6S9\xb7\xbcu\xb9\xad\xc6$=D\xb9\x82\x15yM\xa8\xf1N\xaeB\xf8.q\x90\x8a\xb57_\x98\x7f\xf2b\xbd\x97\xfc\xefN\xc6\xad\x99IJW\'\xd6m\xf0[WO\xf3\xd0\x9e\xda\xbd8\xd5FVA>\xa8p\vp*\xd1\xd9\v\xa3\xb2\x1b)E/\xbb\x90\xcct_K\x8d\xa3\xd2\xad,y\xa7\x8b\xa3\xb8\x86\xa9Q~\x1f\xbf\xa3(,\x91') (async, rerun: 64)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10040, 0x140) (rerun: 64)
sendfile(r0, r1, 0x0, 0x8)

3.757641765s ago: executing program 0 (id=4679):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x9}) (async)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000000c0)={[{0xa5, 0x200, 0xfb, 0x0, 0x44, 0xff, 0x2, 0x8c, 0x4b, 0x7, 0x8, 0xb, 0x8}, {0x4, 0xffff, 0x4, 0x4e, 0x6, 0x81, 0x2, 0xea, 0x2, 0x2, 0x4, 0x3, 0x9}, {0x4, 0x0, 0x2, 0x4, 0x40, 0x1, 0x0, 0x2, 0x3, 0x7, 0x3, 0x1, 0x9}], 0x5}) (async)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)={[{0x7fffffff, 0x8, 0x2, 0x6, 0x8, 0x2, 0x5, 0xa, 0x0, 0x3, 0x1, 0x5, 0xffffffffffffffe5}, {0x401, 0x3, 0x9, 0x8, 0x7, 0x8, 0x5, 0x7, 0x6, 0x4, 0x7, 0x2, 0xa}, {0xc, 0xfffb, 0xb8, 0x2, 0x7, 0xe, 0x7f, 0xd6, 0x3, 0x6, 0x3, 0x3, 0x9}], 0xf})
r2 = syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x100) (async)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x810c03, 0x0) (async)
mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000000140)=ANY=[@ANYBLOB="ff7f0000000000000000ff0f"])
ioctl$BLKDISCARD(r2, 0x1277, &(0x7f00000001c0)=0xc3) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0xb6f3, 0x0, 0x1, 0xffffffffffffffff, 0x20000000})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getpeername(0xffffffffffffffff, &(0x7f0000000000)=@nl=@proc, &(0x7f0000000080)=0x80) (async)
bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) (async)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x94822, &(0x7f0000000240)={[{@nr_blocks={'nr_blocks', 0x3d, [0x32, 0x8f, 0x6d, 0x67, 0x70, 0x6d, 0x6d, 0x2d, 0x35, 0x2d]}}]}) (async)
close_range(r5, 0xffffffffffffffff, 0x0)

3.749113535s ago: executing program 0 (id=4680):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a05004, 0x0)
mount(&(0x7f0000000140)=@md0, &(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='pstore\x00', 0x1800000, &(0x7f0000000200)='--^}*&+++,@\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f00000000c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x68, 0x16, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x16}, @flat=@weak_handle={0x77682a85, 0x1000, 0x1}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1f}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0})

3.567331446s ago: executing program 0 (id=4681):
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000280)=0x80000000)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x3})
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x50, 0x0, &(0x7f0000000040)="c77f63941720024fcb205ad3f3502124f14eba8419d2d70aade14d22ca5137369a7e2f7c68839e02d428fe526929aaaeb71b01b4a33854d4ca7681b53a970b1a4175371ccff2ad1d15ed65d48b413559"})
r1 = memfd_create(&(0x7f0000000140)='!]&[\x00', 0x4)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in6=@mcast2, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@remote}, 0x0, @in6=@private0}}, &(0x7f0000000180)=0xe8)
quotactl_fd$Q_GETFMT(r1, 0xffffffff80000402, r2, &(0x7f0000000300))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x68, 0x0, &(0x7f00000004c0)={@ptr={0x70742a85, 0x100000, 0x0, 0x0, 0x2, 0x7}, @flat=@weak_binder={0x77622a85, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x28}}, 0x0}}], 0x0, 0x0, 0x0})

3.566869836s ago: executing program 33 (id=4681):
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000280)=0x80000000)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x3})
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x50, 0x0, &(0x7f0000000040)="c77f63941720024fcb205ad3f3502124f14eba8419d2d70aade14d22ca5137369a7e2f7c68839e02d428fe526929aaaeb71b01b4a33854d4ca7681b53a970b1a4175371ccff2ad1d15ed65d48b413559"})
r1 = memfd_create(&(0x7f0000000140)='!]&[\x00', 0x4)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in6=@mcast2, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@remote}, 0x0, @in6=@private0}}, &(0x7f0000000180)=0xe8)
quotactl_fd$Q_GETFMT(r1, 0xffffffff80000402, r2, &(0x7f0000000300))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x68, 0x0, &(0x7f00000004c0)={@ptr={0x70742a85, 0x100000, 0x0, 0x0, 0x2, 0x7}, @flat=@weak_binder={0x77622a85, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x28}}, 0x0}}], 0x0, 0x0, 0x0})

2.729014472s ago: executing program 2 (id=4686):
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, &(0x7f0000000040)={[{@stats}]})
newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
setresuid(r0, r0, 0x0)
setresuid(0x0, 0x0, r0)
mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x20805, &(0x7f0000000100)={[{@readahead={'readahead', 0x3d, 0x401}}, {@no_bf_readahead={'no_bf_readahead', 0x3d, 0x1}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@smackfsdef={'smackfsdef', 0x3d, './binderfs\x00'}}, {@dont_hash}, {@permit_directio}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@obj_user}, {@appraise_type}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fowner_gt={'fowner>', r0}}]})

2.662939962s ago: executing program 2 (id=4687):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_clone3(&(0x7f0000000180)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r0, 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpriority(0x1, r1, 0x7)
mmap$usbmon(&(0x7f000067a000/0x2000)=nil, 0x2000, 0x3000000, 0x100010, 0xffffffffffffffff, 0x1)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r2, &(0x7f00000001c0), 0x10)
ioctl$SIOCGSTAMP(r2, 0x8906, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000007c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="010000006b0300000100000000000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRESHEX=r0, @ANYRES8=r3], 0x48}, 0x1, 0x0, 0x0, 0x801}, 0x20000000)
recvmmsg(r2, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}, 0x200}], 0x1, 0x60000163, 0x0)
ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f00000020c0))
prlimit64(r1, 0x5, &(0x7f0000000100)={0x8f3, 0x80000001}, &(0x7f0000000140))
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x1001)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000240)={'ip6gre0\x00', <r7=>0x0, 0x2b, 0x6, 0x9, 0x4, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8, 0x1, 0x987, 0x7fffffff}})
r8 = fsmount(r6, 0x0, 0x0)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f00000003c0)=<r9=>0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r8, 0x5000943a, &(0x7f0000000740)={{r5}, r9, 0x10, @unused=[0x5, 0x0, 0x94, 0xf4], @name="431ad4034a577d5aada9fdf0738c7c0323e6ecc7925f2565cdd94272957917f922527ee092e6e69a845978248e037f2109c96737d4976fd5b8103fda975c4a32fb808b25fa3914a1b67ef5fdfb881163be7b21df8ad8cd3a86730df88e6defa4af746d37967fce44099d4a6e53af761db82fdc3ca735732f2410d798ac563d06a105225387d467cfd4e635953b51888b8b02e41609830cd3a496078c2ec27d73f09c0f0423724a2414243f47c7e85cf8ccd1f73ce5ca973354f49a316effe0fe994e729c1d3f8eb59c8c7b6a70566dcde94219942039bbad42f9a8152a43c57416b40341e21120a5b78c7d904312d66d98bf2810182cb0867462e03730b1b8f4799fddcd9b004dd04e6efa09f96e3620c7ce744c08b87e6f0ce32543a68224459e9a7e8b107642e3dd896ffd062590156487d0d230d996638e57a64237650531fd7ff4e40ae6795f8724cb74f9571932860f346406ef372c31b43f31a42404edf332adf7741375a2824a062948c1ac36db9ea62d350381789c3699ac7e96e65289d0500d800b306fda6666a9ac99eda889a6ebb350f3e35b2e50d87852cc907552e80dc01400e6216a9621436a09196e0e0408c0e5aef6886f237ab0a47439dee2d8c726cfc0823b69613ea16593334a5eaee553c0caab6a657b67a176e3662916029a4b96ab2c9494dd65e289dc3c0b9890b05b2faa4da2b69a7be4e5d22f7aa9be13921e19b47d4ab27b0c30c99fa493b1538e460b51a1993ec694b550442101180f67fae6deff948a5ad1c127c89ab0e8ab1822013cbdc39d232af616f0e9219f9197965dd5debe4b015428f6a287721b117b541ffe4fa1cbc17c0ca74f5c4d5b127fbc8349e4d52ea5b3bd202827d4e0f93f569a78437cc4bc9ca360bbcf89597f38131b9e06d1145b27b0fdb8ef1bf00725a5f0e0e87f1a41fd06f7cce92914cce6ec64959ad9234ed30164304ff173c89899e23b6c95788eafb05aadc9e27c3b9f40b3f3ff26ba92cd5f1b91f10ebf156e5b43efa64c41faeaf8a299d55081016c28279a7f509a10a3f3fe6ef12bfb18a3cfa37ed12a9c6993a4074f2ca7a895d3ce7ace62c7f6e143cd42cafc4ba0faf95db54c0871e4e3e90b10c739f2064e71ced5c0ee2d14a937eb231d2d631aac30a1b69420f93ca08514869bdf4eb4298d2942a6f449412d673dcc8489a849b0a9c347e449409f823105e0eb1b264fe9ad7ca1f04cbd9bd5bbea43c8172bc2a71b373af256c8fb724b36e266c7c2526c09b6987d55ccecc2c3c133751f56592bb012aa7f2d5e7856928db52fb56f10d4120b1f50680d4b8e3a55202a52f85d79d2d52491c64e1955f2f8055224819f6a3cab0e85beb79ca2d7715c90886888a971a3c22c8f35bf671163466e1ac25ecc95798cb2ca0cb2eaa684e54b237b3c3551600c83c8d02913636f8374c0da38bc2ca4b5c4e9674bdfd49cbe755e31b0687b82c4023e8541a686b70620add413c6cab9dff1b66aaf86487d3f5b26e7d7590f3b7940266a94b61f1a514c342ffe6643dbcd4a28fe5e1f2a6151913470fe0f593876e55d8ec52513396c472d47bcdccec277c42efbbbabb2faa4857ecd7ade30b8cd43898b84308b0c2f64c9303b29a201163a87e122cc3372fe7d17af6e6a8e0af35541f3f016b8d9b11d97bfe7f0c20de7883e785fcc7f892f3da1d1818b2831096ef134cec89be2a57d77ad0bdc35551e0866f5f4cc1213212d26047adfc1d724510183743846372c2c19e1e7c1bd8c41c8fda390e7170f1b368a0ac98371865a7532e44db0f19d51cf7438482322b6f5a65cec1efc14c7a0d26534a2d0550fe0225961f6fb8f2e498757da6c4fa92e75c328f9170e06a149f82f6ce981220da9853df7649a7eeb1614aba7e9448237d6f890c07a38a91e8943773047a235e6599e75c467f1c331b17d39dc05d1ddd306d9ac547009f356036992ce41b53a840f803513dfa5b7c3c2de78851bebac0579bc709e34bb1baf295cc8e4dd6ccb58963734c481a8e1ba0ddecbcbd9fb94d0b1e79f82215754855d3ac6e06f91b30af231c9ddfb91d25f744b64f1bb2f08ca21562c8c098ab3dfaabda83a552614704875d061683f03f579e8ef787083955a547a1eee4537f97aac4c82720d98d3680c6e2776f92374cc3ed1a69adfdc8f90d6c2827e73880611c8a3c8d1b11af84647bcf5754111f51a1ac453059fde7c63949ed9f504cd6decbfd2efe084ddf26b5a04f8e86029724c0f63bb8d387ffbafc07392f0e20b1e64363a90e8dd3aa48eba9fc9b9d4dea82d93491db0ec7446eaab4206c0a43c8e82a60faee9458053a2d6455eedfaf6c1fa76b13da6950c6e1976c5eae5992822f61ee8c550df2a2726469f26055454d66cfb5e8cc64a214798a3bf3592e3ac09324c424ecadb32340bb60f7665a83590c1cc8b8182bd3e532bce202d8588ae8c76e5f318decfebe7d60dabe1b0bc9596e24374ede463f7282babd056f32e9bb2017290985de3fe8e89af966d0e04fe11ab97430b6963d0a6bbf14ae7864379aca40adfa32726070d98ffc7f651460e6aab8e3f51d4aee770174eadb2e9425424174740c8cee460b6a0b496214e2d4a059918d9b4d7a1426a343458a889cf77388e83996e8411aa055625f358dfa1d3a97033ab72d80bfff19a35168ce7b6e8a64800f97dbf814183270d04a4fdbc336bd809fee91b39eeafc965fe3e76fc01970af3a61d2727b819189fb4bd4f7f1714390bca90ae946161fd1fd760a13dfe725fb0738ed4698007a13718849d84a7ddbab0851e549cb9053be46263e76e9b8b942a5f59c338f7c363ab04330c2b3f714e555d7933ca7cf161927e49156bd745c03f0c58ca502f50bf62df94d79b0f55c0e03e5c715977cf40714f188f6559846ee65d247afb17da98ecba27e21815d821ef6fd15e562ed22fee2b5300dbf9ed15683779a7fac358b88c1f0f1a29454a9dff37b9395179ba0a1ad284678527c4b1e59b4cc16f75aa77a25bcfa2ac4443766029344d60a03adb19a771cb67a7e57114fc7c24f2044538572b8ccdf8ac03c00c54fe1c9efda518c6e6faa8cb29202aaaf9df6ef92b5a0acd5ee79e9f6f4ea76dae3456a72367da8b31a49f5b9e7b4b739cb26de939f01b9de890347fe62c05a9ce247b48af6ab3e43ed928d9122984c95f6f63d5f05bdb8043505edd2f9602456805eed0a711392896e9cc354d368f371aad585ef1a23700b9839e694244401fcbd3a3eb98c7f37e97717883a542a2022e0938a48e83864fe7b4c0c4f61a51fa68e0e1b94e42a9b81940b090a48cbe15084da04a3e04e0dbcfdb109672dc3189561bdd9e23ee0388e2133db6dc47bd2e97959c38e0036aa188e0896696d25cf5f005af9215309cc189e2121b59e84e5603515b556e393aa30ff9b8d9d25374b165d02b0c621b94e60a14cf221cc34b00d522e27d549e59aee83528f3d0c339035ed180b0645f8e6375e7b615d7fed140db334500ac7a8ccde4114673040eaff6e675be6ddad4253229cf471d252e2cff278ea5bdccd777b8893b965b44ea3383b37aa85284b9c1dabeb94d5f753a89a8628f2da6e9bfb1ede5e669e449874259c8c942b9bfeec20e605ac19ddca2f5b4ad9f3c23f339ff0c0234f620615ff3272182a5f1a9c967e8b2cf235c508a44b1532b19d97cb1eeaeec256bf002f3e11c8e3c171d3c9f975e24e547e7db321b3de1216b0cefe251e31dbaae4d0c9d27fb8b09ef14072074b9b91746e2eb05b9ba1a6b00c66dad1c57e96cfa27f37bd8bd2761a889279e2765f610d5b2c7e7bcab2b0ccbef641ba8b3f5243e156cbac383b90e745c385fb82c3250ba50b882a9d44f2040f55bdb02ea321894fb594e5efa752994e63b8893343faf79ee587622ac730b68c2b2132b50bff6c8f420e63b81fd442da362e59d5eb23106bf7c6f952d622174d4ac8f871fc25d59bcad1ca737dcb836510ec44be3928541085f95fbde0c36b37ba9db8caa9f95daa8c9e24bc3d829e8ec8ea71e3de52a0e0949e52952968557954d854aaa3911ac53f252cfacb742fcc0eab5da8598b95bb826912bfcc9e79a09c073a051e2c34e892c1c52e711840d04d4e360e855963d5390aea05604c3ad7d978d6f5c6d7adc3cfc3cff219afc244e09176635979afd9fb3b290e10bc8ace68e0879f74006a7478ef87012c608abefde68a48ac633db1b5c29e95a185647545fa200400cbbb6512314779ad9ffb35626f79c8ccc4433ede4a7a4614bd07e021f752ba22df7894b42cc27887c9f17cbde47f935658e19e5b76ce611a3dfc18241bc938593db25d783b672f4fee3d2d8343bf2fd07797231bb7e5d836a22b9e3cb9b912ff4d8f846170e8be153caa38d50cf0eb57ae7b300d6f6e173517ee6b5c3055fa7797b8652f37d69dccd3fd7dc4f0e6008648770218d7cfb323ce4e9e5809ba2c06c019da44068ebf3c50ca05af7828201aba4602b2c21d0ff874da7003dd4ef631d4bb69fb383d6c1d9aab55747ff76222b90d72cc641ee534db3d5a000f7c5525b038aff9395ce1f1d23e5e88626669edc88ee827aaa36523432159bd12f4cc2447580e7b884257463076b4e75d35bba58539ea257dcce9205d9c52004424e86f9c76c2768bc65ccc3f35aa6a147da22b302a95032fe775295488e7ce686fbef5aa4a3859f7aefa020173bf9e2fae8c6d54e2bdd592d8bc2153fd92db3362525159b74cb7f1979d2acfe09f46c5ecfd0df6ec651bd39bbfeedbb8d56a17b20cdac42dcd3e61277deb77f21499a606412d9803b03c289abcbfe4113846cd62e2266bd441d3e34b3d7eb7336f8a9cb7e3445ae0afc393b47f72a78874a36842c2296864c2a0d77e5a8296f3935a85b11d48d2b540085dcd56c46314002dc91aab033d7e4ca7e96eea5964974c056db7d5d0bb6bcb091be919806b82ca55b277749612a121a9fcc9147d64136ea7e3217a15882c9119558db2a37108502dce52fc935348f9ade57fd698e2a28ce376b78e620f66720d9f99e70946fdae9ae1a3e1b295a493749a3113e5b41376ce58b11c12235bf00ae89d507f7676c9b9ce23bf5828c9f4ef2d1c764c2c896ff2450c3f26948885873237bc4a22b01286a9701fcc768b9081de5c2379e04866c9e9ab1865cc5279440cc231bbe790163052ee6f8edfe57beb9357da9aed01a47bf5fd4359cd8eeff9c9bb81efaa45701933bfb730d3ef4210bc51d9bc2ce06d71a4439a60a49862321eeeb37260f25fd3b07028b50147e487deeb9a3ac1e0d8f113d9a0e37a4f971467ac82a89802ef45cf89be95fa95bfc197cb257a4a7122427de2823edc2553e3c6fcc18957e4174be6d9535ed0e227c946b1ab4d4ec68cc0253085b5a0c6156dcccab4a1c64cb29c6fcbed3e9aaf5fab5a719bb937a57610f15b81aa317ddc4e280f5457171dc099c314d5637a31d7885d4fd390f62b6e16ef79d9348202ef72ac063cd3e87e89a4173d7bcbad66ff015d8f03eb8fcd1a26f44bab4ff71b9ec07953858802c816df399890c2b004ac70e2f6d4332fa73e35deef5bc4619dcb0ec44f792e987fdce7ee584e9d010a46e18156d641d0399c360620bdae1d48fb25ac6c40a575025a7533b11e5e8e61d6c3598cda3b64859c05ea019db0b8b1740d228b9b8e4bfa27a663f6000cc7bc237a6fa52b39ec078d8c0db2de09769"})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000380)={'syztnl1\x00', &(0x7f0000000300)={'ip6_vti0\x00', r7, 0x4, 0x3, 0x5, 0x80000000, 0x60, @private1, @private1, 0x40, 0x7, 0x80, 0x400}})
connect$unix(r5, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
accept4(r0, &(0x7f0000000040)=@sco={0x1f, @fixed}, &(0x7f00000000c0)=0x80, 0x0)

2.102284506s ago: executing program 1 (id=4688):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000180)={0x0, 'pimreg\x00', {0x3}, 0x3fc})
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000140)=0x2, 0x4)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@ignoreqv}, {@noxattr}, {@version_L}], [], 0x6b}})
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00')
r4 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
ioctl$USBDEVFS_RELEASEINTERFACE(r2, 0x80045510, &(0x7f0000000000)=0x7ff)
sendfile(r4, r3, 0x0, 0xffffffff)

2.100930676s ago: executing program 2 (id=4690):
timer_create(0x1, &(0x7f0000000500)={0x0, 0x1c, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000540)=<r0=>0x0)
clock_gettime(0x0, &(0x7f0000000580)={<r1=>0x0, <r2=>0x0})
timer_settime(r0, 0x0, &(0x7f00000005c0)={{r1, r2+10000000}, {0x0, 0x989680}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000006c0)={{}, {0x77359400}}, &(0x7f0000000700))
r3 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0x184)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000080)={r4, 0x0, {0x0, 0x0, 0x0, 0x2a, 0x4000000000000ffb, 0x0, 0x0, 0x9, 0xc, "faf98317e5a114d989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfff, 0x40000000a]}})
ioctl$BLKROTATIONAL(r4, 0x127e, &(0x7f0000000040))
writev(r3, &(0x7f0000001580)=[{&(0x7f0000000280)="f2198d6980a7", 0x6}], 0x1)

