last executing test programs:

6m24.869011449s ago: executing program 32 (id=37):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000000)={0x0, 0x8, 0x0, 0x1, 0x20}) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) (async)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"])
syz_open_dev$evdev(&(0x7f0000000640), 0x2, 0x82000) (async)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

6m23.854364299s ago: executing program 33 (id=45):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58)
listen(r1, 0x5)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000100)="58000000140019234083feff040d8c560a06580200ff0000000000000020ffff00000000000064009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000b0c10000000224effffffff", 0x58}], 0x1)
ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, 0xfffffffffffffffe)

5m31.942824803s ago: executing program 5 (id=886):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x1109, 0x3})
accept(0xffffffffffffffff, 0x0, &(0x7f0000000000))
ppoll(&(0x7f0000000040)=[{r0, 0x8120}], 0x1, &(0x7f00000000c0), &(0x7f0000000140)={[0x9]}, 0x8)
r1 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xa4, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}, @free_buffer={0x40086303, r1}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)={0x30, 0x30, 0x30}}, 0x40}], 0x0, 0x0, 0x0})

5m31.880372509s ago: executing program 5 (id=887):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) (async)
clock_nanosleep(0x4, 0x1, 0x0, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000840)={0x7c, 0x0, &(0x7f0000000a00)=[@increfs_done={0x40106308, 0x1}, @enter_looper, @release={0x40046306, 0x1}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000340)={@flat=@weak_binder={0x77622a85, 0x1, 0x1}, @fda={0x66646185, 0x6, 0x0, 0x25}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000003c0)={0x0, 0x18, 0x38}}, 0x1000}, @request_death={0x400c630e, 0x3}], 0x34, 0x0, &(0x7f0000000080)="5592ed002db9eb3856ca9702befd6042ed6c6d9b0b8e92a25fe6d5400155864dcc538172b704ed8f48d8c70a4a8213d2945955de"})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r2, 0xc058671e, &(0x7f0000000e40)={{'\x00', 0x2}, {0x5}, 0x44, 0x0, 0x0, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)='./file0\x00', &(0x7f0000000c40)="8a22c7d8e94c9c46af91946b9946cb7f9f68e6bfd454b42c2130916951a89868a34ded3bedb86df2d471a185af5619a18bb1f2e2c75a7ed658597da54787e946131fed7f27083469e53ff2b16fca033616b26e761f6c0d8e4a2832b0e4c6f221ab8d5420863c6c187af533ec3877595f7c0207188897e72ad80540216d58003844f245f3b76ff1859495199ee8ed0e45559a5f2b4c8706cb775d11adc08b2cb71568b73d05f8ffbf8f58e2fa91cfa27bc7d749105224e5ca885a17f2a3b8618f9f00499588b589ea4041cdf6b0c6018ca39cdc8cf55ae40b4d1d123e2fc6fbefe013d6a4936c206b7275898fb5d385ef5eb66893ac2dac8b831508387362d414857a79c4351d54c82ed34bceaf874aad1e265b2dbdb4bade5b047a34d96dc9659d64a4c78db97e64b71267abc39df54bfe65b7d599a06476ab5b2605e649b518b1db778f65354d2b1268a974bcf3bcb75104391a669c4907cb8fe34fd5d25d6ed3a76e92cf835318f97bc165084f03602f3e8e9b1ca8aca558eb549b94f003faecb7283fc25acc525779232450e8c083357e3abd8187aff3dd3aead2a2f188bbe246348e8c304f15e31a6355451f07407d1ac331c02b451b084294f8abba63890250704cc40b4733dfda6441", 0x1cc, 0x0, &(0x7f00000017c0)=ANY=[@ANYBLOB="0200000090100000000000000c83000000729b6baf5a3efbf7b6f207cd76a861af7ae2db23c7fea72843dbe41369fe21ccc1a50c163a6bcb0246c9e124dfb94ca79260a81549c19922c2e87e1ea588d89d0e84646b869fb53f4763cec433c63ceab08a7545fadfb4053bc169e0ec234e4b8ad314abe0f51056f840533ce62d1ea0e96a99be23315339bc6011ca7983f35e06c51700100000208bca4cb4a1e346da18dc226702e3f89960fa7c96a152fdd6b96742e783b075498be4120da0b8a