1.751803228s ago: executing program 2 (id=4691):
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000000)={<r0=>0x0, 0x7, 0xfffffffffffffff8})
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000400)={r0, 0xfff, 0x1, [0x67a9, 0x2, 0x128, 0xfbb5, 0x1], [0x1, 0x6, 0x747f0000000000, 0xffff, 0xfffffffffffffff7, 0x7, 0x9, 0xd9a, 0x5, 0x2, 0x2, 0x4, 0x5, 0x6, 0x5, 0x6, 0x0, 0x2, 0x8, 0x7, 0x5, 0x8000, 0x834, 0x2, 0x8, 0x4, 0x7, 0x2, 0x4, 0x9bf7, 0x2, 0x3c5, 0x0, 0x7ff, 0x2, 0x5706, 0x0, 0x3, 0x8, 0x192c, 0x0, 0x3, 0x10, 0x6, 0x4, 0x6c0, 0x5, 0x8, 0x75, 0xe2f, 0x1, 0xfffffffffffffff7, 0x7, 0xf, 0x6, 0x6, 0x6, 0x100000000, 0x9, 0x8001, 0x2, 0x3, 0x7fffffffffffffff, 0x9, 0x8000000000000001, 0x4, 0x100000001, 0x2, 0x8, 0x5, 0x8, 0xac6, 0x5, 0x0, 0x6, 0x9, 0x9, 0x9, 0x3, 0x6a, 0x2, 0x31, 0xa, 0x7, 0xffff, 0x85, 0x1d40000000000, 0x17, 0x0, 0x0, 0xf42, 0x9, 0xc9, 0x1f1, 0x7, 0x8, 0xffffffff, 0x14a, 0x1ff, 0xe2ea, 0x6, 0x7, 0x9e5, 0x7ff, 0x200, 0x4, 0x4, 0x2281, 0x468, 0x317c6963, 0xbda, 0xb, 0x1, 0x0, 0x4, 0xffffffffffffffff, 0x2, 0x2, 0x6, 0x40, 0x9]})
fsopen(&(0x7f0000000840)='reiserfs\x00', 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000880)={0x7, 0x2, 0x1000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDMKTONE(r2, 0x4b30, 0x7d5)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000008c0), 0x802, 0x0)
ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000900)={0xe, 0x9, 0x1})
sendmsg$NL80211_CMD_LEAVE_IBSS(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x300, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0x2a}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40081}, 0x44000)
r4 = open$dir(&(0x7f0000000a40)='./file0\x00', 0x62000, 0x0)
clock_gettime(0x0, &(0x7f0000000ac0)={<r5=>0x0, <r6=>0x0})
futimesat(r4, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000b00)={{}, {r5, r6/1000+60000}})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b80), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x5c, r7, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8001, 0x42}}}}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x3}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0xfffffff6}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0xfffffffa}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0xa, 0x9d}}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x5}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
getsockopt(r1, 0xfffffffd, 0x7, &(0x7f0000000cc0)=""/186, &(0x7f0000000d80)=0xba)
r8 = epoll_create(0x4)
epoll_pwait2(r8, &(0x7f0000000dc0)=[{}, {}, {}, {}, {}], 0x5, &(0x7f0000000e00)={0x77359400}, &(0x7f0000000e40)={[0x6]}, 0x8)
ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000e80)="6892516a2d1b8364bdb3900691851e8032b394a0ffe139ae18750407dae0af489d5bbbb051467b575eeac2c7b93a1e0b1554854682761bf140c348f46d450c11a99fb36725d0bea910ab2876269f1813521dcb2919da4973665466057b0020c18eff25cf856e570e321319e314f819f17560ebf8b8edcc8ac1f3e43058f610170887e1aacd5828441cc2853f32f02fd266993ef14331d5d883758dd8c82eadde55ad059d880cf67238dcd53e6c84f8416afe9fcc8f8dcfafb340425617840ddbdd31fd5e7adf40a0b34a9f5c4ed745ec6cf34cfebc9d12041688990c81160bbd1ee636c614eeb51e10b454588b84ecd9ea3e4080d3406d48683094a73e789f63")
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r9, &(0x7f0000001080)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001040)={&(0x7f0000001000)={0x24, r10, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x5}]}, 0x24}}, 0x40)
pipe2$9p(&(0x7f0000001140)={<r11=>0xffffffffffffffff}, 0x4800)
mount$9p_fd(0x0, &(0x7f00000010c0)='./file0\x00', &(0x7f0000001100), 0x1042, &(0x7f0000001180)={'trans=fd,', {'rfdno', 0x3d, r11}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [{@obj_type={'obj_type', 0x3d, 'batadv\x00'}}, {@dont_hash}, {@subj_type}]}})
ioctl$TCSETS(r1, 0x5402, &(0x7f0000001200)={0x5, 0x5, 0x1ff, 0x3, 0xc, "e065cce6c08f14775cc8fa3a25b4e17869d093"})
r12 = accept$inet(0xffffffffffffffff, &(0x7f0000001240)={0x2, 0x0, @empty}, &(0x7f0000001280)=0x10)
setsockopt$inet_msfilter(r12, 0x0, 0x29, &(0x7f00000012c0)={@rand_addr=0x64010102, @remote, 0x0, 0x2, [@private=0xa010100, @loopback]}, 0x18)
clock_gettime(0x0, &(0x7f0000008000)={<r13=>0x0, <r14=>0x0})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000007e80)=[{{0x0, 0x0, &(0x7f0000003580)=[{&(0x7f0000001300)=""/58, 0x3a}, {&(0x7f0000001340)=""/30, 0x1e}, {&(0x7f0000001380)=""/67, 0x43}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/119, 0x77}, {&(0x7f0000002480)=""/237, 0xed}, {&(0x7f0000002580)=""/4096, 0x1000}], 0x7, &(0x7f0000003600)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000003640), 0x6e, &(0x7f0000003a00)=[{&(0x7f00000036c0)=""/28, 0x1c}, {&(0x7f0000003700)=""/176, 0xb0}, {&(0x7f00000037c0)=""/243, 0xf3}, {&(0x7f00000038c0)=""/221, 0xdd}, {&(0x7f00000039c0)=""/55, 0x37}], 0x5}}, {{&(0x7f0000003a80), 0x6e, &(0x7f00000040c0)=[{&(0x7f0000003b00)=""/132, 0x84}, {&(0x7f0000003bc0)=""/222, 0xde}, {&(0x7f0000003cc0)=""/226, 0xe2}, {&(0x7f0000003dc0)=""/98, 0x62}, {&(0x7f0000003e40)=""/154, 0x9a}, {&(0x7f0000003f00)=""/185, 0xb9}, {&(0x7f0000003fc0)=""/240, 0xf0}], 0x7, &(0x7f0000004140)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x40}}, {{&(0x7f0000004180)=@abs, 0x6e, &(0x7f0000006200)=[{&(0x7f0000004200)=""/4096, 0x1000}, {&(0x7f0000005200)=""/4096, 0x1000}], 0x2, &(0x7f0000006240)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa8}}, {{0x0, 0x0, &(0x7f0000007800)=[{&(0x7f0000006300)=""/62, 0x3e}, {&(0x7f0000006340)=""/67, 0x43}, {&(0x7f00000063c0)=""/116, 0x74}, {&(0x7f0000006440)=""/202, 0xca}, {&(0x7f0000006540)=""/128, 0x80}, {&(0x7f00000065c0)=""/98, 0x62}, {&(0x7f0000006640)=""/4096, 0x1000}, {&(0x7f0000007640)=""/178, 0xb2}, {&(0x7f0000007700)=""/244, 0xf4}], 0x9, &(0x7f00000078c0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r15=>0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}}, {{&(0x7f0000007980)=@abs, 0x6e, &(0x7f0000007d40)=[{&(0x7f0000007a00)=""/244, 0xf4}, {&(0x7f0000007b00)=""/154, 0x9a}, {&(0x7f0000007bc0)=""/24, 0x18}, {&(0x7f0000007c00)=""/11, 0xb}, {&(0x7f0000007c40)=""/243, 0xf3}], 0x5, &(0x7f0000007dc0)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}], 0x6, 0x2, &(0x7f0000008040)={r13, r14+60000000})
sendmsg$ETHTOOL_MSG_WOL_SET(r15, &(0x7f0000009380)={&(0x7f0000008080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000009340)={&(0x7f0000008200)={0x1140, 0x0, 0x4, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_WOL_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}, @ETHTOOL_A_WOL_MODES={0x1024, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3257}, @ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "f4b32ab1e4417eb08244a046f8ce6c87d288ea3ea40df1954ad8d89dc21de54258e7201603d3b1cb67347a782a51e54fb95011e4065adf88b8fe206ade684c2985efd02d0ec28ea18a9046b063e79131932294ff6acac519fb65d0ab1e445f8faede13bfd5f5a676451b89d4b3ac628aa48cdf7ba7f696b01c11387847145018cc426cff9ee52dc7257f915f1fc822d0b7490ab541db8847db277938ae9f90e378ff877cb37ab201c176c7b0e7da3dd8001b36c6ce3bce458c40cec25f89c4813b5693171ca879c126d07f66834527e903891e4c28ee5068d541c05fefda0cb098e9cf9a3a86e61a2765b63fee72c60ec76f05cf60e18c999c701a3b20332d3805921cb37ee7ab942cabd01bc196bc23ccdb85d1ed1c6ebc6d80151a74b217cf0ed7fac400bb0e99c8ff39d66054a475416705d7a793cb0a25fc7232afa45d81155f659cc908182e8c7ae6259420a81edbcd037facf389339e7b5241483c7cd6efee044d4d6ae949e948cf43d79ffaaef175bdedb7145829093780106092d9231e7e6ead0a8a658b0cfe61ac911ca0038168d85a35433b982442206c459f8178b625d19c2c509f745a7ad4bb9d3513150a187f58df17a1a97152b278e783e45f8a51d16e7d38fea750013d46f66e6d56f7a8014b76060b091b5c56264d57d810883426b2f797689532c68ddbe7376f597e77e558935bf7bcfafae7d4418b20eee5e11133069113b843b0b2eae7c2c53cd8fa50ba60027d2bd036c7a228f2cfccc299dabcbf5a0d18cdd6bd37b3305872680e16af25dc73fe9056c989afbc9095441c27cac947ac23ce0912ca2af5cb80624ae5e0f395cb6691079a9825f7879cd1057fe8c02aa30b783fc14b10b5c44e5fd92da95b3e003422c2e59160bce15396118cc1c068dfbf5e84b0ab6246e1937430627507ea131e892c694015dd4526f35196e61cc3e4c5286af28354d7d1159a4a243b67f2699bda2a26f2fffdc5c2f31ed7554d858ee7c5fb2765254a0d88ec6acd786414e91bb88979855a46863a9963a7a031a3ce3189adbb75ee6f288f5992ea678d7fde43bcabfe3b7a771ae85806f499d2455db932c2aaceaf7e6421091ca8df6ed5d79ff911731274ab4400926c116c63dac3a4fb4f9d4ae750dcd355e1e602ab0fc3e2598e35ac12c0e1f05b37a950350cf69a634795b7fc75ca570549eb87ab55e14893e84532fe572dd0137ffe64c79f2af81262235b2ee21a547856d76c042fe6108c8d5936fe2884d2265a9d2d6569d7c9335b9846e6053223bb9be934548c7304bcd0b6604fc0c8f7f2d9cd2c7e20189f987052fd61befb21f4f7d142d9a6f783407bac3ac0d1adc0039f9772a6513c53e3a96efd92faabb638b10b8f69a5af971e460c88f8ff6e2c075b17d803ca9ff5191a360aa1fb4a07a271bddce36c3cf273a919001570e8deb42a2f16b82df438be91669c708d8d2501d85ed3b074efcf0ce43a925293deef72db8a25186c7c28a137576a80e1023ba994b887736ee3de005276eaa2bf6064087c93dd9913a4f5a8e6691de48219606841903cab2dc8f1944b1cd6431c63af39167cf219be0e24f946d32df5c49406ca63395e6645cafa2ed9044c4dfeafddee521396c71247b4e74ac50d66569aece13c0ac20ad867681ffce54802769a763fe266b37c00b0410ece9be1551b412a42d8b9c0c24986aaa7330878f5e95bcd2673df926c7db16fc202c7bdef851f0d9a3049f2b1a6855e15c93bceba734d41c8c472ccf748650d1ccef26fcfda92e25c6ad01fc316e82921835a4ce8e7223d593858daa0c832645d662d6ed7e7858328d966970921c9ce63e484669935508043d92dac593e5bb4ca334a60dd5f1cca5a4054ef3a028734b11abdb2b1071b9c9e5034e92b41a06d8bbcc8645acb4eb9f6f2e3215c785761a0a721e395ff6a72665cda628208e6fbb33f19cb55a83e6dcbe1f6ebc7f05e08356d5848d839c52672dcd09c3829eac64acb24eb9c29d204bed455bea58af4a1421df7d8cd4847f6248a8c3fcf0072cbb0b5b4e1bdcdcea0c02b6a11085d49442a5301993982eb54a9403c8160ec42990ccb8e375a0f3dd323fde0e4c1528d3efd1c38c6e574574667375eae5c8970b9b9ae0f21d4ed9608dcb1f9c6596a4d21ded32e412f97d184bc29964f3fdcb681997380bb0ae30916352b7a3180974b72e009a1ee3f85a78923c04c0ce84575ad77d1e2166044ec88314f68965208d679fbd6bc42604c8b2325721858b9d9f7a14ee8255eadfb0fbe0e5c2d185667341416a5bdded542a903e426099c4f50b016f20743927122246b4bc52f8bd771d7f3dfeed26c5f3397b04956070f584318ff408dd7d929db746ebb2b64430b1c08ea18c0b6c6abfc8eda8052b1efd2497f9d87ab3adb5ae7a9af38b4c7386d97f20716cc8bf8fe217c08b63c1d83d01781438bfd81f75dcd89b6b8e39fa3c72ae770721017dc3509ed2c263793a7f608067588c3299f1c8061388271fa6986c3f190b69ef612986e63d6eb426475c709ab5cf079b4835c70c2145c76ea5899c6865eb4a2ec76a565b02f8915bde6ae32070e74a8c791735f9341ba6cb3fdb36ea38a76b3a09c8aad86b44da41c5fdfb716f248ed458b1cf22fe88df691db6fa2031925a8340d46cf3969f66636cde088cc917a441395c55ac6d2dd4abd12bd181f14fb766ddcc8c2a36845797189ca3226a226294fafcb7bfdf2f19d454111e077ca1afd4089e1457813bfef148f84ab8994a7e1251091fab584cc64740e672aaa2044a98fcfdbc55a0f0b131749415492a6463098e0a03c8e48e9ad28e5742f20b7b0e3455a3022f4fc93887fd7cdb1f0323c97fcb305070eab007bf53932eba949927f9bf7e7647685c30fb1c969f98fa2456a80b4df670f230155546dd2114ed5b0f112ee0648c56b5499f84a45db5f922943d94785e238d42d69f97e393c70052aad6eac05caa5fa79191a0f8623285d3986d5748920b66366466a75ca2dd9f4c6762f7523ed76eb122446d0b725239d8da6643ef150e66e947097b7642cfbac9b1b32521a6de4e9932957a65733c597e5dd8cce21b44bd4b8ad10c391a0ac2179e36caffb579f236409f5ff1b0881c6b2405cee85f004866fec086af7b9bfa03a64bffa533bfe9aabd500c35f18409d27883b00f20031a6d43b9eeeba19477294189cf71438edd79ff1bc80298d2f604588bd6f35a590af27f7cc8bf4d69c09f2f25da7af93e18ffeb16ac783b28831f5cd5af5df9013af398a471e615c00a66fd1627fd55c6fc6601fd925855454d9d331e870bc8fff7d4ef33dc0752d4bd2a2411f0f50720e5f0bc111ef8740b1f8c8534c8b2c6603276c7482a1d378b4defc2f986de3edf7a1a6cbbb317f7689ca6e7afa8ce5e501d362fd7ddf973e84d83f791c0aa4a27f6f83525746e96c3a6f5562aca6b1aeaf9e5546260b15fabe3c4a867a177ca7699878d40df07ba893f40ebf6f88a12a402d1af5e565a11f21a76fe64ea2bdbe5afaeda6b9e8f3c34a3ae44ef98555190edbe569e7bedc7e2c3b13956504c39568762046c46921e1bb6d9ce4c86872122ade75e433ce60a1584a5d85119eb5aeb94f9f3b8650377d6a44ea1803efa26518aef472c0d1f12ed2cddb849c36ba39a01fc250d48972f40247d707b103bb64a4597388044e55a60c05bd198b1992b08b9206cecb0a71655f88699ef425175f1e0fda01fa43da308a4477634a34efa3ebc7361d3eec9a631af9497ce477d5f211f8f7fa398e42ce4c3abb816900d4ab50566d5a48c3baf7d0ae1b19c0a2ecdd77acd97dd091825a71641dc30eb27057a828b77056ad2f3d58f7c21ffa0438320acfdfe34ad71d559d596a3d3492761816535160c69d8ac4bcae4dd32540f2a42dee6a855e1e15ee70e55617a114f23903a1053c0f3ef1a2151219a06386b80e6a2023300a560acd0234510893c4c012368ee86be34ed6e2670a8ab973978fb935283ca7a67d0af71da5a8aa12572ba0ffc483f4351fe932cbfa5517858e36ebe0755b613f8fa2b967976074fec63ba93c444a30082edc8506518d7a89c1bf2360b389d259bfe00e6f517ac746a4b9f9ee1dc144c97df563627f11d25929c5035325517e3c9f489b0989caacfbb9d444b97217d020bfe297a7206ba4f12590d4289f4aaa1bbdf006c973ef3a281114fb3c836dea6d58d2345239b86a4e3b18747e159d39112a25e31b54275b8ddef22fd4b09b9a15ca4ea71f0bd465ca1a7878ec7950cf405ddc0f9cfb2869dec9e27213b140c2cb488b505ec54702bd53c2a1d858e82c482539afde609893b7df2e21a6e3f5302185fe9dc111f3c09135ef003f5084ced0846ef889d6f1d95c3155e9b422cff6909a41543102f3a22f6870397ce52d6bb3119e166ddf90ba1b48249f6100bb20cb60705d27037b29dc71d86687b1287dfe69cf34cf63d79f193f6f7873ffee1023913d4b525a6a7eb7e80ad1a7e38f8116bbacc8303d03ae091463662316762507af944be3e0907cafb71e799e2cfb1c1e7665ee9c6439f6be84d61c672f6d16b48c234f8f3212e45f3f70330b1684682d48895c79ca9d039f3edf043bb532db26ac8d3fdc64d10bd362d10427cbabd52958989ae1db8c3e669ec5c9ce59d49992fb55acbdb814e80bcaa65a1fed2f11534ea2fcb57b8956b42eaa6bca8fc93ed9776291a7a17f9398ef1239f185c63f083edb9cf72c4f2853074d065491b14b6c5b492aa7d6aa17194fd583d71ea72d14a588b139871a94b722a173da81223daaa5b4b3298780f441d3568ebf8531c576d52d7292790c0eed9d830ef56f1d0cccd54b373f5a1d4b36a8f9a4a0afa7958e2d895bf0fb047cd5e2880a962ad7c5a000ed78c28554883d3fff44db7e78b5b4aa69fbe244548f42eb605abde95d034afafb6b402adfc3b87da736cff001c7d5959b92a00afa598818385f50cc5b4ee623abebdb8a9df62d654132298d336f7b6e4897c9a711ccc5a7a78a763f9ccc940bef3fbb4d807e64f673ee681903ef5682021e20acf23df920c6e2dd8dd79c6a2683f5366de6d791cda3288067c9db69fe5b7ee5cefc0d718a1ee6ea8c20db0957e6faa8cc921942cc7f397fa460f1a9486ae625cf3f88e0fcc1e93518e173769ff6e677818ad7e77ac379ccc2ae6a62e3559214c11b38d46ff5fd71b4b6524b7573ef8386399d43dd9ec35f7a3eee903aced40d3133797c8c91adc770a5372fcf81ba5ee49e34e5461c05efc3968bd73e175b57533f6fd161de6144979e4315250791ff5d6d31001b52e80ce5665c6d1a2fcbcf17c9f80227f51b36be01255913e0edec0b88b14193eadf42e04d710992ebdb28de39a60a90cb6448a0b33b1f10b92b785a23c084e32046b6715bbb43f9fa8ca3f5443e023a13da1dd62fb87b7ad191513390527c6a54d2f862f505e4f382fcc0d470851571d1dedeb343ef87f73e38e3b6d9d070428f46b296614933a2f2c8d6340bf8b807954e92533ef3edfef4289e3ab84a538756e1d6642a35c2189cab6200d83f0691e68d09960187e2c575fc349355b328e6a9e68237f4bf9126116a1cd3ae8da591e3f25411c5aa49da6475abb8484dc9520f69cc6f9ebaddb881bb427878565686baf786110040308bf240e2d847814327ef9ee7755d151843979a0a0c6b5bce832a475829f13331b8526e25ed6300a0fccc96cadd548f52e26ed1e9f1875d94ca9d800a1aa5ee72f60bae617d6776e60ad5a7e3c05568e5880b9c6fcde965ace53edd2f14"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5d6f}, @ETHTOOL_A_BITSET_VALUE={0x9, 0x4, "4d160c729b"}]}, @ETHTOOL_A_WOL_SOPASS={0x58, 0x3, "b0dc288fde5d875dcb9dea57a3fb6c1223bf5ecf8e08dff4839e7718cc05854e62f65523e1ad1657b36fef2bf5fe6896429475ef1c15d49077b16b1a69346eae00945b450dd31948d7690ca9ba67f5d3716a863d"}, @ETHTOOL_A_WOL_MODES={0x6c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x68, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '&\x00'}]}, {0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'E&/.-.\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '!\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}]}, 0x1140}, 0x1, 0x0, 0x0, 0x4}, 0x80)

1.751135498s ago: executing program 1 (id=4692):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000002c0)=""/123, &(0x7f0000000080)=0x7b)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="a4010000100033060000000000000000fe8000000000000000000000000000bbac1e0001000000000000000000000000ffff07ff000000000a00000039000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="64010102000000000000000000000000000004d233000000ac1e0001000000000000000000000000fcffffffffffffff03000000000000000b000000000000000500000000000000fcffffffffffffff000000000000000001000000000000000c000000000200000000000000000000ff7f0000000000000000000000000000b8ad000000000000050000000700000001000000000000000000000002000400080000000000000048000200656362286369706865725f6e756c6c2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000690001"], 0x1a4}, 0x1, 0x0, 0x0, 0x90}, 0x0)
setrlimit(0x8, &(0x7f0000000000)={0x2, 0x1})
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fadvise64(r3, 0x2400000, 0x2, 0x3)
ioctl$FUSE_DEV_IOC_BACKING_OPEN(r1, 0x4010e501, &(0x7f0000000140))
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xb)

1.389862981s ago: executing program 5 (id=4689):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)={@my=0x1})
mmap$binder(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1, 0x11, 0xffffffffffffffff, 0xa94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000007c0)="0b0312002e9b97cf5db4d0d010f6a1", 0xf, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000cb000/0x4000)=nil, 0x1000, 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x82, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x9, r6, 0x0, 0x0, 0x4}])
close_range(r0, 0xffffffffffffffff, 0x0)

1.268960201s ago: executing program 4 (id=4648):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(r0, 0x9)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_GET_SE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x52b90f6b936d2b53, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x5, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x1, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x8001, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012d, 0x8004, 0x5, 0xfffffff3, 0x7ff, 0xc8, 0xf9, 0xe, 0x2bf, 0x40001, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x8, 0x2f, 0xe, 0x6, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x0, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0xa, 0x4, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x80, 0x3, 0x3, 0xbc45, 0x3, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x8, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x9, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x3, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x10, 0x1, 0xfffff000, 0x5, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2) (async)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000500)=[@increfs_done={0x40106308, 0x1}], 0x0, 0x0, 0x0})

1.150312362s ago: executing program 5 (id=4689):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)={@my=0x1})
mmap$binder(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1, 0x11, 0xffffffffffffffff, 0xa94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000007c0)="0b0312002e9b97cf5db4d0d010f6a1", 0xf, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000cb000/0x4000)=nil, 0x1000, 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x82, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x9, r6, 0x0, 0x0, 0x4}])
close_range(r0, 0xffffffffffffffff, 0x0)

1.029334703s ago: executing program 4 (id=4648):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(r0, 0x9)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_GET_SE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x52b90f6b936d2b53, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x5, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x1, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x8001, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012d, 0x8004, 0x5, 0xfffffff3, 0x7ff, 0xc8, 0xf9, 0xe, 0x2bf, 0x40001, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x8, 0x2f, 0xe, 0x6, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x0, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0xa, 0x4, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x80, 0x3, 0x3, 0xbc45, 0x3, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x8, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x9, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x3, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x10, 0x1, 0xfffff000, 0x5, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2) (async)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000500)=[@increfs_done={0x40106308, 0x1}], 0x0, 0x0, 0x0})

904.955774ms ago: executing program 5 (id=4689):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)={@my=0x1})
mmap$binder(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1, 0x11, 0xffffffffffffffff, 0xa94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000007c0)="0b0312002e9b97cf5db4d0d010f6a1", 0xf, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000cb000/0x4000)=nil, 0x1000, 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x82, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x9, r6, 0x0, 0x0, 0x4}])
close_range(r0, 0xffffffffffffffff, 0x0)

782.491705ms ago: executing program 1 (id=4693):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) (async)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x7b52e4aff0f1e2e6, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4a81, &(0x7f0000000040)={[{}]})

771.497464ms ago: executing program 2 (id=4694):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x2001, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r2 = fcntl$dupfd(r1, 0x406, r1)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
ioctl$KDGKBMETA(r2, 0x4b62, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

754.061085ms ago: executing program 4 (id=4648):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(r0, 0x9)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_GET_SE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x52b90f6b936d2b53, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x5, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x1, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x8001, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012d, 0x8004, 0x5, 0xfffffff3, 0x7ff, 0xc8, 0xf9, 0xe, 0x2bf, 0x40001, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x8, 0x2f, 0xe, 0x6, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x0, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0xa, 0x4, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x80, 0x3, 0x3, 0xbc45, 0x3, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x8, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x9, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x3, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x10, 0x1, 0xfffff000, 0x5, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2) (async)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000500)=[@increfs_done={0x40106308, 0x1}], 0x0, 0x0, 0x0})

635.940525ms ago: executing program 5 (id=4689):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)={@my=0x1})
mmap$binder(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1, 0x11, 0xffffffffffffffff, 0xa94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000007c0)="0b0312002e9b97cf5db4d0d010f6a1", 0xf, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000cb000/0x4000)=nil, 0x1000, 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x82, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x9, r6, 0x0, 0x0, 0x4}])
close_range(r0, 0xffffffffffffffff, 0x0)

524.425786ms ago: executing program 1 (id=4695):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x0, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000901, r1, &(0x7f0000000100))

523.133126ms ago: executing program 2 (id=4696):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) (async)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
fcntl$setstatus(r0, 0x4, 0x40800) (async)
fcntl$setstatus(r0, 0x4, 0x40800)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
ftruncate(r1, 0x2000009)
sendfile(r0, r1, 0x0, 0x7ffff004) (async)
sendfile(r0, r1, 0x0, 0x7ffff004)
ioctl$PPPIOCBRIDGECHAN(r1, 0x40047435, &(0x7f0000000000)=0x298f) (async)
ioctl$PPPIOCBRIDGECHAN(r1, 0x40047435, &(0x7f0000000000)=0x298f)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000180))
ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000080)=0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x40d00, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x40d00, 0x0)
r3 = dup(r2)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xd6) (async)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xd6)
r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000140), 0x200500, 0x0)
ioctl$ASHMEM_GET_SIZE(r4, 0x7704, 0x0) (async)
ioctl$ASHMEM_GET_SIZE(r4, 0x7704, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', <r6=>0x0})
r7 = socket(0x10, 0x803, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f0000000380)={0x79, 0x0, 0x4bc})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', r6, 0x700, 0x8000, 0x0, 0x402224, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}}}})
r8 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000080904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0)
sendmsg$NFNL_MSG_COMPAT_GET(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="340000c58110542261f0e3000082a8a5313c0002400000260000000d0001002f6465762f6b766d00000000"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x64000041)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0xfffa, 0xc8, 0x0, 0x4, 0x33f, 0xcb8c, 0x8, 0x9, 0x401, 0x0, 0x4, 0x8b}}, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r8, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0xfffa, 0xc8, 0x0, 0x4, 0x33f, 0xcb8c, 0x8, 0x9, 0x401, 0x0, 0x4, 0x8b}}, 0x0, 0x0, 0x0, 0x0})
clock_nanosleep(0xc, 0x1, 0x0, 0x0) (async)
clock_nanosleep(0xc, 0x1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

522.844436ms ago: executing program 4 (id=4648):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(r0, 0x9)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_GET_SE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x52b90f6b936d2b53, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x5, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x1, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x8001, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012d, 0x8004, 0x5, 0xfffffff3, 0x7ff, 0xc8, 0xf9, 0xe, 0x2bf, 0x40001, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x8, 0x2f, 0xe, 0x6, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x0, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0xa, 0x4, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x80, 0x3, 0x3, 0xbc45, 0x3, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x8, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x9, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x3, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x10, 0x1, 0xfffff000, 0x5, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2) (async)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000500)=[@increfs_done={0x40106308, 0x1}], 0x0, 0x0, 0x0})

398.340427ms ago: executing program 5 (id=4689):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)={@my=0x1})
mmap$binder(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1, 0x11, 0xffffffffffffffff, 0xa94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000007c0)="0b0312002e9b97cf5db4d0d010f6a1", 0xf, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000cb000/0x4000)=nil, 0x1000, 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x82, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x9, r6, 0x0, 0x0, 0x4}])
close_range(r0, 0xffffffffffffffff, 0x0)

279.668468ms ago: executing program 1 (id=4697):
stat(&(0x7f0000000180)='./cgroup\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}) (async, rerun: 64)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) (rerun: 64)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000001fc0)=[{}], 0x1, 0x1, 0x0, 0x2, 0x0, 0x2}) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x25, &(0x7f0000000000)={0x1}) (async, rerun: 64)
fcntl$lock(r2, 0x7, &(0x7f0000001140)={0x1, 0x2, 0x6, 0x5}) (rerun: 64)
ioctl$ASHMEM_GET_SIZE(r2, 0x7704, 0x0) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) (async, rerun: 32)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000003c0)=0x3, 0x4) (async, rerun: 32)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_int(r3, 0x0, 0x6, 0x0, &(0x7f0000000240)) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000400)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000440)=0xc)
mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x40010, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@allow_other}], [{@smackfsdef={'smackfsdef', 0x3d, '/dev/rnullb0\x00'}}, {@subj_type={'subj_type', 0x3d, '\xe4\\'}}]}}) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)

276.812258ms ago: executing program 4 (id=4648):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(r0, 0x9)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_GET_SE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x52b90f6b936d2b53, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x5, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x1, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x8001, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012d, 0x8004, 0x5, 0xfffffff3, 0x7ff, 0xc8, 0xf9, 0xe, 0x2bf, 0x40001, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x8, 0x2f, 0xe, 0x6, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x0, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0xa, 0x4, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x80, 0x3, 0x3, 0xbc45, 0x3, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x8, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x9, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x3, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x10, 0x1, 0xfffff000, 0x5, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2) (async)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000500)=[@increfs_done={0x40106308, 0x1}], 0x0, 0x0, 0x0})

149.299889ms ago: executing program 5 (id=4689):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)={@my=0x1})
mmap$binder(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1, 0x11, 0xffffffffffffffff, 0xa94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000007c0)="0b0312002e9b97cf5db4d0d010f6a1", 0xf, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f00000cb000/0x4000)=nil, 0x1000, 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x82, &(0x7f0000000240)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x9, r6, 0x0, 0x0, 0x4}])
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=4648):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(r0, 0x9)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_GET_SE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x52b90f6b936d2b53, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x5, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x1, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x8001, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012d, 0x8004, 0x5, 0xfffffff3, 0x7ff, 0xc8, 0xf9, 0xe, 0x2bf, 0x40001, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x8, 0x2f, 0xe, 0x6, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x0, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0xa, 0x4, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x80, 0x3, 0x3, 0xbc45, 0x3, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x8, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x9, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x3, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x10, 0x1, 0xfffff000, 0x5, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2) (async)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000ca8842dd0cb1c9716c5d855b408f7bd58ca31d8ab36e1935d8075811a1022075522c2e1d7acfb17a043a16dae5b43808b75c9b52fbcd954de4d00fe27a6881694b1691c0ab37871e96270bd66a38c1a064025f2991bcddbb684dab60a9e51322b6a8e4e76ccd25d0cad3ba3a8a5ea19c7845a7f3379cddea6e2bd68c08249e06c7f9cd6f3043ce", @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf2525000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004020}, 0x24000084)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000500)=[@increfs_done={0x40106308, 0x1}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

etooth: hci0: Frame reassembly failed (-84)
[  254.999599][ T1913] Bluetooth: hci0: Frame reassembly failed (-84)
[  255.002436][T11113] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  255.016839][T11113] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  255.325313][ T1913] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  255.335373][ T1913] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  255.356991][   T45] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  255.539954][T11018] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  255.596234][T11018] CPU: 0 UID: 0 PID: 11018 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  255.596275][T11018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  255.596303][T11018] Call Trace:
[  255.596312][T11018]  <TASK>
[  255.596322][T11018]  __dump_stack+0x21/0x30
[  255.596362][T11018]  dump_stack_lvl+0x10c/0x190
[  255.596468][T11018]  ? __cfi_dump_stack_lvl+0x10/0x10
[  255.596500][T11018]  ? ___ratelimit+0x3f7/0x5a0
[  255.596536][T11018]  dump_stack+0x19/0x20
[  255.596565][T11018]  dump_header+0xd7/0x490
[  255.596600][T11018]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  255.596631][T11018]  oom_kill_process+0x35d/0x640
[  255.596661][T11018]  ? sched_clock_cpu+0x75/0x400
[  255.596694][T11018]  out_of_memory+0x659/0xa80
[  255.596722][T11018]  ? __cfi_out_of_memory+0x10/0x10
[  255.596751][T11018]  ? mutex_lock_killable+0x92/0x1c0
[  255.596774][T11018]  ? __cfi_mutex_lock_killable+0x10/0x10
[  255.596800][T11018]  mem_cgroup_out_of_memory+0x279/0x350
[  255.596824][T11018]  ? drain_obj_stock+0xed0/0xed0
[  255.596848][T11018]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  255.596871][T11018]  try_charge_memcg+0x8f7/0xde0
[  255.596903][T11018]  ? __cfi_try_charge_memcg+0x10/0x10
[  255.596935][T11018]  ? __alloc_pages_noprof+0x31f/0x7b0
[  255.596967][T11018]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  255.596999][T11018]  ? __folio_batch_add_and_move+0x2ab/0x370
[  255.597031][T11018]  __mem_cgroup_charge+0xf6/0x410
[  255.597065][T11018]  ? _raw_spin_lock+0x8c/0x120
[  255.597094][T11018]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  255.597132][T11018]  shmem_alloc_and_add_folio+0x86d/0x1050
[  255.597160][T11018]  ? finish_task_switch+0x13a/0x780
[  255.597192][T11018]  ? put_swap_device+0x130/0x130
[  255.597220][T11018]  ? shmem_huge_global_enabled+0x2da/0x360
[  255.597248][T11018]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  255.597275][T11018]  ? __kasan_check_write+0x18/0x20
[  255.597309][T11018]  ? _raw_spin_lock+0x8c/0x120
[  255.597337][T11018]  shmem_get_folio_gfp+0x5f0/0x1380
[  255.597364][T11018]  ? shmem_get_folio+0xc0/0xc0
[  255.597388][T11018]  ? follow_page_pte+0xa5c/0xb90
[  255.597421][T11018]  ? inode_to_bdi+0x6d/0x100
[  255.597454][T11018]  shmem_write_begin+0xf4/0x270
[  255.597484][T11018]  generic_perform_write+0x330/0x960
[  255.597521][T11018]  ? __cfi_generic_perform_write+0x10/0x10
[  255.597555][T11018]  ? down_write+0xe9/0x2a0
[  255.597607][T11018]  ? file_update_time+0xa3/0x220
[  255.597639][T11018]  shmem_file_write_iter+0x105/0x130
[  255.597671][T11018]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  255.597704][T11018]  __kernel_write_iter+0x41a/0x8e0
[  255.597726][T11018]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  255.597759][T11018]  ? __cfi___kernel_write_iter+0x10/0x10
[  255.597781][T11018]  ? get_dump_page+0x160/0x220
[  255.597812][T11018]  ? __asan_memset+0x39/0x50
[  255.597834][T11018]  ? iov_iter_bvec+0xc0/0x180
[  255.597864][T11018]  dump_user_range+0xb06/0xdf0
[  255.597888][T11018]  ? __cfi_dump_emit+0x10/0x10
[  255.597910][T11018]  ? __cfi_dump_user_range+0x10/0x10
[  255.597933][T11018]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  255.597967][T11018]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  255.598002][T11018]  ? elf_core_dump+0x2368/0x3800
[  255.598030][T11018]  elf_core_dump+0x2ccc/0x3800
[  255.598061][T11018]  ? __cfi_elf_core_dump+0x10/0x10
[  255.598098][T11018]  ? dump_interrupted+0xf0/0xf0
[  255.598132][T11018]  ? filp_open+0x182/0x1d0
[  255.598161][T11018]  ? 0xffffffffff600000
[  255.598180][T11018]  ? freezing_slow_path+0x12b/0x170
[  255.598213][T11018]  do_coredump+0x1bfa/0x2bd0
[  255.598252][T11018]  ? __cfi_do_coredump+0x10/0x10
[  255.598285][T11018]  ? asm_exc_page_fault+0x2b/0x30
[  255.598319][T11018]  ? __kasan_slab_free+0x6a/0x80
[  255.598347][T11018]  ? kmem_cache_free+0x1c1/0x510
[  255.598370][T11018]  ? get_signal+0xa75/0x14f0
[  255.598400][T11018]  get_signal+0x11fd/0x14f0
[  255.598432][T11018]  arch_do_signal_or_restart+0x96/0x720
[  255.598470][T11018]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  255.598508][T11018]  ? __kasan_check_write+0x18/0x20
[  255.598544][T11018]  irqentry_exit_to_user_mode+0x4e/0xb0
[  255.598578][T11018]  irqentry_exit+0x16/0x60
[  255.598604][T11018]  exc_page_fault+0x66/0xc0
[  255.598628][T11018]  asm_exc_page_fault+0x2b/0x30
[  255.598652][T11018] RIP: 0033:0x7ffbf278efc9
[  255.598679][T11018] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  255.598692][T11018] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  255.598717][T11018] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  255.598735][T11018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  255.598750][T11018] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  255.598766][T11018] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  255.598780][T11018] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  255.598801][T11018]  </TASK>
[  255.598811][T11018] memory: usage 307200kB, limit 307200kB, failcnt 14331
[  255.794017][   T45] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  255.798552][T11018] memory+swap: usage 432024kB, limit 9007199254740988kB, failcnt 0
[  256.094932][T11018] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  256.102072][T11018] Memory cgroup stats for /syz2:
[  256.102229][T11018] cache 314286080
[  256.110936][T11018] rss 110592
[  256.114261][T11018] rss_huge 0
[  256.117478][T11018] shmem 314286080
[  256.121123][T11018] mapped_file 0
[  256.126928][T11018] dirty 0
[  256.129978][T11018] writeback 0
[  256.133445][T11018] workingset_refault_anon 6885
[  256.138626][T11018] workingset_refault_file 65
[  256.143322][T11018] swap 127819776
[  256.146977][T11018] swapcached 176128
[  256.150992][T11018] pgpgin 672290
[  256.154633][T11018] pgpgout 598045
[  256.158279][T11018] pgfault 302841
[  256.162053][T11018] pgmajfault 890
[  256.165764][T11018] inactive_anon 137379840
[  256.170264][T11018] active_anon 177192960
[  256.174679][T11018] inactive_file 0
[  256.178638][T11018] active_file 0
[  256.182183][T11018] unevictable 0
[  256.185901][T11018] hierarchical_memory_limit 314572800
[  256.191404][T11018] hierarchical_memsw_limit 9223372036854771712
[  256.197813][T11018] total_cache 314286080
[  256.202442][T11018] total_rss 110592
[  256.206248][T11018] total_rss_huge 0
[  256.210173][T11018] total_shmem 314286080
[  256.214430][T11018] total_mapped_file 0
[  256.218483][T11018] total_dirty 0
[  256.222083][T11018] total_writeback 0
[  256.226069][T11018] total_workingset_refault_anon 6885
[  256.231465][T11018] total_workingset_refault_file 65
[  256.236768][T11018] total_swap 127819776
[  256.241006][T11018] total_swapcached 176128
[  256.245444][T11018] total_pgpgin 672290
[  256.249660][T11018] total_pgpgout 598045
[  256.253821][T11018] total_pgfault 302841
[  256.258033][T11018] total_pgmajfault 890
[  256.262173][T11018] total_inactive_anon 137379840
[  256.267171][T11018] total_active_anon 177192960
[  256.271929][T11018] total_inactive_file 0
[  256.276350][T11018] total_active_file 0
[  256.280586][T11018] total_unevictable 0
[  256.284640][T11018] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11021,uid=0
[  256.299820][T11018] Memory cgroup out of memory: Killed process 11021 (syz.2.3559) total-vm:49268kB, anon-rss:0kB, file-rss:29696kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:0
[  256.385059][T11120] syz.2.3592 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  256.410939][T11120] CPU: 0 UID: 0 PID: 11120 Comm: syz.2.3592 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  256.410980][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  256.410995][T11120] Call Trace:
[  256.411004][T11120]  <TASK>
[  256.411014][T11120]  __dump_stack+0x21/0x30
[  256.411051][T11120]  dump_stack_lvl+0x10c/0x190
[  256.411082][T11120]  ? __cfi_dump_stack_lvl+0x10/0x10
[  256.411113][T11120]  ? ___ratelimit+0x3f7/0x5a0
[  256.411148][T11120]  dump_stack+0x19/0x20
[  256.411178][T11120]  dump_header+0xd7/0x490
[  256.411202][T11120]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  256.411232][T11120]  oom_kill_process+0x35d/0x640
[  256.411259][T11120]  ? sched_clock_cpu+0x75/0x400
[  256.411298][T11120]  out_of_memory+0x659/0xa80
[  256.411326][T11120]  ? __cfi_out_of_memory+0x10/0x10
[  256.411353][T11120]  ? mutex_lock_killable+0x104/0x1c0
[  256.411376][T11120]  ? __cfi_mutex_lock_killable+0x10/0x10
[  256.411400][T11120]  mem_cgroup_out_of_memory+0x279/0x350
[  256.411424][T11120]  ? drain_obj_stock+0xed0/0xed0
[  256.411447][T11120]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  256.411470][T11120]  try_charge_memcg+0x8f7/0xde0
[  256.411501][T11120]  ? update_curr+0xdc/0xaa0
[  256.411522][T11120]  ? __cfi_try_charge_memcg+0x10/0x10
[  256.411554][T11120]  ? __alloc_pages_noprof+0x31f/0x7b0
[  256.411587][T11120]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  256.411620][T11120]  __mem_cgroup_charge+0xf6/0x410
[  256.411655][T11120]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  256.411689][T11120]  ? __cfi_check_preempt_wakeup_fair+0x10/0x10
[  256.411725][T11120]  folio_prealloc+0x67/0x240
[  256.411753][T11120]  do_wp_page+0x1885/0x2ed0
[  256.411781][T11120]  ? folio_put+0x90/0x90
[  256.411805][T11120]  ? __cfi__raw_spin_lock+0x10/0x10
[  256.411834][T11120]  ? __pte_offset_map+0x1b0/0x230
[  256.411868][T11120]  ? pte_offset_map_rw_nolock+0xba/0x110
[  256.411903][T11120]  handle_mm_fault+0xff7/0x1b90
[  256.411932][T11120]  ? __cfi_handle_mm_fault+0x10/0x10
[  256.411957][T11120]  ? lock_vma_under_rcu+0x49d/0x540
[  256.411992][T11120]  ? __se_sys_futex+0x28f/0x300
[  256.412019][T11120]  do_user_addr_fault+0x96c/0x1200
[  256.412056][T11120]  exc_page_fault+0x59/0xc0
[  256.412077][T11120]  asm_exc_page_fault+0x2b/0x30
[  256.412100][T11120] RIP: 0033:0x7ffbf2664e87
[  256.412120][T11120] Code: 0f 85 11 0e 00 00 4c 89 44 24 28 31 c0 b9 40 42 0f 00 48 89 de ba 81 00 00 00 bf ca 00 00 00 c7 03 01 00 00 00 e8 29 a1 12 00 <83> 05 1e 2f 38 00 01 4c 8b 44 24 28 80 bc 24 e8 00 00 00 00 0f b6
[  256.412140][T11120] RSP: 002b:00007ffce88bec30 EFLAGS: 00010207
[  256.412162][T11120] RAX: 0000000000000001 RBX: 00007ffbf29e5fa8 RCX: 00007ffbf278efc9
[  256.412180][T11120] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffbf29e5fa8
[  256.412195][T11120] RBP: 0000000000000000 R08: 00007ffce88beac7 R09: 00000001e88bef1f
[  256.412211][T11120] R10: 00007ffbf29e5fa0 R11: 0000000000000246 R12: 00007ffbf29e5fac
[  256.412228][T11120] R13: 00007ffbf29e5fa0 R14: 000000000000129d R15: 0000000000000004
[  256.412272][T11120]  </TASK>
[  256.698989][   T31] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  256.714823][T11120] memory: usage 302124kB, limit 307200kB, failcnt 15484
[  256.722315][T11120] memory+swap: usage 419404kB, limit 9007199254740988kB, failcnt 0
[  256.734312][T11127] fuse: Bad value for 'fd'
[  256.758921][T11120] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  256.766162][T11120] Memory cgroup stats for /syz2:
[  256.766317][T11120] cache 294932480
[  256.775259][T11120] rss 86016
[  256.778451][T11120] rss_huge 0
[  256.781762][T11120] shmem 294932480
[  256.787475][T11120] mapped_file 0
[  256.791113][T11120] dirty 0
[  256.794073][T11120] writeback 499712
[  256.798667][T11120] workingset_refault_anon 6885
[  256.803516][T11120] workingset_refault_file 65
[  256.808380][T11120] swap 122097664
[  256.812025][T11120] swapcached 688128
[  256.815860][T11120] pgpgin 673731
[  256.819659][T11120] pgpgout 604091
[  256.823303][T11120] pgfault 302931
[  256.826881][T11120] pgmajfault 890
[  256.831629][T11120] inactive_anon 166842368
[  256.836259][T11120] active_anon 128184320
[  256.840890][T11120] inactive_file 0
[  256.844993][T11120] active_file 0
[  256.848634][T11120] unevictable 0
[  256.852586][T11120] hierarchical_memory_limit 314572800
[  256.858036][T11120] hierarchical_memsw_limit 9223372036854771712
[  256.864685][T11120] total_cache 294932480
[  256.868889][T11120] total_rss 86016
[  256.872893][T11120] total_rss_huge 0
[  256.873117][T11131] /dev/loop0: Can't lookup blockdev
[  256.876847][T11120] total_shmem 294932480
[  256.887623][T11120] total_mapped_file 0
[  256.891764][T11120] total_dirty 0
[  256.895250][T11120] total_writeback 499712
[  256.899674][T11120] total_workingset_refault_anon 6885
[  256.905128][T11120] total_workingset_refault_file 65
[  256.910265][T11120] total_swap 122097664
[  256.914440][T11120] total_swapcached 688128
[  256.918803][T11120] total_pgpgin 673731
[  256.922813][T11120] total_pgpgout 604091
[  256.926992][T11120] total_pgfault 302931
[  256.931077][T11120] total_pgmajfault 890
[  256.935205][T11120] total_inactive_anon 166842368
[  256.940141][T11120] total_active_anon 128184320
[  256.944857][T11120] total_inactive_file 0
[  256.949068][T11120] total_active_file 0
[  256.953132][T11120] total_unevictable 0
[  256.957185][T11120] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11003,uid=0
[  256.972234][T11120] Memory cgroup out of memory: Killed process 11003 (syz.2.3559) total-vm:49268kB, anon-rss:0kB, file-rss:31104kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:0
[  257.115568][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  257.115645][ T1644] Bluetooth: hci0: command 0x1003 tx timeout
[  257.137649][T11133] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  257.137684][T11133] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  257.260263][T10998] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  257.284986][T11143] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3598'.
[  257.415028][T11146] netlink: 'syz.1.3599': attribute type 5 has an invalid length.
[  257.431134][T11146] rust_binder: 382: no such ref 0
[  257.441795][T11146] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  257.456688][T11146] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  257.466607][T11146] rust_binder: 382: no such ref 0
[  257.466638][T11148] netlink: 'syz.1.3599': attribute type 5 has an invalid length.
[  257.487646][T11147] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  257.501868][T11147] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  257.541965][T10998] CPU: 1 UID: 0 PID: 10998 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  257.542003][T10998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  257.542019][T10998] Call Trace:
[  257.542027][T10998]  <TASK>
[  257.542036][T10998]  __dump_stack+0x21/0x30
[  257.542073][T10998]  dump_stack_lvl+0x10c/0x190
[  257.542102][T10998]  ? __cfi_dump_stack_lvl+0x10/0x10
[  257.542131][T10998]  ? ___ratelimit+0x3f7/0x5a0
[  257.542165][T10998]  dump_stack+0x19/0x20
[  257.542203][T10998]  dump_header+0xd7/0x490
[  257.542229][T10998]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  257.542261][T10998]  oom_kill_process+0x35d/0x640
[  257.542286][T10998]  ? sched_clock_cpu+0x75/0x400
[  257.542318][T10998]  out_of_memory+0x659/0xa80
[  257.542345][T10998]  ? __cfi_out_of_memory+0x10/0x10
[  257.542372][T10998]  ? mutex_lock_killable+0x92/0x1c0
[  257.542395][T11150] binder: Binderfs stats mode cannot be changed during a remount
[  257.542394][T10998]  ? __cfi_mutex_lock_killable+0x10/0x10
[  257.542420][T10998]  mem_cgroup_out_of_memory+0x279/0x350
[  257.542442][T10998]  ? drain_obj_stock+0xed0/0xed0
[  257.542463][T10998]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  257.542486][T10998]  try_charge_memcg+0x8f7/0xde0
[  257.542523][T10998]  ? __cfi_try_charge_memcg+0x10/0x10
[  257.542559][T10998]  ? __alloc_pages_noprof+0x31f/0x7b0
[  257.542596][T10998]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  257.542633][T10998]  ? __folio_batch_add_and_move+0x2ab/0x370
[  257.542667][T10998]  __mem_cgroup_charge+0xf6/0x410
[  257.542704][T10998]  ? _raw_spin_lock+0x8c/0x120
[  257.542736][T10998]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  257.542777][T10998]  shmem_alloc_and_add_folio+0x86d/0x1050
[  257.542812][T10998]  ? put_swap_device+0x130/0x130
[  257.542842][T10998]  ? shmem_huge_global_enabled+0x2da/0x360
[  257.542872][T10998]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  257.542902][T10998]  ? __kasan_check_write+0x18/0x20
[  257.542940][T10998]  ? _raw_spin_lock+0x8c/0x120
[  257.542974][T10998]  shmem_get_folio_gfp+0x5f0/0x1380
[  257.543005][T10998]  ? shmem_get_folio+0xc0/0xc0
[  257.543031][T10998]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  257.543068][T10998]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  257.543105][T10998]  ? inode_to_bdi+0x6d/0x100
[  257.543141][T10998]  shmem_write_begin+0xf4/0x270
[  257.543173][T10998]  generic_perform_write+0x330/0x960
[  257.543222][T10998]  ? __cfi_generic_perform_write+0x10/0x10
[  257.543258][T10998]  ? down_write+0xe9/0x2a0
[  257.543285][T10998]  ? mnt_get_write_access_file+0x1af/0x3b0
[  257.543319][T10998]  ? mnt_put_write_access_file+0xc2/0x100
[  257.543352][T10998]  ? file_update_time+0x1ef/0x220
[  257.543387][T10998]  shmem_file_write_iter+0x105/0x130
[  257.543422][T10998]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  257.543456][T10998]  __kernel_write_iter+0x41a/0x8e0
[  257.543480][T10998]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  257.543516][T10998]  ? __cfi___kernel_write_iter+0x10/0x10
[  257.543540][T10998]  ? get_dump_page+0x160/0x220
[  257.543572][T10998]  ? __asan_memset+0x39/0x50
[  257.543596][T10998]  ? iov_iter_bvec+0xc0/0x180
[  257.543628][T10998]  dump_user_range+0xb06/0xdf0
[  257.543654][T10998]  ? __cfi_dump_emit+0x10/0x10
[  257.543678][T10998]  ? __cfi_dump_user_range+0x10/0x10
[  257.543704][T10998]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  257.543742][T10998]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  257.543780][T10998]  ? elf_core_dump+0x2368/0x3800
[  257.543812][T10998]  elf_core_dump+0x2ccc/0x3800
[  257.543847][T10998]  ? __cfi_elf_core_dump+0x10/0x10
[  257.543886][T10998]  ? dump_interrupted+0xf0/0xf0
[  257.543925][T10998]  ? filp_open+0x182/0x1d0
[  257.543959][T10998]  ? 0xffffffffff600000
[  257.543980][T10998]  ? freezing_slow_path+0x12b/0x170
[  257.544020][T10998]  do_coredump+0x1bfa/0x2bd0
[  257.544063][T10998]  ? __cfi_do_coredump+0x10/0x10
[  257.544099][T10998]  ? asm_exc_page_fault+0x2b/0x30
[  257.544136][T10998]  ? __kasan_slab_free+0x6a/0x80
[  257.544165][T10998]  ? kmem_cache_free+0x1c1/0x510
[  257.544190][T10998]  ? get_signal+0xa75/0x14f0
[  257.544230][T10998]  get_signal+0x11fd/0x14f0
[  257.544266][T10998]  arch_do_signal_or_restart+0x96/0x720
[  257.544306][T10998]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  257.544346][T10998]  ? __kasan_check_write+0x18/0x20
[  257.544385][T10998]  irqentry_exit_to_user_mode+0x4e/0xb0
[  257.544415][T10998]  irqentry_exit+0x16/0x60
[  257.544442][T10998]  exc_page_fault+0x66/0xc0
[  257.544466][T10998]  asm_exc_page_fault+0x2b/0x30
[  257.544492][T10998] RIP: 0033:0x7ffbf278efc9
[  257.544518][T10998] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  257.544531][T10998] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  257.544555][T10998] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  257.544574][T10998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  257.544591][T10998] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  257.544608][T10998] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  257.544623][T10998] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  257.544647][T10998]  </TASK>
[  257.544657][T10998] memory: usage 306076kB, limit 307200kB, failcnt 17759
[  258.026550][T11168] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  258.034966][T10998] memory+swap: usage 426496kB, limit 9007199254740988kB, failcnt 0
[  258.045547][T11168] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  258.050031][T10998] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  258.069500][T11168] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  258.072615][T11168] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:391
[  258.095723][T11169] sit0: entered promiscuous mode
[  258.115814][T10998] Memory cgroup stats for /syz2:
[  258.115972][T10998] cache 312127488
[  258.119627][T11169] netlink: 'syz.4.3608': attribute type 1 has an invalid length.
[  258.138292][T11169] netlink: 1 bytes leftover after parsing attributes in process `syz.4.3608'.
[  258.147877][T10998] rss 163840
[  258.151236][T10998] rss_huge 0
[  258.160341][T10998] shmem 312123392
[  258.164079][T10998] mapped_file 2826240
[  258.168082][T10998] dirty 0
[  258.181429][T10998] writeback 45056
[  258.187908][T10998] workingset_refault_anon 6885
[  258.198268][T10998] workingset_refault_file 546
[  258.227635][T10998] swap 127950848
[  258.245397][T10998] swapcached 45056
[  258.249267][T10998] pgpgin 687541
[  258.263574][T10998] pgpgout 613842
[  258.285168][T10998] pgfault 304490
[  258.305367][T10998] pgmajfault 902
[  258.319930][T10998] inactive_anon 45117440
[  258.324904][T10998] active_anon 266575872
[  258.329264][T10998] inactive_file 0
[  258.333298][T10998] active_file 4096
[  258.341406][T10998] unevictable 0
[  258.349295][T10998] hierarchical_memory_limit 314572800
[  258.355299][T10998] hierarchical_memsw_limit 9223372036854771712
[  258.361588][T10998] total_cache 312127488
[  258.365918][T10998] total_rss 163840
[  258.369653][T10998] total_rss_huge 0
[  258.373668][T10998] total_shmem 312123392
[  258.377863][T10998] total_mapped_file 2826240
[  258.382380][T10998] total_dirty 0
[  258.386118][T10998] total_writeback 45056
[  258.390298][T10998] total_workingset_refault_anon 6885
[  258.395813][T10998] total_workingset_refault_file 546
[  258.401140][T10998] total_swap 127950848
[  258.405441][T10998] total_swapcached 45056
[  258.409715][T10998] total_pgpgin 687541
[  258.413855][T10998] total_pgpgout 613842
[  258.418205][T10998] total_pgfault 304490
[  258.422308][T10998] total_pgmajfault 902
[  258.426518][T10998] total_inactive_anon 45117440
[  258.431618][T10998] total_active_anon 266575872
[  258.436325][T10998] total_inactive_file 0
[  258.437309][   T31] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  258.440842][T10998] total_active_file 4096
[  258.452597][T10998] total_unevictable 0
[  258.456607][T10998] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=10995,uid=0
[  258.471986][T10998] Memory cgroup out of memory: Killed process 10995 (syz.2.3559) total-vm:49268kB, anon-rss:0kB, file-rss:32932kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:0
[  258.607804][   T31] usb 2-1: Using ep0 maxpacket: 8
[  258.614047][   T31] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  258.629099][   T31] usb 2-1: config 179 has no interface number 0
[  258.635525][   T31] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  258.661097][   T31] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  258.682398][   T31] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  258.714375][   T31] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  258.735719][   T31] usb 2-1: config 179 interface 65 has no altsetting 0
[  258.746353][   T31] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  258.766261][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.785652][   T31] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input22
[  258.804480][T11002] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  258.853005][   T95] input input22: unable to receive magic message: -110
[  258.864994][   T95] input input22: unable to receive magic message: -32
[  258.872581][   T95] input input22: unable to receive magic message: -32
[  258.902223][T11197] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3617'.
[  259.002724][T11176] tipc: Started in network mode
[  259.006101][T11002] CPU: 0 UID: 0 PID: 11002 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  259.006145][T11002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  259.006164][T11002] Call Trace:
[  259.006173][T11002]  <TASK>
[  259.006184][T11002]  __dump_stack+0x21/0x30
[  259.006225][T11002]  dump_stack_lvl+0x10c/0x190
[  259.006260][T11002]  ? __cfi_dump_stack_lvl+0x10/0x10
[  259.006293][T11002]  ? ___ratelimit+0x3f7/0x5a0
[  259.006332][T11002]  dump_stack+0x19/0x20
[  259.006364][T11002]  dump_header+0xd7/0x490
[  259.006391][T11002]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  259.006426][T11002]  oom_kill_process+0x35d/0x640
[  259.006457][T11002]  ? sched_clock_cpu+0x75/0x400
[  259.006492][T11002]  out_of_memory+0x659/0xa80
[  259.006524][T11002]  ? __cfi_out_of_memory+0x10/0x10
[  259.006553][T11002]  ? mutex_lock_killable+0x92/0x1c0
[  259.006580][T11002]  ? __cfi_mutex_lock_killable+0x10/0x10
[  259.006608][T11002]  mem_cgroup_out_of_memory+0x279/0x350
[  259.006634][T11002]  ? drain_obj_stock+0xed0/0xed0
[  259.006661][T11002]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  259.006686][T11002]  try_charge_memcg+0x8f7/0xde0
[  259.006721][T11002]  ? __cfi_try_charge_memcg+0x10/0x10
[  259.006755][T11002]  ? __alloc_pages_noprof+0x31f/0x7b0
[  259.006792][T11002]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  259.006827][T11002]  ? __folio_batch_add_and_move+0x2ab/0x370
[  259.006862][T11002]  __mem_cgroup_charge+0xf6/0x410
[  259.006899][T11002]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  259.006941][T11002]  shmem_alloc_and_add_folio+0x86d/0x1050
[  259.006976][T11002]  ? put_swap_device+0x130/0x130
[  259.007006][T11002]  ? shmem_huge_global_enabled+0x2da/0x360
[  259.007037][T11002]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  259.007066][T11002]  ? __switch_to+0xc7b/0x1310
[  259.007114][T11002]  shmem_get_folio_gfp+0x5f0/0x1380
[  259.007142][T11002]  ? __cfi___switch_to+0x10/0x10
[  259.007180][T11002]  ? shmem_get_folio+0xc0/0xc0
[  259.007206][T11002]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  259.007243][T11002]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  259.007278][T11002]  ? __schedule+0x132a/0x1df0
[  259.007312][T11002]  ? inode_to_bdi+0x6d/0x100
[  259.007349][T11002]  shmem_write_begin+0xf4/0x270
[  259.007379][T11002]  generic_perform_write+0x330/0x960
[  259.007421][T11002]  ? __cfi_generic_perform_write+0x10/0x10
[  259.007457][T11002]  ? down_write+0xe9/0x2a0
[  259.007482][T11002]  ? mnt_get_write_access_file+0x1af/0x3b0
[  259.007516][T11002]  ? mnt_put_write_access_file+0xc2/0x100
[  259.007550][T11002]  ? file_update_time+0x1ef/0x220
[  259.007583][T11002]  shmem_file_write_iter+0x105/0x130
[  259.007618][T11002]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  259.007651][T11002]  __kernel_write_iter+0x41a/0x8e0
[  259.007673][T11002]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  259.007704][T11002]  ? __cfi___kernel_write_iter+0x10/0x10
[  259.007729][T11002]  ? copy_mc_to_kernel+0x21/0x80
[  259.007756][T11002]  ? __asan_memset+0x39/0x50
[  259.007780][T11002]  ? iov_iter_bvec+0xc0/0x180
[  259.007814][T11002]  dump_user_range+0xb06/0xdf0
[  259.007844][T11002]  ? __cfi_dump_emit+0x10/0x10
[  259.007867][T11002]  ? __cfi_dump_user_range+0x10/0x10
[  259.007893][T11002]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  259.007933][T11002]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  259.007970][T11002]  ? elf_core_dump+0x2368/0x3800
[  259.008001][T11002]  elf_core_dump+0x2ccc/0x3800
[  259.008035][T11002]  ? __cfi_elf_core_dump+0x10/0x10
[  259.008088][T11002]  ? dump_interrupted+0xf0/0xf0
[  259.008126][T11002]  ? filp_open+0x182/0x1d0
[  259.008160][T11002]  ? 0xffffffffff600000
[  259.008188][T11002]  ? freezing_slow_path+0x12b/0x170
[  259.008226][T11002]  do_coredump+0x1bfa/0x2bd0
[  259.008266][T11002]  ? __cfi_do_coredump+0x10/0x10
[  259.008303][T11002]  ? asm_exc_page_fault+0x2b/0x30
[  259.008340][T11002]  ? __kasan_slab_free+0x6a/0x80
[  259.008368][T11002]  ? kmem_cache_free+0x1c1/0x510
[  259.008392][T11002]  ? get_signal+0xa75/0x14f0
[  259.008426][T11002]  get_signal+0x11fd/0x14f0
[  259.008463][T11002]  arch_do_signal_or_restart+0x96/0x720
[  259.008502][T11002]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  259.008544][T11002]  ? __kasan_check_write+0x18/0x20
[  259.008582][T11002]  irqentry_exit_to_user_mode+0x4e/0xb0
[  259.008615][T11002]  irqentry_exit+0x16/0x60
[  259.008641][T11002]  exc_page_fault+0x66/0xc0
[  259.008668][T11002]  asm_exc_page_fault+0x2b/0x30
[  259.008694][T11002] RIP: 0033:0x7ffbf278efc9
[  259.008720][T11002] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  259.008733][T11002] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  259.008757][T11002] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  259.008777][T11002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  259.008794][T11002] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  259.008812][T11002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  259.008827][T11002] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  259.008851][T11002]  </TASK>
[  259.008925][T11002] memory: usage 303480kB, limit 307200kB, failcnt 20108
[  259.094861][T11176] tipc: Node identity 4, cluster identity 4711
[  259.108753][T11002] memory+swap: usage 418980kB, limit 9007199254740988kB, failcnt 0
[  259.122442][T11176] tipc: Node number set to 4
[  259.126553][T11002] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  259.249621][ T1902] tipc: Subscription rejected, illegal request
[  259.428735][   T36] audit: type=1400 audit(2000000074.184:3144): avc:  denied  { validate_trans } for  pid=11175 comm="syz.1.3610" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  259.550052][T11002] Memory cgroup stats for /syz2:
[  259.550270][T11002] cache 303992832
[  259.557085][   T66] usb 2-1: USB disconnect, device number 65
[  259.559102][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  259.573335][   T66] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  259.574363][T11002] rss 180224
[  259.605770][T11002] rss_huge 0
[  259.609084][T11002] shmem 303988736
[  259.699265][T11002] mapped_file 4096
[  259.726977][T11002] dirty 4096
[  259.746865][T11002] writeback 0
[  259.750434][T11002] workingset_refault_anon 6895
[  259.755427][T11002] workingset_refault_file 548
[  259.818790][T11002] swap 127975424
[  259.837192][T11002] swapcached 16384
[  259.879639][T11002] pgpgin 693088
[  259.884943][T11002] pgpgout 621347
[  259.888769][T11002] pgfault 304939
[  259.892438][T11002] pgmajfault 908
[  259.896581][T11002] inactive_anon 172314624
[  259.901444][T11002] active_anon 131424256
[  259.919268][T11002] inactive_file 0
[  259.924012][T11002] active_file 4096
[  259.927862][T11002] unevictable 0
[  259.931552][T11002] hierarchical_memory_limit 314572800
[  259.937057][T11002] hierarchical_memsw_limit 9223372036854771712
[  259.978631][T11002] total_cache 303992832
[  259.983047][T11002] total_rss 180224
[  259.986851][T11002] total_rss_huge 0
[  259.992698][T11002] total_shmem 303988736
[  259.997376][T11002] total_mapped_file 4096
[  260.001761][T11002] total_dirty 4096
[  260.005803][T11002] total_writeback 0
[  260.009638][T11002] total_workingset_refault_anon 6895
[  260.015103][    C1] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  260.023028][T11002] total_workingset_refault_file 548
[  260.028481][T11002] total_swap 127975424
[  260.032575][T11002] total_swapcached 16384
[  260.037721][T11002] total_pgpgin 693088
[  260.041814][T11002] total_pgpgout 621347
[  260.045974][T11002] total_pgfault 304939
[  260.050173][T11002] total_pgmajfault 908
[  260.054321][T11002] total_inactive_anon 172314624
[  260.059815][T11002] total_active_anon 131424256
[  260.064574][T11002] total_inactive_file 0
[  260.068819][T11002] total_active_file 4096
[  260.073133][T11002] total_unevictable 0
[  260.077156][T11002] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11002,uid=0
[  260.092384][T11002] Memory cgroup out of memory: Killed process 11002 (syz.2.3559) total-vm:49268kB, anon-rss:0kB, file-rss:26496kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:0
[  260.121419][T11006] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  260.131506][T11006] CPU: 0 UID: 0 PID: 11006 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  260.131543][T11006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  260.131558][T11006] Call Trace:
[  260.131566][T11006]  <TASK>
[  260.131577][T11006]  __dump_stack+0x21/0x30
[  260.131612][T11006]  dump_stack_lvl+0x10c/0x190
[  260.131643][T11006]  ? __cfi_dump_stack_lvl+0x10/0x10
[  260.131671][T11006]  ? ___ratelimit+0x3f7/0x5a0
[  260.131713][T11006]  dump_stack+0x19/0x20
[  260.131741][T11006]  dump_header+0xd7/0x490
[  260.131764][T11006]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  260.131795][T11006]  oom_kill_process+0x35d/0x640
[  260.131823][T11006]  ? sched_clock_cpu+0x75/0x400
[  260.131855][T11006]  out_of_memory+0x659/0xa80
[  260.131882][T11006]  ? __cfi_out_of_memory+0x10/0x10
[  260.131914][T11006]  ? mutex_lock_killable+0x104/0x1c0
[  260.131937][T11006]  ? __cfi_mutex_lock_killable+0x10/0x10
[  260.131961][T11006]  mem_cgroup_out_of_memory+0x279/0x350
[  260.132002][T11006]  ? drain_obj_stock+0xed0/0xed0
[  260.132026][T11006]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  260.132047][T11006]  try_charge_memcg+0x8f7/0xde0
[  260.132076][T11006]  ? __cfi_try_charge_memcg+0x10/0x10
[  260.132106][T11006]  ? __alloc_pages_noprof+0x31f/0x7b0
[  260.132136][T11006]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  260.132167][T11006]  ? __folio_batch_add_and_move+0x2fe/0x370
[  260.132197][T11006]  __mem_cgroup_charge+0xf6/0x410
[  260.132230][T11006]  ? _raw_spin_lock+0x8c/0x120
[  260.132257][T11006]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  260.132294][T11006]  shmem_alloc_and_add_folio+0x86d/0x1050
[  260.132324][T11006]  ? put_swap_device+0x130/0x130
[  260.132359][T11006]  ? shmem_huge_global_enabled+0x2da/0x360
[  260.132385][T11006]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  260.132409][T11006]  ? __kasan_check_write+0x18/0x20
[  260.132443][T11006]  ? _raw_spin_lock+0x8c/0x120
[  260.132471][T11006]  shmem_get_folio_gfp+0x5f0/0x1380
[  260.132500][T11006]  ? shmem_get_folio+0xc0/0xc0
[  260.132523][T11006]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  260.132556][T11006]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  260.132588][T11006]  ? inode_to_bdi+0x6d/0x100
[  260.132620][T11006]  shmem_write_begin+0xf4/0x270
[  260.132648][T11006]  generic_perform_write+0x330/0x960
[  260.132685][T11006]  ? __cfi_generic_perform_write+0x10/0x10
[  260.132717][T11006]  ? down_write+0xe9/0x2a0
[  260.132740][T11006]  ? mnt_get_write_access_file+0x1af/0x3b0
[  260.132770][T11006]  ? mnt_put_write_access_file+0xc2/0x100
[  260.132800][T11006]  ? file_update_time+0x1ef/0x220
[  260.132831][T11006]  shmem_file_write_iter+0x105/0x130
[  260.132863][T11006]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  260.132894][T11006]  __kernel_write_iter+0x41a/0x8e0
[  260.132916][T11006]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  260.132948][T11006]  ? __cfi___kernel_write_iter+0x10/0x10
[  260.132969][T11006]  ? get_dump_page+0x160/0x220
[  260.132998][T11006]  ? __asan_memset+0x39/0x50
[  260.133019][T11006]  ? iov_iter_bvec+0xc0/0x180
[  260.133047][T11006]  dump_user_range+0xb06/0xdf0
[  260.133070][T11006]  ? __cfi_dump_emit+0x10/0x10
[  260.133091][T11006]  ? __cfi_dump_user_range+0x10/0x10
[  260.133113][T11006]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  260.133147][T11006]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  260.133181][T11006]  ? elf_core_dump+0x2368/0x3800
[  260.133209][T11006]  elf_core_dump+0x2ccc/0x3800
[  260.133239][T11006]  ? __cfi_elf_core_dump+0x10/0x10
[  260.133274][T11006]  ? dump_interrupted+0xf0/0xf0
[  260.133306][T11006]  ? filp_open+0x182/0x1d0
[  260.133334][T11006]  ? 0xffffffffff600000
[  260.133358][T11006]  ? freezing_slow_path+0x12b/0x170
[  260.133391][T11006]  do_coredump+0x1bfa/0x2bd0
[  260.133427][T11006]  ? __cfi_do_coredump+0x10/0x10
[  260.133460][T11006]  ? asm_exc_page_fault+0x2b/0x30
[  260.133492][T11006]  ? __kasan_slab_free+0x6a/0x80
[  260.133517][T11006]  ? kmem_cache_free+0x1c1/0x510
[  260.133539][T11006]  ? get_signal+0xa75/0x14f0
[  260.133569][T11006]  get_signal+0x11fd/0x14f0
[  260.133601][T11006]  arch_do_signal_or_restart+0x96/0x720
[  260.133637][T11006]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  260.133674][T11006]  ? __kasan_check_write+0x18/0x20
[  260.133708][T11006]  irqentry_exit_to_user_mode+0x4e/0xb0
[  260.133734][T11006]  irqentry_exit+0x16/0x60
[  260.133758][T11006]  exc_page_fault+0x66/0xc0
[  260.133781][T11006]  asm_exc_page_fault+0x2b/0x30
[  260.133804][T11006] RIP: 0033:0x7ffbf278efc9
[  260.133828][T11006] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  260.133840][T11006] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  260.133862][T11006] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  260.133879][T11006] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  260.133894][T11006] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  260.133909][T11006] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  260.133924][T11006] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  260.133944][T11006]  </TASK>
[  260.614113][T11006] memory: usage 288188kB, limit 307200kB, failcnt 20379
[  260.621098][T11006] memory+swap: usage 405704kB, limit 9007199254740988kB, failcnt 0
[  260.629390][T11006] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  260.636996][T11006] Memory cgroup stats for /syz2:
[  260.637164][T11006] cache 295043072
[  260.645855][T11006] rss 45056
[  260.648985][T11006] rss_huge 0
[  260.651433][T11232] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  260.652229][T11006] shmem 295043072
[  260.652235][T11232] rust_binder: Read failure Err(EFAULT) in pid:398
[  260.660338][T11006] mapped_file 0
[  260.665312][T11232] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:398
[  260.671465][T11006] dirty 0
[  260.691496][T11006] writeback 0
[  260.694881][T11006] workingset_refault_anon 6895
[  260.699758][T11006] workingset_refault_file 580
[  260.704641][T11006] swap 120336384
[  260.708292][T11006] swapcached 16384
[  260.712500][T11006] pgpgin 697376
[  260.716041][T11006] pgpgout 627884
[  260.719955][T11006] pgfault 305351
[  260.723698][T11006] pgmajfault 910
[  260.727394][T11006] inactive_anon 69341184
[  260.731726][T11006] active_anon 225763328
[  260.736162][T11006] inactive_file 0
[  260.739916][T11006] active_file 0
[  260.743425][T11006] unevictable 0
[  260.746901][T11006] hierarchical_memory_limit 314572800
[  260.752335][T11006] hierarchical_memsw_limit 9223372036854771712
[  260.758507][T11006] total_cache 295043072
[  260.762757][T11006] total_rss 45056
[  260.766410][T11006] total_rss_huge 0
[  260.770134][T11006] total_shmem 295043072
[  260.774332][T11006] total_mapped_file 0
[  260.778590][T11006] total_dirty 0
[  260.782064][T11006] total_writeback 0
[  260.785988][T11006] total_workingset_refault_anon 6895
[  260.791288][T11006] total_workingset_refault_file 580
[  260.796527][T11006] total_swap 120336384
[  260.800625][T11006] total_swapcached 16384
[  260.805009][T11006] total_pgpgin 697376
[  260.809061][T11006] total_pgpgout 627884
[  260.813139][T11006] total_pgfault 305351
[  260.817277][T11006] total_pgmajfault 910
[  260.821357][T11006] total_inactive_anon 69341184
[  260.826159][T11006] total_active_anon 225763328
[  260.830862][T11006] total_inactive_file 0
[  260.835282][T11006] total_active_file 0
[  260.839333][T11006] total_unevictable 0
[  260.843331][T11006] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11015,uid=0
[  260.858404][T11006] Memory cgroup out of memory: Killed process 11015 (syz.2.3559) total-vm:49268kB, anon-rss:0kB, file-rss:27008kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:0
[  260.903981][T11240] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  261.114281][T11249] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  261.115438][T11249] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  261.133038][T11249] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  261.151736][T11249] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:408
[  261.210460][T11254] __vm_enough_memory: pid: 11254, comm: syz.1.3636, bytes: 18014402804453376 not enough memory for the allocation
[  261.317490][T11018] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  261.411020][T11018] CPU: 0 UID: 0 PID: 11018 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  261.411060][T11018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  261.411075][T11018] Call Trace:
[  261.411084][T11018]  <TASK>
[  261.411093][T11018]  __dump_stack+0x21/0x30
[  261.411130][T11018]  dump_stack_lvl+0x10c/0x190
[  261.411161][T11018]  ? __cfi_dump_stack_lvl+0x10/0x10
[  261.411192][T11018]  ? ___ratelimit+0x3f7/0x5a0
[  261.411226][T11018]  dump_stack+0x19/0x20
[  261.411262][T11018]  dump_header+0xd7/0x490
[  261.411285][T11018]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  261.411316][T11018]  oom_kill_process+0x35d/0x640
[  261.411343][T11018]  ? sched_clock_cpu+0x75/0x400
[  261.411374][T11018]  out_of_memory+0x659/0xa80
[  261.411402][T11018]  ? __cfi_out_of_memory+0x10/0x10
[  261.411430][T11018]  ? mutex_lock_killable+0x92/0x1c0
[  261.411453][T11018]  ? __cfi_mutex_lock_killable+0x10/0x10
[  261.411478][T11018]  mem_cgroup_out_of_memory+0x279/0x350
[  261.411501][T11018]  ? drain_obj_stock+0xed0/0xed0
[  261.411525][T11018]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  261.411548][T11018]  try_charge_memcg+0x8f7/0xde0
[  261.411579][T11018]  ? __cfi_try_charge_memcg+0x10/0x10
[  261.411609][T11018]  ? __alloc_pages_noprof+0x31f/0x7b0
[  261.411641][T11018]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  261.411672][T11018]  ? __folio_batch_add_and_move+0x2ab/0x370
[  261.411702][T11018]  __mem_cgroup_charge+0xf6/0x410
[  261.411736][T11018]  ? _raw_spin_lock+0x8c/0x120
[  261.411766][T11018]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  261.411802][T11018]  shmem_alloc_and_add_folio+0x86d/0x1050
[  261.411832][T11018]  ? put_swap_device+0x130/0x130
[  261.411860][T11018]  ? shmem_huge_global_enabled+0x2da/0x360
[  261.411907][T11018]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  261.411934][T11018]  ? __kasan_check_write+0x18/0x20
[  261.411968][T11018]  ? _raw_spin_lock+0x8c/0x120
[  261.411997][T11018]  shmem_get_folio_gfp+0x5f0/0x1380
[  261.412026][T11018]  ? shmem_get_folio+0xc0/0xc0
[  261.412049][T11018]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  261.412081][T11018]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  261.412113][T11018]  ? inode_to_bdi+0x6d/0x100
[  261.412146][T11018]  shmem_write_begin+0xf4/0x270
[  261.412173][T11018]  generic_perform_write+0x330/0x960
[  261.412209][T11018]  ? __cfi_generic_perform_write+0x10/0x10
[  261.412247][T11018]  ? down_write+0xe9/0x2a0
[  261.412271][T11018]  ? mnt_get_write_access_file+0x1af/0x3b0
[  261.412301][T11018]  ? mnt_put_write_access_file+0xc2/0x100
[  261.412331][T11018]  ? file_update_time+0x1ef/0x220
[  261.412362][T11018]  shmem_file_write_iter+0x105/0x130
[  261.412393][T11018]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  261.412424][T11018]  __kernel_write_iter+0x41a/0x8e0
[  261.412445][T11018]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  261.412477][T11018]  ? __cfi___kernel_write_iter+0x10/0x10
[  261.412498][T11018]  ? get_dump_page+0x160/0x220
[  261.412528][T11018]  ? __asan_memset+0x39/0x50
[  261.412549][T11018]  ? iov_iter_bvec+0xc0/0x180
[  261.412577][T11018]  dump_user_range+0xb06/0xdf0
[  261.412601][T11018]  ? __cfi_dump_emit+0x10/0x10
[  261.412621][T11018]  ? __cfi_dump_user_range+0x10/0x10
[  261.412644][T11018]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  261.412678][T11018]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  261.412712][T11018]  ? elf_core_dump+0x2368/0x3800
[  261.412740][T11018]  elf_core_dump+0x2ccc/0x3800
[  261.412770][T11018]  ? __cfi_elf_core_dump+0x10/0x10
[  261.412805][T11018]  ? dump_interrupted+0xf0/0xf0
[  261.412839][T11018]  ? filp_open+0x182/0x1d0
[  261.412868][T11018]  ? 0xffffffffff600000
[  261.412885][T11018]  ? freezing_slow_path+0x12b/0x170
[  261.412920][T11018]  do_coredump+0x1bfa/0x2bd0
[  261.412958][T11018]  ? __cfi_do_coredump+0x10/0x10
[  261.412990][T11018]  ? asm_exc_page_fault+0x2b/0x30
[  261.413024][T11018]  ? __kasan_slab_free+0x6a/0x80
[  261.413051][T11018]  ? kmem_cache_free+0x1c1/0x510
[  261.413077][T11018]  ? get_signal+0xa75/0x14f0
[  261.413106][T11018]  get_signal+0x11fd/0x14f0
[  261.413138][T11018]  arch_do_signal_or_restart+0x96/0x720
[  261.413174][T11018]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  261.413211][T11018]  ? __kasan_check_write+0x18/0x20
[  261.413251][T11018]  irqentry_exit_to_user_mode+0x4e/0xb0
[  261.413277][T11018]  irqentry_exit+0x16/0x60
[  261.413300][T11018]  exc_page_fault+0x66/0xc0
[  261.413323][T11018]  asm_exc_page_fault+0x2b/0x30
[  261.413346][T11018] RIP: 0033:0x7ffbf278efc9
[  261.413369][T11018] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  261.413381][T11018] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  261.413403][T11018] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  261.413421][T11018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  261.413436][T11018] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  261.413452][T11018] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  261.413467][T11018] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  261.413488][T11018]  </TASK>
[  261.906172][T11018] memory: usage 283424kB, limit 307200kB, failcnt 22353
[  261.913178][T11018] memory+swap: usage 408232kB, limit 9007199254740988kB, failcnt 0
[  261.921163][T11018] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  261.928301][T11018] Memory cgroup stats for /syz2:
[  261.928452][T11018] cache 289099776
[  261.937248][T11018] rss 118784
[  261.940474][T11018] rss_huge 0
[  261.943743][T11018] shmem 288968704
[  261.947645][T11018] mapped_file 4096
[  261.951484][T11018] dirty 4096
[  261.954879][T11018] writeback 192512
[  261.958614][T11018] workingset_refault_anon 6898
[  261.963444][T11018] workingset_refault_file 1674
[  261.968416][T11018] swap 127803392
[  261.971984][T11018] swapcached 192512
[  261.975849][T11018] pgpgin 714945
[  261.979540][T11018] pgpgout 646812
[  261.983098][T11018] pgfault 306533
[  261.986851][T11018] pgmajfault 917
[  261.990426][T11018] inactive_anon 89255936
[  261.994679][T11018] active_anon 197672960
[  261.999068][T11018] inactive_file 0
[  262.002750][T11018] active_file 131072
[  262.006654][T11018] unevictable 0
[  262.010981][T11018] hierarchical_memory_limit 314572800
[  262.016432][T11018] hierarchical_memsw_limit 9223372036854771712
[  262.022823][T11018] total_cache 289099776
[  262.027011][T11018] total_rss 118784
[  262.030785][T11018] total_rss_huge 0
[  262.034721][T11018] total_shmem 288968704
[  262.038898][T11018] total_mapped_file 4096
[  262.043188][T11018] total_dirty 4096
[  262.047135][T11018] total_writeback 192512
[  262.051420][T11018] total_workingset_refault_anon 6898
[  262.056728][T11018] total_workingset_refault_file 1674
[  262.062118][T11018] total_swap 127803392
[  262.066207][T11018] total_swapcached 192512
[  262.070556][T11018] total_pgpgin 714945
[  262.074636][T11018] total_pgpgout 646812
[  262.078718][T11018] total_pgfault 306533
[  262.082842][T11018] total_pgmajfault 917
[  262.087008][T11018] total_inactive_anon 89255936
[  262.091796][T11018] total_active_anon 197672960
[  262.096557][T11018] total_inactive_file 0
[  262.100872][T11018] total_active_file 131072
[  262.105338][T11018] total_unevictable 0
[  262.109348][T11018] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11000,uid=0
[  262.124390][T11018] Memory cgroup out of memory: Killed process 11000 (syz.2.3559) total-vm:49268kB, anon-rss:0kB, file-rss:31232kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:0
[  262.559812][ T1902] Bluetooth: hci0: Frame reassembly failed (-84)
[  262.572892][T11293] Bluetooth: hci0: Frame reassembly failed (-84)
[  262.738864][T11013] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  262.748585][T11013] CPU: 0 UID: 0 PID: 11013 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  262.748623][T11013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  262.748639][T11013] Call Trace:
[  262.748647][T11013]  <TASK>
[  262.748657][T11013]  __dump_stack+0x21/0x30
[  262.748693][T11013]  dump_stack_lvl+0x10c/0x190
[  262.748724][T11013]  ? __cfi_dump_stack_lvl+0x10/0x10
[  262.748754][T11013]  ? ___ratelimit+0x3f7/0x5a0
[  262.748789][T11013]  dump_stack+0x19/0x20
[  262.748819][T11013]  dump_header+0xd7/0x490
[  262.748843][T11013]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  262.748873][T11013]  oom_kill_process+0x35d/0x640
[  262.748901][T11013]  ? sched_clock_cpu+0x75/0x400
[  262.748933][T11013]  out_of_memory+0x659/0xa80
[  262.748960][T11013]  ? __cfi_out_of_memory+0x10/0x10
[  262.748987][T11013]  ? mutex_lock_killable+0x92/0x1c0
[  262.749010][T11013]  ? __cfi_mutex_lock_killable+0x10/0x10
[  262.749035][T11013]  mem_cgroup_out_of_memory+0x279/0x350
[  262.749067][T11013]  ? drain_obj_stock+0xed0/0xed0
[  262.749091][T11013]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  262.749114][T11013]  try_charge_memcg+0x8f7/0xde0
[  262.749145][T11013]  ? __cfi_try_charge_memcg+0x10/0x10
[  262.749175][T11013]  ? __alloc_pages_noprof+0x31f/0x7b0
[  262.749207][T11013]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  262.749238][T11013]  ? __folio_batch_add_and_move+0x2ab/0x370
[  262.749269][T11013]  __mem_cgroup_charge+0xf6/0x410
[  262.749302][T11013]  ? _raw_spin_lock+0x8c/0x120
[  262.749331][T11013]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  262.749366][T11013]  shmem_alloc_and_add_folio+0x86d/0x1050
[  262.749397][T11013]  ? put_swap_device+0x130/0x130
[  262.749425][T11013]  ? shmem_huge_global_enabled+0x2da/0x360
[  262.749451][T11013]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  262.749476][T11013]  ? __kasan_check_write+0x18/0x20
[  262.749510][T11013]  ? _raw_spin_lock+0x8c/0x120
[  262.749539][T11013]  shmem_get_folio_gfp+0x5f0/0x1380
[  262.749567][T11013]  ? shmem_get_folio+0xc0/0xc0
[  262.749591][T11013]  ? follow_page_pte+0xa5c/0xb90
[  262.749621][T11013]  ? inode_to_bdi+0x6d/0x100
[  262.749655][T11013]  shmem_write_begin+0xf4/0x270
[  262.749682][T11013]  generic_perform_write+0x330/0x960
[  262.749719][T11013]  ? __cfi_generic_perform_write+0x10/0x10
[  262.749752][T11013]  ? down_write+0xe9/0x2a0
[  262.749776][T11013]  ? file_update_time+0xa3/0x220
[  262.749807][T11013]  shmem_file_write_iter+0x105/0x130
[  262.749838][T11013]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  262.749869][T11013]  __kernel_write_iter+0x41a/0x8e0
[  262.749891][T11013]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  262.749923][T11013]  ? __cfi___kernel_write_iter+0x10/0x10
[  262.749944][T11013]  ? get_dump_page+0x160/0x220
[  262.749973][T11013]  ? __asan_memset+0x39/0x50
[  262.749993][T11013]  ? iov_iter_bvec+0xc0/0x180
[  262.750022][T11013]  dump_user_range+0xb06/0xdf0
[  262.750051][T11013]  ? __cfi_dump_emit+0x10/0x10
[  262.750072][T11013]  ? __cfi_dump_user_range+0x10/0x10
[  262.750095][T11013]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  262.750130][T11013]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  262.750164][T11013]  ? elf_core_dump+0x2368/0x3800
[  262.750192][T11013]  elf_core_dump+0x2ccc/0x3800
[  262.750222][T11013]  ? __cfi_elf_core_dump+0x10/0x10
[  262.750257][T11013]  ? dump_interrupted+0xf0/0xf0
[  262.750289][T11013]  ? filp_open+0x182/0x1d0
[  262.750318][T11013]  ? 0xffffffffff600000
[  262.750337][T11013]  ? freezing_slow_path+0x12b/0x170
[  262.750370][T11013]  do_coredump+0x1bfa/0x2bd0
[  262.750409][T11013]  ? __cfi_do_coredump+0x10/0x10
[  262.750443][T11013]  ? asm_exc_page_fault+0x2b/0x30
[  262.750477][T11013]  ? __kasan_slab_free+0x6a/0x80
[  262.750503][T11013]  ? kmem_cache_free+0x1c1/0x510
[  262.750526][T11013]  ? get_signal+0xa75/0x14f0
[  262.750557][T11013]  get_signal+0x11fd/0x14f0
[  262.750590][T11013]  arch_do_signal_or_restart+0x96/0x720
[  262.750627][T11013]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  262.750665][T11013]  ? __kasan_check_write+0x18/0x20
[  262.750701][T11013]  irqentry_exit_to_user_mode+0x4e/0xb0
[  262.750728][T11013]  irqentry_exit+0x16/0x60
[  262.750752][T11013]  exc_page_fault+0x66/0xc0
[  262.750776][T11013]  asm_exc_page_fault+0x2b/0x30
[  262.750799][T11013] RIP: 0033:0x7ffbf278efc9
[  262.750824][T11013] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  262.750837][T11013] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  262.750859][T11013] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  262.750876][T11013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  262.750891][T11013] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  262.750906][T11013] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  262.750921][T11013] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  262.750942][T11013]  </TASK>
[  262.750952][T11013] memory: usage 307200kB, limit 307200kB, failcnt 24047
[  263.225637][T11013] memory+swap: usage 432196kB, limit 9007199254740988kB, failcnt 0
[  263.234162][T11013] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  263.241113][T11013] Memory cgroup stats for /syz2:
[  263.241298][T11013] cache 314531840
[  263.250103][T11013] rss 40960
[  263.253324][T11013] rss_huge 0
[  263.257110][T11013] shmem 314527744
[  263.260755][T11013] mapped_file 0
[  263.264229][T11013] dirty 0
[  263.275436][T11013] writeback 0
[  263.278909][T11013] workingset_refault_anon 6898
[  263.283707][T11013] workingset_refault_file 2226
[  263.300962][T11013] swap 127995904
[  263.304752][T11013] swapcached 0
[  263.308870][T11013] pgpgin 729557
[  263.312603][T11013] pgpgout 655312
[  263.316167][T11013] pgfault 307423
[  263.350912][T11013] pgmajfault 924
[  263.354563][T11013] inactive_anon 179118080
[  263.358984][T11013] active_anon 133353472
[  263.425522][T11013] inactive_file 4096
[  263.448624][T11013] active_file 0
[  263.452148][T11013] unevictable 0
[  263.455710][T11013] hierarchical_memory_limit 314572800
[  263.500154][T11013] hierarchical_memsw_limit 9223372036854771712
[  263.506369][T11013] total_cache 314531840
[  263.510548][T11013] total_rss 40960
[  263.532192][T11013] total_rss_huge 0
[  263.569322][T11321] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  263.587130][T11013] total_shmem 314527744
[  263.591327][T11013] total_mapped_file 0
[  263.595324][T11013] total_dirty 0
[  263.658452][T11013] total_writeback 0
[  263.702659][T11013] total_workingset_refault_anon 6898
[  263.723958][T11013] total_workingset_refault_file 2226
[  263.729331][T11013] total_swap 127995904
[  263.778661][T11013] total_swapcached 0
[  263.782657][T11013] total_pgpgin 729557
[  263.786661][T11013] total_pgpgout 655312
[  263.807448][T11328] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3662'.
[  263.816863][T11013] total_pgfault 307423
[  263.821349][T11327] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3662'.
[  263.832575][T11013] total_pgmajfault 924
[  263.836687][T11013] total_inactive_anon 179118080
[  263.843594][   T36] audit: type=1326 audit(2000000078.359:3145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11326 comm="syz.4.3662" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb52cb8efc9 code=0x7ffe0000
[  263.850801][T11013] total_active_anon 133353472
[  263.896683][T11013] total_inactive_file 4096
[  263.901183][T11013] total_active_file 0
[  263.915823][T11013] total_unevictable 0
[  263.926488][T11013] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11018,uid=0
[  263.954241][T11013] Memory cgroup out of memory: Killed process 11018 (syz.2.3559) total-vm:49268kB, anon-rss:0kB, file-rss:33024kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:0
[  264.035007][T11009] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  264.086398][T11009] CPU: 1 UID: 0 PID: 11009 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  264.086439][T11009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  264.086452][T11009] Call Trace:
[  264.086460][T11009]  <TASK>
[  264.086469][T11009]  __dump_stack+0x21/0x30
[  264.086502][T11009]  dump_stack_lvl+0x10c/0x190
[  264.086532][T11009]  ? __cfi_dump_stack_lvl+0x10/0x10
[  264.086560][T11009]  ? ___ratelimit+0x3f7/0x5a0
[  264.086594][T11009]  dump_stack+0x19/0x20
[  264.086621][T11009]  dump_header+0xd7/0x490
[  264.086643][T11009]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  264.086672][T11009]  oom_kill_process+0x35d/0x640
[  264.086698][T11009]  ? sched_clock_cpu+0x75/0x400
[  264.086728][T11009]  out_of_memory+0x659/0xa80
[  264.086753][T11009]  ? __cfi_out_of_memory+0x10/0x10
[  264.086779][T11009]  ? mutex_lock_killable+0x104/0x1c0
[  264.086801][T11009]  ? __cfi_mutex_lock_killable+0x10/0x10
[  264.086827][T11009]  mem_cgroup_out_of_memory+0x279/0x350
[  264.086850][T11009]  ? drain_obj_stock+0xed0/0xed0
[  264.086872][T11009]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  264.086894][T11009]  try_charge_memcg+0x8f7/0xde0
[  264.086926][T11009]  ? __cfi_try_charge_memcg+0x10/0x10
[  264.086957][T11009]  ? __alloc_pages_noprof+0x31f/0x7b0
[  264.086988][T11009]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  264.087018][T11009]  ? __folio_batch_add_and_move+0x2ab/0x370
[  264.087055][T11009]  __mem_cgroup_charge+0xf6/0x410
[  264.087087][T11009]  ? _raw_spin_lock+0x8c/0x120
[  264.087116][T11009]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  264.087150][T11009]  shmem_alloc_and_add_folio+0x86d/0x1050
[  264.087182][T11009]  ? put_swap_device+0x130/0x130
[  264.087208][T11009]  ? shmem_huge_global_enabled+0x2da/0x360
[  264.087235][T11009]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  264.087260][T11009]  ? __kasan_check_write+0x18/0x20
[  264.087292][T11009]  ? _raw_spin_lock+0x8c/0x120
[  264.087321][T11009]  shmem_get_folio_gfp+0x5f0/0x1380
[  264.087348][T11009]  ? shmem_get_folio+0xc0/0xc0
[  264.087370][T11009]  ? follow_page_pte+0xa5c/0xb90
[  264.087401][T11009]  ? inode_to_bdi+0x6d/0x100
[  264.087433][T11009]  shmem_write_begin+0xf4/0x270
[  264.087460][T11009]  generic_perform_write+0x330/0x960
[  264.087495][T11009]  ? __cfi_generic_perform_write+0x10/0x10
[  264.087526][T11009]  ? down_write+0xe9/0x2a0
[  264.087551][T11009]  ? file_update_time+0xa3/0x220
[  264.087581][T11009]  shmem_file_write_iter+0x105/0x130
[  264.087611][T11009]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  264.087641][T11009]  __kernel_write_iter+0x41a/0x8e0
[  264.087662][T11009]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  264.087692][T11009]  ? __cfi___kernel_write_iter+0x10/0x10
[  264.087713][T11009]  ? get_dump_page+0x160/0x220
[  264.087742][T11009]  ? __asan_memset+0x39/0x50
[  264.087761][T11009]  ? iov_iter_bvec+0xc0/0x180
[  264.087791][T11009]  dump_user_range+0xb06/0xdf0
[  264.087814][T11009]  ? __cfi_dump_emit+0x10/0x10
[  264.087835][T11009]  ? __cfi_dump_user_range+0x10/0x10
[  264.087856][T11009]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  264.087889][T11009]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  264.087922][T11009]  ? elf_core_dump+0x2368/0x3800
[  264.087948][T11009]  elf_core_dump+0x2ccc/0x3800
[  264.087978][T11009]  ? __cfi_elf_core_dump+0x10/0x10
[  264.088012][T11009]  ? dump_interrupted+0xf0/0xf0
[  264.088051][T11009]  ? filp_open+0x182/0x1d0
[  264.088080][T11009]  ? 0xffffffffff600000
[  264.088098][T11009]  ? freezing_slow_path+0x12b/0x170
[  264.088129][T11009]  do_coredump+0x1bfa/0x2bd0
[  264.088167][T11009]  ? __cfi_do_coredump+0x10/0x10
[  264.088198][T11009]  ? asm_exc_page_fault+0x2b/0x30
[  264.088231][T11009]  ? __kasan_slab_free+0x6a/0x80
[  264.088257][T11009]  ? kmem_cache_free+0x1c1/0x510
[  264.088278][T11009]  ? get_signal+0xa75/0x14f0
[  264.088307][T11009]  get_signal+0x11fd/0x14f0
[  264.088338][T11009]  arch_do_signal_or_restart+0x96/0x720
[  264.088373][T11009]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  264.088408][T11009]  ? __kasan_check_write+0x18/0x20
[  264.088442][T11009]  irqentry_exit_to_user_mode+0x4e/0xb0
[  264.088467][T11009]  irqentry_exit+0x16/0x60
[  264.088490][T11009]  exc_page_fault+0x66/0xc0
[  264.088512][T11009]  asm_exc_page_fault+0x2b/0x30
[  264.088534][T11009] RIP: 0033:0x7ffbf278efc9
[  264.088556][T11009] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  264.088568][T11009] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  264.088589][T11009] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  264.088607][T11009] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  264.088622][T11009] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  264.088637][T11009] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  264.088651][T11009] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  264.088671][T11009]  </TASK>
[  264.088749][T11009] memory: usage 306116kB, limit 307200kB, failcnt 24868
[  264.237571][T11344] netlink: 'syz.0.3669': attribute type 1 has an invalid length.
[  264.343565][T11009] memory+swap: usage 423208kB, limit 9007199254740988kB, failcnt 0
[  264.608565][T11009] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  264.643356][T11009] Memory cgroup stats for /syz2:
[  264.643519][T11009] cache 275881984
[  264.652436][T11344] netlink: 'syz.0.3669': attribute type 2 has an invalid length.
[  264.673343][T11009] rss 40960
[  264.683446][T11009] rss_huge 0
[  264.692477][T11009] shmem 271810560
[  264.704719][ T1644] Bluetooth: hci0: command 0x1003 tx timeout
[  264.706094][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  264.726652][T11009] mapped_file 0
[  264.730330][T11009] dirty 0
[  264.733426][T11009] writeback 0
[  264.757853][T11009] workingset_refault_anon 6900
[  264.762680][T11009] workingset_refault_file 3282
[  264.767463][T11009] swap 124514304
[  264.789910][T11009] swapcached 8192
[  264.793596][T11009] pgpgin 732036
[  264.828525][T11009] pgpgout 667225
[  264.832132][T11009] pgfault 307520
[  264.846642][T11009] pgmajfault 928
[  264.857572][T11009] inactive_anon 47214592
[  264.861954][T11009] active_anon 224645120
[  264.878941][T11009] inactive_file 1769472
[  264.883172][T11009] active_file 2301952
[  264.907084][T11009] unevictable 0
[  264.910612][T11009] hierarchical_memory_limit 314572800
[  264.937778][T11009] hierarchical_memsw_limit 9223372036854771712
[  264.948539][T11009] total_cache 275881984
[  264.959291][T11009] total_rss 40960
[  264.963211][T11009] total_rss_huge 0
[  264.966956][T11009] total_shmem 271810560
[  264.981714][T11009] total_mapped_file 0
[  264.992512][T11009] total_dirty 0
[  264.996021][T11009] total_writeback 0
[  265.003045][    T9] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  265.013657][T11009] total_workingset_refault_anon 6900
[  265.018986][T11009] total_workingset_refault_file 3282
[  265.024557][T11009] total_swap 124514304
[  265.028787][T11009] total_swapcached 8192
[  265.032975][T11009] total_pgpgin 732036
[  265.037327][T11009] total_pgpgout 667225
[  265.041427][T11009] total_pgfault 307520
[  265.045518][T11009] total_pgmajfault 928
[  265.049964][T11009] total_inactive_anon 47214592
[  265.054940][T11009] total_active_anon 224645120
[  265.059912][T11009] total_inactive_file 1769472
[  265.064689][T11009] total_active_file 2301952
[  265.075450][T11009] total_unevictable 0
[  265.079717][T11009] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11013,uid=0
[  265.098945][T11009] Memory cgroup out of memory: OOM victim 11013 (syz.2.3559) is already exiting. Skip killing the task
[  265.185349][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  265.196617][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  265.217009][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  265.240787][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  265.269477][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.288758][    T9] usb 2-1: config 0 descriptor??
[  265.599303][    T9] usbhid 2-1:0.0: can't add hid device: -71
[  265.616870][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  265.634319][    T9] usb 2-1: USB disconnect, device number 66
[  265.897382][T11390] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  266.083471][T11019] syz.2.3559 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  266.162433][T11019] CPU: 1 UID: 0 PID: 11019 Comm: syz.2.3559 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  266.162479][T11019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  266.162495][T11019] Call Trace:
[  266.162503][T11019]  <TASK>
[  266.162513][T11019]  __dump_stack+0x21/0x30
[  266.162550][T11019]  dump_stack_lvl+0x10c/0x190
[  266.162582][T11019]  ? __cfi_dump_stack_lvl+0x10/0x10
[  266.162621][T11019]  ? ___ratelimit+0x3f7/0x5a0
[  266.162656][T11019]  dump_stack+0x19/0x20
[  266.162685][T11019]  dump_header+0xd7/0x490
[  266.162709][T11019]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  266.162740][T11019]  oom_kill_process+0x35d/0x640
[  266.162769][T11019]  ? sched_clock_cpu+0x75/0x400
[  266.162801][T11019]  out_of_memory+0x659/0xa80
[  266.162829][T11019]  ? __cfi_out_of_memory+0x10/0x10
[  266.162857][T11019]  ? mutex_lock_killable+0x92/0x1c0
[  266.162881][T11019]  ? __cfi_mutex_lock_killable+0x10/0x10
[  266.162906][T11019]  mem_cgroup_out_of_memory+0x279/0x350
[  266.162930][T11019]  ? drain_obj_stock+0xed0/0xed0
[  266.162953][T11019]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  266.162974][T11019]  try_charge_memcg+0x8f7/0xde0
[  266.163005][T11019]  ? __cfi_try_charge_memcg+0x10/0x10
[  266.163035][T11019]  ? __alloc_pages_noprof+0x31f/0x7b0
[  266.163067][T11019]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  266.163099][T11019]  __mem_cgroup_charge+0xf6/0x410
[  266.163132][T11019]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  266.163167][T11019]  shmem_alloc_and_add_folio+0x86d/0x1050
[  266.163198][T11019]  ? put_swap_device+0x130/0x130
[  266.163225][T11019]  ? shmem_huge_global_enabled+0x2da/0x360
[  266.163251][T11019]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  266.163276][T11019]  ? _raw_spin_lock+0x8c/0x120
[  266.163305][T11019]  shmem_get_folio_gfp+0x5f0/0x1380
[  266.163332][T11019]  ? shmem_get_folio+0xc0/0xc0
[  266.163355][T11019]  ? follow_page_pte+0xa5c/0xb90
[  266.163386][T11019]  ? inode_to_bdi+0x6d/0x100
[  266.163420][T11019]  shmem_write_begin+0xf4/0x270
[  266.163448][T11019]  generic_perform_write+0x330/0x960
[  266.163484][T11019]  ? __cfi_generic_perform_write+0x10/0x10
[  266.163517][T11019]  ? down_write+0xe9/0x2a0
[  266.163541][T11019]  ? file_update_time+0xa3/0x220
[  266.163573][T11019]  shmem_file_write_iter+0x105/0x130
[  266.163613][T11019]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  266.163641][T11019]  __kernel_write_iter+0x41a/0x8e0
[  266.163661][T11019]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  266.163693][T11019]  ? __cfi___kernel_write_iter+0x10/0x10
[  266.163713][T11019]  ? get_dump_page+0x160/0x220
[  266.163742][T11019]  ? __asan_memset+0x39/0x50
[  266.163762][T11019]  ? iov_iter_bvec+0xc0/0x180
[  266.163791][T11019]  dump_user_range+0xb06/0xdf0
[  266.163815][T11019]  ? __cfi_dump_emit+0x10/0x10
[  266.163836][T11019]  ? __cfi_dump_user_range+0x10/0x10
[  266.163858][T11019]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  266.163892][T11019]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  266.163925][T11019]  ? elf_core_dump+0x2368/0x3800
[  266.163954][T11019]  elf_core_dump+0x2ccc/0x3800
[  266.163985][T11019]  ? __cfi_elf_core_dump+0x10/0x10
[  266.164020][T11019]  ? dump_interrupted+0xf0/0xf0
[  266.164053][T11019]  ? filp_open+0x182/0x1d0
[  266.164082][T11019]  ? 0xffffffffff600000
[  266.164100][T11019]  ? freezing_slow_path+0x12b/0x170
[  266.164133][T11019]  do_coredump+0x1bfa/0x2bd0
[  266.164170][T11019]  ? __cfi_do_coredump+0x10/0x10
[  266.164203][T11019]  ? asm_exc_page_fault+0x2b/0x30
[  266.164236][T11019]  ? __kasan_slab_free+0x6a/0x80
[  266.164261][T11019]  ? kmem_cache_free+0x1c1/0x510
[  266.164284][T11019]  ? get_signal+0xa75/0x14f0
[  266.164313][T11019]  get_signal+0x11fd/0x14f0
[  266.164345][T11019]  arch_do_signal_or_restart+0x96/0x720
[  266.164381][T11019]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  266.164418][T11019]  ? __kasan_check_write+0x18/0x20
[  266.164453][T11019]  irqentry_exit_to_user_mode+0x4e/0xb0
[  266.164478][T11019]  irqentry_exit+0x16/0x60
[  266.164502][T11019]  exc_page_fault+0x66/0xc0
[  266.164526][T11019]  asm_exc_page_fault+0x2b/0x30
[  266.164549][T11019] RIP: 0033:0x7ffbf278efc9
[  266.164574][T11019] Code: Unable to access opcode bytes at 0x7ffbf278ef9f.
[  266.164585][T11019] RSP: 002b:00007ffbf3629fe8 EFLAGS: 00010206
[  266.164616][T11019] RAX: 0000000000000000 RBX: 00007ffbf29e6090 RCX: 00007ffbf278efc9
[  266.164634][T11019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000200
[  266.164649][T11019] RBP: 00007ffbf2811f91 R08: 0000000000000000 R09: 0000000000000000
[  266.164665][T11019] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  266.164679][T11019] R13: 00007ffbf29e6128 R14: 00007ffbf29e6090 R15: 00007ffce88beac8
[  266.164700][T11019]  </TASK>
[  266.637448][T11019] memory: usage 287052kB, limit 307200kB, failcnt 28804
[  266.644715][T11019] memory+swap: usage 410544kB, limit 9007199254740988kB, failcnt 0
[  266.652750][T11019] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  266.659978][T11019] Memory cgroup stats for /syz2:
[  266.660148][T11019] cache 293392384
[  266.670077][T11019] rss 45056
[  266.673217][T11019] rss_huge 0
[  266.676754][T11019] shmem 291819520
[  266.680463][T11019] mapped_file 1122304
[  266.684607][T11019] dirty 0
[  266.687887][T11019] writeback 12288
[  266.691552][T11019] workingset_refault_anon 6900
[  266.696693][T11019] workingset_refault_file 5161
[  266.701630][T11019] swap 125886464
[  266.705463][T11019] swapcached 65536
[  266.709949][T11019] pgpgin 764189
[  266.713436][T11019] pgpgout 695585
[  266.717093][T11019] pgfault 309684
[  266.720820][T11019] pgmajfault 975
[  266.724494][T11019] inactive_anon 214753280
[  266.728951][T11019] active_anon 76697600
[  266.733098][T11019] inactive_file 0
[  266.736831][T11019] active_file 1572864
[  266.740870][T11019] unevictable 0
[  266.744425][T11019] hierarchical_memory_limit 314572800
[  266.749821][T11019] hierarchical_memsw_limit 9223372036854771712
[  266.756063][T11019] total_cache 293392384
[  266.760239][T11019] total_rss 45056
[  266.763941][T11019] total_rss_huge 0
[  266.767679][T11019] total_shmem 291819520
[  266.771859][T11019] total_mapped_file 1122304
[  266.776427][T11019] total_dirty 0
[  266.779905][T11019] total_writeback 12288
[  266.784114][T11019] total_workingset_refault_anon 6900
[  266.786419][T11406] random: crng reseeded on system resumption
[  266.789414][T11019] total_workingset_refault_file 5161
[  266.789429][T11019] total_swap 125886464
[  266.789438][T11019] total_swapcached 65536
[  266.789447][T11019] total_pgpgin 764189
[  266.813284][T11019] total_pgpgout 695585
[  266.817413][T11019] total_pgfault 309684
[  266.821504][T11019] total_pgmajfault 975
[  266.825636][T11019] total_inactive_anon 214753280
[  266.830501][T11019] total_active_anon 76697600
[  266.835114][T11019] total_inactive_file 0
[  266.839387][T11019] total_active_file 1572864
[  266.843905][T11019] total_unevictable 0
[  266.847983][T11019] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3559,pid=11005,uid=0
[  266.863000][T11019] Memory cgroup out of memory: OOM victim 11005 (syz.2.3559) is already exiting. Skip killing the task
[  267.184048][T11413] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  267.191546][T11413] rust_binder: 445: no such ref 1
[  267.930311][T11424] fuse: Invalid rootmode
[  267.935353][T11424] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  268.200644][   T31] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  268.372303][   T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.383301][   T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.393109][   T31] usb 2-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00
[  268.402167][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.410869][   T31] usb 2-1: config 0 descriptor??
[  268.784933][   T36] audit: type=1400 audit(2000000082.994:3146): avc:  denied  { map } for  pid=11437 comm="syz.2.3699" path="socket:[41806]" dev="sockfs" ino=41806 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  268.978085][   T31] usbhid 2-1:0.0: can't add hid device: -71
[  268.984193][   T31] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  268.993141][   T31] usb 2-1: USB disconnect, device number 67
[  269.065393][T11460] veth0_virt_wifi: entered allmulticast mode
[  269.072259][T11460] veth0_virt_wifi: left allmulticast mode
[  269.569340][T11470] new mount options do not match the existing superblock, will be ignored
[  269.650434][    C1] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  269.703531][   T31] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  269.864611][   T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.875650][   T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.885451][   T31] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  269.894543][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.903349][   T31] usb 2-1: config 0 descriptor??
[  270.338198][   T31] arvo 0003:1E7D:30D4.0012: bogus close delimiter
[  270.344849][   T31] arvo 0003:1E7D:30D4.0012: item 0 0 2 10 parsing failed
[  270.352285][   T31] arvo 0003:1E7D:30D4.0012: parse failed
[  270.358027][   T31] arvo 0003:1E7D:30D4.0012: probe with driver arvo failed with error -22
[  270.558115][T11468] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  270.613994][T11546] rust_binder: Failed to allocate buffer. len:1144, is_oneway:true
[  270.620564][T11546] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  270.628648][T11546] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:465
[  270.639022][T11546] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  270.648419][T11546] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:465
[  270.655584][T11546] rust_binder: Write failure EINVAL in pid:465
[  270.665603][   T36] audit: type=1400 audit(2000000084.767:3147): avc:  denied  { nlmsg_write } for  pid=11550 comm="syz.4.3735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  270.695737][T11556] netlink: 'syz.4.3737': attribute type 2 has an invalid length.
[  270.949125][T11578] netlink: 'syz.0.3747': attribute type 64 has an invalid length.
[  270.957083][T11578] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3747'.
[  270.966744][T11579] netlink: 'syz.0.3747': attribute type 64 has an invalid length.
[  270.974903][T11579] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3747'.
[  271.001658][T11586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3749'.
[  271.083196][T11588] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1014 sclass=netlink_tcpdiag_socket pid=11588 comm=syz.0.3750
[  271.374231][T11625] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pid=11625 comm=syz.0.3763
[  272.660767][  T520] usb 2-1: USB disconnect, device number 68
[  272.801409][T11694] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3784'.
[  273.403251][T11712] x_tables: duplicate entry at hook 1
[  273.409764][T11712] netlink: 'syz.2.3791': attribute type 11 has an invalid length.
[  273.412104][T11713] netlink: 'syz.2.3791': attribute type 11 has an invalid length.
[  273.570206][T11735] netlink: 'syz.2.3798': attribute type 4 has an invalid length.
[  273.580328][T11737] netlink: 'syz.2.3798': attribute type 4 has an invalid length.
[  273.601978][T11742] overlayfs: failed to clone upperpath
[  273.714434][   T36] audit: type=1326 audit(2000000600.628:3148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11696 comm="syz.4.3785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb52cb8efc9 code=0x7fc00000
[  273.738432][   T36] audit: type=1326 audit(2000000600.628:3149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11696 comm="syz.4.3785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb52cb8efc9 code=0x7fc00000
[  273.762644][   T36] audit: type=1326 audit(2000000600.628:3150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11696 comm="syz.4.3785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb52cb8efc9 code=0x7fc00000
[  273.788380][T11754] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  273.798008][T11754] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock
[  273.806524][T11754] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  273.814784][T11754] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock
[  273.979487][T11779] netlink: 'syz.4.3815': attribute type 10 has an invalid length.
[  274.094911][   T45] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  274.201524][T11789] 9pnet_fd: Insufficient options for proto=fd
[  274.254843][   T45] usb 2-1: Using ep0 maxpacket: 32
[  274.261096][   T45] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[  274.269374][   T45] usb 2-1: config 0 has no interface number 0
[  274.277285][   T45] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  274.286541][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.294655][   T45] usb 2-1: Product: syz
[  274.298871][   T45] usb 2-1: Manufacturer: syz
[  274.303472][   T45] usb 2-1: SerialNumber: syz
[  274.308777][   T45] usb 2-1: config 0 descriptor??
[  274.534307][T11761] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3808'.
[  274.543815][T11761] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  274.543903][T11761] rust_binder: inc_ref_done called when no active inc_refs
[  274.646259][T11800] overlayfs: failed to clone upperpath
[  274.769843][T11811] overlayfs: failed to resolve './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  275.003164][   T45] usb 2-1: USB disconnect, device number 69
[  275.825597][   T36] audit: type=1326 audit(2000000603.606:3151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11842 comm="syz.2.3841" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbf278efc9 code=0x0
[  275.848909][   T36] audit: type=1400 audit(2000000603.625:3152): avc:  denied  { unmount } for  pid=9112 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  275.881576][T11853] fuse: Bad value for 'fd'
[  276.076921][T11869] 9pnet_fd: Insufficient options for proto=fd
[  277.360468][T11911] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3864'.
[  277.369647][T11912] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3864'.
[  277.374646][T11911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3864'.
[  277.387765][T11912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3864'.
[  277.397700][T11911] x_tables: unsorted underflow at hook 2
[  277.415973][T11914] tipc: Started in network mode
[  277.421013][T11914] tipc: Node identity -, cluster identity 4711
[  277.427255][T11914] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  278.346728][   T36] audit: type=1400 audit(2000000605.961:3153): avc:  denied  { shutdown } for  pid=11981 comm="syz.2.3889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  278.758648][T11991] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3892'.
[  278.904778][T11997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=11997 comm=syz.4.3894
[  278.955055][T12010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3897'.
[  278.964846][T12009] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12009 comm=syz.2.3897
[  279.601316][T12035] 9p: Unknown Cache mode or invalid value mbinderfs/binder1
[  279.653694][T12040] x_tables: unsorted entry at hook 1
[  279.661087][T12040] batadv_slave_1: entered promiscuous mode
[  279.669539][T12040] batadv_slave_1: left promiscuous mode
[  280.320279][T12068] bpf: Bad value for 'gid'
[  280.897791][T12115] netlink: 124 bytes leftover after parsing attributes in process `syz.0.3934'.
[  281.328214][T12151] /dev/loop0: Can't lookup blockdev
[  281.378435][   T36] audit: type=1326 audit(2000000608.813:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12159 comm="syz.1.3948" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x0
[  282.221519][T12200] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3962'.
[  282.260032][T12204] netlink: 'syz.4.3964': attribute type 10 has an invalid length.
[  282.268206][T12204] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3964'.
[  282.277710][T12204] bridge_slave_1: left promiscuous mode
[  282.283629][T12204] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.968799][T12251] 9pnet_fd: Insufficient options for proto=fd
[  283.076972][   T36] audit: type=1326 audit(2000000610.399:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12263 comm="syz.4.3988" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb52cb8efc9 code=0x0
[  283.178176][T12271] overlayfs: failed to clone lowerpath
[  283.603821][T12288] fuse: Bad value for 'group_id'
[  283.620333][T12288] fuse: Bad value for 'group_id'
[  283.768366][   T36] audit: type=1400 audit(2000000611.056:3156): avc:  denied  { bind } for  pid=12310 comm="syz.0.4004" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  284.534234][T12358] netlink: 'syz.2.4018': attribute type 2 has an invalid length.
[  284.747019][   T36] audit: type=1400 audit(2000000611.975:3157): avc:  denied  { getopt } for  pid=12383 comm="syz.1.4029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  284.750723][T12386] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  284.767847][T12384] /dev/rnullb0: Can't lookup blockdev
[  284.786861][T12386] sock: sock_timestamping_bind_phc: sock not bind to device
[  284.975970][T12422] netlink: 'syz.4.4032': attribute type 8 has an invalid length.
[  284.983906][T12422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4032'.
[  285.092676][T12425] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  285.128539][T12432] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4043'.
[  285.459127][T12457] sock: sock_timestamping_bind_phc: sock not bind to device
[  285.601677][   T36] audit: type=1400 audit(2000000612.773:3158): avc:  denied  { map } for  pid=12479 comm="syz.1.4060" path="socket:[45498]" dev="sockfs" ino=45498 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  286.099757][   T36] audit: type=1400 audit(2000000613.242:3159): avc:  denied  { create } for  pid=12510 comm="syz.4.4071" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  286.125304][T12518] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4073'.
[  286.184308][T12518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4073'.
[  286.283191][T12538] netlink: 124 bytes leftover after parsing attributes in process `syz.1.4078'.
[  286.792260][T12557] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4086'.
[  286.908568][T12577] netlink: 'syz.2.4094': attribute type 1 has an invalid length.
[  286.917392][T12581] netlink: 'syz.2.4094': attribute type 1 has an invalid length.
[  286.940444][T12583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4096'.
[  287.432666][T12615] overlayfs: failed to clone upperpath
[  287.904124][T12642] fuse: Bad value for 'fd'
[  287.930952][T12642] fuse: Bad value for 'fd'
[  287.971833][T12650] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4116'.
[  288.068513][    C1] ip6_tunnel: syztnl1 xmit: Local address not yet configured!
[  288.110486][T12671] fuseblk: Bad value for 'group_id'
[  288.115831][T12671] fuseblk: Bad value for 'group_id'
[  288.347586][T12684] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4127'.
[  288.548843][T12694] fuse: Bad value for 'group_id'
[  288.554024][T12694] fuse: Bad value for 'group_id'
[  288.679640][T12701] batadv_slave_1: entered promiscuous mode
[  288.690364][T12700] batadv_slave_1: left promiscuous mode
[  289.448098][T12739] 9pnet_fd: Insufficient options for proto=fd
[  290.085430][T12756] 9pnet_fd: Insufficient options for proto=fd
[  290.668597][T12782] incfs: Options parsing error. -22
[  290.674092][T12782] incfs: mount failed -22
[  290.782628][T12805] sock: sock_timestamping_bind_phc: sock not bind to device
[  290.821046][T12810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4175'.
[  291.074835][T12818] cgroup: fork rejected by pids controller in /syz4
[  291.403911][T12949] fuseblk: Bad value for 'user_id'
[  291.409279][T12949] fuseblk: Bad value for 'user_id'
[  291.439175][T12952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4182'.
[  291.843498][T12952] netlink: 'syz.2.4182': attribute type 64 has an invalid length.
[  292.008289][T12967] netlink: 'syz.2.4186': attribute type 15 has an invalid length.
[  292.016737][T12967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12967 comm=syz.2.4186
[  292.031485][T12967] netlink: 'syz.2.4186': attribute type 1 has an invalid length.
[  292.039578][T12967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4186'.
[  292.238365][T12983] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4193'.
[  292.267489][T12985] overlayfs: conflicting lowerdir path
[  292.396010][T13001] Invalid ELF header magic: != ELF
[  292.400601][   T36] audit: type=1400 audit(2000000619.143:3160): avc:  denied  { module_load } for  pid=13000 comm="syz.2.4200" path="/bus" dev="ramfs" ino=45998 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=system permissive=1
[  292.467442][T13008] devpts: called with bogus options
[  293.324224][   T36] audit: type=1400 audit(2000000620.025:3161): avc:  denied  { lock } for  pid=13064 comm="syz.4.4218" path="socket:[47198]" dev="sockfs" ino=47198 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  293.897259][   T36] audit: type=1326 audit(2000000620.550:3162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12783 comm="syz.0.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f092618efc9 code=0x7fc00000
[  294.064355][   T36] audit: type=1400 audit(2000000620.710:3163): avc:  denied  { map } for  pid=13094 comm="syz.4.4223" path="socket:[47205]" dev="sockfs" ino=47205 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  294.773299][T13144] bridge0: left allmulticast mode
[  294.989886][T13178] overlay: Unknown parameter 'euid>00000000000000000000'
[  295.213708][T13186] netlink: 140 bytes leftover after parsing attributes in process `syz.4.4257'.
[  295.234143][   T36] audit: type=1326 audit(2000000621.817:3164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.4.4258" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb52cb8efc9 code=0x0
[  296.134755][T13209] fuse: Unknown parameter '������'
[  296.152331][T13211] netlink: 108 bytes leftover after parsing attributes in process `syz.4.4268'.
[  296.527426][T13249] /dev/loop0: Can't lookup blockdev
[  296.603684][   T36] audit: type=1400 audit(2000000623.093:3165): avc:  denied  { setattr } for  pid=13264 comm="syz.2.4288" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=47372 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  297.391157][   T36] audit: type=1400 audit(2000000623.834:3166): avc:  denied  { audit_write } for  pid=13321 comm="syz.1.4308" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  297.427860][   T36] audit: type=1107 audit(2000000623.834:3167): pid=13321 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  297.515081][T13336] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4314'.
[  297.547496][   T36] audit: type=1400 audit(2000000623.984:3168): avc:  denied  { mount } for  pid=13334 comm="syz.0.4314" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  297.633729][   T36] audit: type=1400 audit(2000000624.059:3169): avc:  denied  { getopt } for  pid=13348 comm="syz.1.4320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  297.873592][T13384] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13384 comm=syz.1.4335
[  298.018609][T13398] netlink: 'syz.4.4338': attribute type 13 has an invalid length.
[  298.577065][T13436] netlink: 'syz.2.4350': attribute type 16 has an invalid length.
[  298.749376][ T6604] tipc: Subscription rejected, illegal request
[  298.844273][T13483] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13483 comm=syz.0.4369
[  298.962334][T13484] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.969443][T13484] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.985347][T13484] bridge_slave_0: entered allmulticast mode
[  298.998595][T13484] bridge_slave_0: entered promiscuous mode
[  299.011165][T13484] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.026767][T13484] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.041083][T13484] bridge_slave_1: entered allmulticast mode
[  299.054584][T13484] bridge_slave_1: entered promiscuous mode
[  299.095418][T13494] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=13494 comm=syz.4.4371
[  299.220974][T13484] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.228102][T13484] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.235417][T13484] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.242529][T13484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.265421][ T6604] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.272924][ T6604] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.283355][ T6605] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.290434][ T6605] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.299858][ T6604] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.307025][ T6604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.343163][T13484] veth0_vlan: entered promiscuous mode
[  299.355468][T13484] veth1_macvtap: entered promiscuous mode
[  299.725811][T13528] netlink: 'syz.0.4379': attribute type 64 has an invalid length.
[  300.361655][T13556] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  300.431680][   T36] audit: type=1400 audit(2000000626.686:3170): avc:  denied  { listen } for  pid=13566 comm="syz.1.4391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  300.469728][T13570] netlink: 'syz.0.4392': attribute type 46 has an invalid length.
[  300.493599][T13570] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4392'.
[  300.515697][T13569] bridge0: port 2(erspan0) entered blocking state
[  300.550427][T13569] bridge0: port 2(erspan0) entered disabled state
[  300.568510][T13569] erspan0: entered allmulticast mode
[  300.580644][T13569] erspan0: entered promiscuous mode
[  300.592067][T13569] bridge0: port 2(erspan0) entered blocking state
[  300.598598][T13569] bridge0: port 2(erspan0) entered forwarding state
[  300.922871][T13595] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.929961][T13595] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.944269][T13595] bridge_slave_0: entered allmulticast mode
[  300.950715][T13595] bridge_slave_0: entered promiscuous mode
[  300.958011][T13595] bridge0: port 2(bridge_slave_1) entered blocking state
[  300.965075][T13595] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.974255][T13595] bridge_slave_1: entered allmulticast mode
[  300.983655][T13595] bridge_slave_1: entered promiscuous mode
[  301.180052][ T6605] ip6gretap0: left allmulticast mode
[  301.186208][ T6605] ip6gretap0: left promiscuous mode
[  301.191855][ T6605] bridge0: port 3(ip6gretap0) entered disabled state
[  301.199203][ T6605] bridge_slave_1: left allmulticast mode
[  301.205289][ T6605] bridge_slave_1: left promiscuous mode
[  301.211188][ T6605] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.218705][ T6605] bridge_slave_0: left allmulticast mode
[  301.224863][ T6605] bridge_slave_0: left promiscuous mode
[  301.230611][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.305379][ T6604] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.312663][ T6604] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.329459][T13612] cgroup: Setting release_agent not allowed
[  301.335670][T13612] cgroup: Setting release_agent not allowed
[  301.347553][ T6605] veth1_macvtap: left promiscuous mode
[  301.353328][ T6605] veth0_vlan: left promiscuous mode
[  301.391910][T13612] cgroup: Setting release_agent not allowed
[  301.397955][T13612] cgroup: Setting release_agent not allowed
[  301.424830][ T6604] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.431967][ T6604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.455481][T13595] veth0_vlan: entered promiscuous mode
[  301.477113][   T31] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  301.486769][T13595] veth1_macvtap: entered promiscuous mode
[  301.545661][T13620] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:2
[  301.647661][   T31] usb 3-1: Using ep0 maxpacket: 16
[  301.669397][T13633] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  301.669439][T13633] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:2
[  301.670252][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  301.719866][   T31] usb 3-1: config 0 has no interfaces?
[  301.722767][T13635] overlayfs: missing 'workdir'
[  301.726477][   T31] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  301.739718][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  301.748188][   T31] usb 3-1: SerialNumber: syz
[  301.759041][   T31] usb 3-1: config 0 descriptor??
[  301.766993][ T6605] bridge_slave_1: left allmulticast mode
[  301.775067][ T6605] bridge_slave_1: left promiscuous mode
[  301.786646][ T6605] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.802949][ T6605] bridge_slave_0: left allmulticast mode
[  301.813371][ T6605] bridge_slave_0: left promiscuous mode
[  301.822556][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.881306][T13639] overlayfs: failed to clone lowerpath
[  301.960874][ T6605] tipc: Left network mode
[  301.971340][ T6605] veth1_macvtap: left promiscuous mode
[  301.979899][ T6605] veth0_vlan: left promiscuous mode
[  301.985944][   T31] usb 3-1: USB disconnect, device number 40
[  302.537677][T13664] cgroup2: Unknown parameter 'pids_lmcaleve��w'
[  302.537817][T13665] cgroup2: Unknown parameter 'pids_lmcaleve��w'
[  302.692252][   T31] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  302.798873][ T1501] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  302.852083][   T31] usb 1-1: Using ep0 maxpacket: 16
[  302.858826][   T31] usb 1-1: unable to get BOS descriptor or descriptor too short
[  302.867884][   T31] usb 1-1: config 8 has an invalid interface number: 132 but max is 0
[  302.876327][   T31] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  302.886864][   T31] usb 1-1: config 8 has no interface number 0
[  302.893248][   T31] usb 1-1: config 8 interface 132 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  302.897679][T13667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4419'.
[  302.906784][   T31] usb 1-1: config 8 interface 132 has no altsetting 0
[  302.924156][   T31] usb 1-1: New USB device found, idVendor=07cf, idProduct=1001, bcdDevice=8f.8b
[  302.933478][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.941602][   T31] usb 1-1: Product: syz
[  302.946394][   T31] usb 1-1: Manufacturer: syz
[  302.951550][   T31] usb 1-1: SerialNumber: syz
[  302.975072][ T1501] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  302.986705][ T1501] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  302.997768][ T1501] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  303.007763][ T1501] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  303.022973][ T1501] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  303.032278][ T1501] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.042076][ T1501] usb 3-1: config 0 descriptor??
[  303.116488][   T36] audit: type=1400 audit(2000000629.200:3171): avc:  denied  { accept } for  pid=13698 comm="syz.1.4433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  303.183966][T13654] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  303.184011][T13654] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:5
[  303.201508][   T31] usb-storage 1-1:8.132: USB Mass Storage device detected
[  303.219162][   T31] usb-storage 1-1:8.132: Quirks match for vid 07cf pid 1001: a
[  303.233050][T13720] netlink: 37 bytes leftover after parsing attributes in process `syz.4.4439'.
[  303.258430][T13722] overlayfs: failed to clone upperpath
[  303.277946][   T31] usb 1-1: USB disconnect, device number 18
[  303.480776][ T1501] plantronics 0003:047F:FFFF.0013: ignoring exceeding usage max
[  303.492143][ T1501] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving
[  303.509330][ T1501] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  303.767477][T13727] rust_binder: 7: no such ref 3
[  303.772580][T13726] rust_binder: 7: no such ref 3
[  303.777641][T13727] rust_binder: 7: no such ref 1
[  303.783047][T13726] rust_binder: 7: no such ref 1
[  303.787935][T13726] rust_binder: Write failure EFAULT in pid:7
[  303.787997][T13727] rust_binder: Write failure EFAULT in pid:7
[  303.846527][T13735] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4444'.
[  304.120521][ T1501] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  304.280355][ T1501] usb 1-1: Using ep0 maxpacket: 16
[  304.286600][ T1501] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  304.295391][ T1501] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  304.305764][ T1501] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  304.316273][ T1501] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  304.325448][ T1501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.334024][ T1501] usb 1-1: Product: syz
[  304.338228][ T1501] usb 1-1: Manufacturer: syz
[  304.342845][ T1501] usb 1-1: SerialNumber: syz
[  304.776600][ T1501] usb 1-1: 0:2 : does not exist
[  304.899673][   T36] audit: type=1326 audit(2000000630.880:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13768 comm="syz.2.4457" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa76878efc9 code=0x0
[  305.042891][T13772] /dev/loop0: Can't lookup blockdev
[  305.635822][T13735] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:12
[  305.637144][T13735] sock: sock_timestamping_bind_phc: sock not bind to device
[  305.662026][ T1501] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[  305.678056][ T1501] usb 1-1: USB disconnect, device number 19
[  305.687792][T13649] udevd[13649]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  305.709155][   T10] usb 3-1: USB disconnect, device number 41
[  306.308298][T13827] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=13827 comm=syz.1.4475
[  306.454791][ T1501] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  306.614680][ T1501] usb 1-1: Using ep0 maxpacket: 32
[  306.621019][ T1501] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  306.629774][ T1501] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  306.638453][ T1501] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  306.647462][ T1501] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  306.657112][ T1501] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  306.666797][ T1501] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  306.679850][ T1501] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  306.688897][ T1501] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.697642][ T1501] usb 1-1: config 0 descriptor??
[  306.920079][ T1501] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  306.932324][ T1501] usb 1-1: USB disconnect, device number 20
[  306.939195][ T1501] usblp0: removed
[  306.969501][T13837] netlink: 'syz.1.4478': attribute type 4 has an invalid length.
[  306.977339][T13837] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4478'.
[  307.027240][T13851] overlayfs: missing 'lowerdir'
[  307.382053][   T10] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  307.541910][   T10] usb 1-1: Using ep0 maxpacket: 32
[  307.548189][   T10] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  307.556864][   T10] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  307.565527][   T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  307.574543][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  307.584212][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  307.594153][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  307.607487][   T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  307.616620][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.625517][   T10] usb 1-1: config 0 descriptor??
[  307.725669][T13858] netlink: 120 bytes leftover after parsing attributes in process `syz.1.4484'.
[  307.735490][T13858] netlink: 120 bytes leftover after parsing attributes in process `syz.1.4484'.
[  307.850454][   T10] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  308.183522][ T1889] Bluetooth: hci0: Frame reassembly failed (-84)
[  308.438454][   T45] usb 1-1: USB disconnect, device number 21
[  308.445133][   T45] usblp0: removed
[  308.803708][T13905] overlay: Unknown parameter 'func'
[  308.809277][T13906] overlay: Unknown parameter 'func'
[  309.257989][   T45] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  309.417889][   T45] usb 1-1: Using ep0 maxpacket: 32
[  309.428913][   T45] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  309.437499][   T45] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  309.446523][   T45] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  309.456710][   T45] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  309.465890][   T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  309.475591][   T45] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  309.488573][   T45] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  309.499432][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.513452][   T45] usb 1-1: config 0 descriptor??
[  309.733040][    T9] usb 1-1: USB disconnect, device number 22
[  310.102173][T13991] 9pnet_fd: Insufficient options for proto=fd
[  310.154412][T13995] rust_binder: 38: no such ref 1
[  310.323841][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  310.323841][ T1644] Bluetooth: hci0: command 0x1003 tx timeout
[  310.393322][T14005] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  310.520378][T14009] rust_binder: 14008 RLIMIT_NICE not set
[  310.572298][T14011] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:54
[  310.609808][T14016] binder: Unknown parameter 'defcontext01777777777777777777777'
[  310.639649][T14021] overlayfs: failed to clone lowerpath
[  310.725214][T14028] fuse: Bad value for 'group_id'
[  310.730283][T14028] fuse: Bad value for 'group_id'
[  310.776945][T14033] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4549'.
[  310.789810][T14037] netlink: 'syz.4.4548': attribute type 27 has an invalid length.
[  310.822113][T14037] bridge0: port 2(erspan0) entered disabled state
[  310.837444][T14037] sit0: left promiscuous mode
[  310.855995][T14037] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.867412][   T36] audit: type=1326 audit(2000000636.471:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  310.918161][   T36] audit: type=1326 audit(2000000636.471:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  310.941925][T14037] bridge_slave_1: left allmulticast mode
[  310.962637][   T36] audit: type=1326 audit(2000000636.471:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  310.992656][T14037] batadv_slave_0: left promiscuous mode
[  310.999424][T14037] batadv_slave_0: left allmulticast mode
[  311.005626][   T36] audit: type=1326 audit(2000000636.471:3176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  311.029927][   T36] audit: type=1326 audit(2000000636.471:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  311.053680][   T36] audit: type=1326 audit(2000000636.471:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  311.078093][   T36] audit: type=1326 audit(2000000636.471:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  311.102083][   T36] audit: type=1326 audit(2000000636.471:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  311.125956][   T36] audit: type=1326 audit(2000000636.471:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  311.150268][   T36] audit: type=1326 audit(2000000636.471:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.1.4553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5f7e78efc9 code=0x7ffc0000
[  311.184932][T14037] vlan1: left promiscuous mode
[  311.194946][T14037] vlan1: left allmulticast mode
[  311.205595][T14037] veth0_vlan: left allmulticast mode
[  311.277170][T14066] netlink: 'syz.0.4559': attribute type 12 has an invalid length.
[  311.310693][T14070] overlayfs: failed to clone lowerpath
[  311.405428][T14080] rust_binder: Error while translating object.
[  311.405480][T14080] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  311.412070][T14080] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:68
[  311.452948][T14084] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 224, size: 226)
[  311.462521][T14084] rust_binder: Error while translating object.
[  311.485936][T14084] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  311.492453][T14084] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70
[  311.586306][T14088] input: syz1 as /devices/virtual/input/input23
[  311.669771][T14093] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  311.721540][T14101] rust_binder: Error in use_page_slow: ESRCH
[  311.721565][T14101] rust_binder: use_range failure ESRCH
[  311.727664][T14101] rust_binder: Failed to allocate buffer. len:1176, is_oneway:false
[  311.733190][T14101] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  311.741586][T14101] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:51
[  311.742086][T14103] rust_binder: 14095 RLIMIT_NICE not set
[  311.760595][T14104] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  311.774596][T14107] rust_binder: Got transaction with invalid offset.
[  311.774643][T14107] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  311.781366][T14107] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:54
[  312.040002][ T1501] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  312.135824][   T45] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  312.210609][ T1501] usb 1-1: Using ep0 maxpacket: 8
[  312.222731][ T1501] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  312.231484][ T1501] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  312.253039][ T1501] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  312.263190][ T1501] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  312.274367][   T45] usb 3-1: device descriptor read/64, error -71
[  312.282194][ T1501] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  312.291478][ T1501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.299686][ T1501] usb 1-1: Product: ї
[  312.303807][ T1501] usb 1-1: Manufacturer: 追农鄕뙩薠녡Β玦Ϝ郮ᓢ硌ꞙ궀㠳首➧Ꮞ臡뾢鈓䦄趛膽ᣒﳔ茀猔⽶양੡湼頤᫪絁틊ቇ묊奴禛謆Ι澘㷔ꄶꬔꖈ⑐慄聹볜춂뱏ퟬᰜ갲＊⨖爎閹㤕삄라꯮瓯䝈Ο슿ᵱČ綯㽤暷螘
[  312.338513][ T1501] usb 1-1: SerialNumber: ᰣ
[  312.430934][T14168] netlink: 'syz.1.4596': attribute type 4 has an invalid length.
[  312.530191][   T45] usb 3-1: device descriptor read/64, error -71
[  312.772260][T14109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.780741][T14170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.781261][T14109] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  312.789907][T14170] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  312.797457][   T45] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[  312.818701][ T1501] usb 1-1: 0:2 : does not exist
[  312.956563][   T45] usb 3-1: device descriptor read/64, error -71
[  313.032535][   T10] usb 1-1: USB disconnect, device number 23
[  313.212386][   T45] usb 3-1: device descriptor read/64, error -71
[  313.329728][   T45] usb usb3-port1: attempt power cycle
[  313.383998][T14183] netlink: 'syz.4.4601': attribute type 1 has an invalid length.
[  313.584749][T14194] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:87
[  313.652507][T14202] overlayfs: failed to clone lowerpath
[  313.692088][   T45] usb 3-1: new full-speed USB device number 44 using dummy_hcd
[  313.714425][   T45] usb 3-1: device descriptor read/8, error -71
[  313.852991][   T45] usb 3-1: device descriptor read/8, error -71
[  314.107704][   T45] usb 3-1: new full-speed USB device number 45 using dummy_hcd
[  314.140667][   T45] usb 3-1: device descriptor read/8, error -71
[  314.279478][   T45] usb 3-1: device descriptor read/8, error -71
[  314.395568][   T45] usb usb3-port1: unable to enumerate USB device
[  314.404481][T14267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4628'.
[  314.506018][T14269] rust_binder: Error while translating object.
[  314.506056][T14269] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  314.512366][T14269] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:93
[  314.864444][   T45] usb 1-1: new low-speed USB device number 24 using dummy_hcd
[  314.877687][T14278] fuse: Bad value for 'fd'
[  315.043718][T14282] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  315.043744][T14282] rust_binder: Read failure Err(EFAULT) in pid:61
[  315.057390][   T45] usb 1-1: config 16 has an invalid interface number: 236 but max is 1
[  315.072706][   T45] usb 1-1: config 16 has an invalid interface number: 175 but max is 1
[  315.081355][   T45] usb 1-1: config 16 has no interface number 0
[  315.089731][   T45] usb 1-1: config 16 has no interface number 1
[  315.096733][   T45] usb 1-1: config 16 interface 175 altsetting 3 endpoint 0x1 has an invalid bInterval 201, changing to 4
[  315.108759][   T45] usb 1-1: config 16 interface 175 altsetting 3 endpoint 0x1 has invalid maxpacket 32, setting to 0
[  315.120131][   T45] usb 1-1: config 16 interface 175 has no altsetting 0
[  315.129776][   T45] usb 1-1: language id specifier not provided by device, defaulting to English
[  315.149539][   T45] usb 1-1: New USB device found, idVendor=2040, idProduct=c61a, bcdDevice=f4.96
[  315.162116][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.230744][T14291] rust_binder: 68: no such ref 0
[  315.240511][T14291] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  315.247792][T14291] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  315.318752][T14297] FAT-fs (rnullb0): bogus number of reserved sectors
[  315.325752][T14297] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  315.417588][T14276] rust_binder: Fixups oob 178 180 369 186
[  315.417620][T14276] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EINVAL }
[  315.446296][T14276] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  315.465555][T14276] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:100
[  315.525089][   T45] usb 1-1: bad CDC descriptors
[  315.548111][   T45] usb 1-1: USB disconnect, device number 24
[  315.898392][ T6605] erspan0: left allmulticast mode
[  315.903567][ T6605] erspan0: left promiscuous mode
[  315.908728][ T6605] bridge0: port 2(erspan0) entered disabled state
[  315.916050][ T6605] bridge_slave_0: left allmulticast mode
[  315.921781][ T6605] bridge_slave_0: left promiscuous mode
[  315.927647][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.099060][T14326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4649'.
[  316.414946][   T36] kauditd_printk_skb: 131 callbacks suppressed
[  316.414967][   T36] audit: type=1400 audit(2000000641.678:3314): avc:  denied  { map } for  pid=14347 comm="syz.0.4656" path="/dev/ttyS3" dev="devtmpfs" ino=28 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  316.415918][T14348] SELinux:  policydb version 1186639329 does not match my version range 15-33
[  316.453607][T14348] SELinux: failed to load policy
[  316.527270][   T10] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  316.687098][   T10] usb 3-1: Using ep0 maxpacket: 32
[  316.694170][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  316.704323][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  316.714927][   T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  316.725030][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.733078][   T10] usb 3-1: Product: Я
[  316.737224][   T10] usb 3-1: Manufacturer: ﻐ⃢ᕊ䁃窕ኺሑ遁Q箻힒㥑菩⧠
[  316.745387][   T10] usb 3-1: SerialNumber: э
[  316.933458][T14353] binder: Bad value for 'max'
[  316.943227][T14356] overlayfs: failed to clone upperpath
[  316.993829][   T10] usb 3-1: 0:2 : does not exist
[  316.999140][T14365] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  317.013606][   T10] usb 3-1: USB disconnect, device number 46
[  317.042000][T14369] ip_vti0: entered allmulticast mode
[  317.071856][T13649] udevd[13649]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  317.119207][T14390] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4666'.
[  317.717144][T14398] netlink: 'syz.2.4670': attribute type 4 has an invalid length.
[  317.729542][T14398] netlink: 'syz.2.4670': attribute type 4 has an invalid length.
[  317.740674][T14396] rust_binder: Error while translating object.
[  317.740704][T14396] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  317.751791][T14398] veth1_macvtap: left promiscuous mode
[  317.769322][T14397] netlink: 'syz.0.4668': attribute type 11 has an invalid length.
[  317.774302][T14396] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:128
[  317.777259][T14398] macsec0: entered allmulticast mode
[  317.792162][T14397] netlink: 'syz.0.4668': attribute type 11 has an invalid length.
[  317.808575][T14403] veth1_macvtap: entered promiscuous mode
[  317.817832][T14403] veth1_macvtap: entered allmulticast mode
[  317.824009][T14403] macsec0: left allmulticast mode
[  317.829496][T14403] veth1_macvtap: left allmulticast mode
[  318.104776][   T45] usb 3-1: new low-speed USB device number 47 using dummy_hcd
[  318.243299][   T45] usb 3-1: device descriptor read/64, error -71
[  318.499124][   T45] usb 3-1: device descriptor read/64, error -71
[  318.754874][   T45] usb 3-1: new low-speed USB device number 48 using dummy_hcd
[  318.893481][   T45] usb 3-1: device descriptor read/64, error -71
[  319.149265][   T45] usb 3-1: device descriptor read/64, error -71
[  319.266592][   T45] usb usb3-port1: attempt power cycle
[  319.628937][   T45] usb 3-1: new low-speed USB device number 49 using dummy_hcd
[  319.651626][   T45] usb 3-1: device descriptor read/8, error -71
[  319.789837][   T45] usb 3-1: device descriptor read/8, error -71
[  320.044584][   T45] usb 3-1: new low-speed USB device number 50 using dummy_hcd
[  320.066979][   T45] usb 3-1: device descriptor read/8, error -71
[  320.205511][   T45] usb 3-1: device descriptor read/8, error -71
[  320.321892][   T45] usb usb3-port1: unable to enumerate USB device
[  320.548576][   T36] audit: type=1400 audit(2000000645.563:3315): avc:  denied  { mount } for  pid=14443 comm="syz.0.4680" name="/" dev="pstore" ino=936 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  320.569417][T14444] rust_binder: Error while translating object.
[  320.571061][T14444] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  320.577425][T14444] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:155
[  320.603203][   T36] audit: type=1400 audit(2000000645.610:3316): avc:  denied  { unmount } for  pid=13595 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  320.781471][ T6605] bridge_slave_1: left allmulticast mode
[  320.789627][ T6605] bridge_slave_1: left promiscuous mode
[  320.801575][ T6605] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.814275][ T6605] bridge_slave_0: left allmulticast mode
[  320.820065][ T6605] bridge_slave_0: left promiscuous mode
[  320.826042][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.952859][ T6605] veth1_macvtap: left promiscuous mode
[  320.958467][ T6605] veth0_vlan: left promiscuous mode
[  321.092048][   T36] audit: type=1400 audit(2000000646.069:3317): avc:  denied  { connect } for  pid=14451 comm="syz.2.4682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  321.574106][T14472] binder: Binderfs stats mode cannot be changed during a remount
[  322.198885][T14483] loop7: detected capacity change from 0 to 7
[  322.207587][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.216825][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  322.225038][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.234234][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  322.242154][T14483]  loop7: unable to read partition table
[  322.249893][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.250301][T14483] loop_reread_partitions: partition scan of loop7 (����ى���C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  322.259112][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  322.286322][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.295559][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  322.307313][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.322567][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.331791][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  322.340264][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.349462][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  322.367508][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  322.376719][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  323.524709][T14517] rust_binder: Error while translating object.
[  323.524756][T14517] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  323.540024][T14517] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:117
[  324.041633][   T45] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  324.224231][   T45] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.236820][   T45] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  324.247273][   T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.265628][   T45] usb 3-1: Product: syz
[  324.269955][   T45] usb 3-1: Manufacturer: syz
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: tun: ioctl(TUNSETIFF) failed
 (errno 22: Invalid argument)
loop exited with status 67
SYZFAIL: repeatedly failed to execute the program
proc=4 req=4648 state=3 status=67 (errno 32: Broken pipe)
[  324.274604][   T45] usb 3-1: SerialNumber: syz
[  324.288899][   T36] audit: type=1400 audit(2000000649.072:3318): avc:  denied  { write } for  pid=282 comm="syz-executor" path="pipe:[3194]" dev="pipefs" ino=3194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  324.554532][   T45] cdc_ncm 3-1:1.0: bind() failure
[  324.560757][   T45] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  324.568555][   T45] cdc_ncm 3-1:1.1: bind() failure
[  324.583522][   T45] usb 3-1: USB disconnect, device number 51
[  324.661435][ T6605] bridge_slave_1: left allmulticast mode
[  324.667222][ T6605] bridge_slave_1: left promiscuous mode
[  324.673105][ T6605] bridge0: port 2(bridge_slave_1) entered disabled state
[  324.680928][ T6605] bridge_slave_0: left allmulticast mode
[  324.686820][ T6605] bridge_slave_0: left promiscuous mode
[  324.692668][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.812058][ T6605] veth1_macvtap: left promiscuous mode
[  324.817602][ T6605] veth0_vlan: left promiscuous mode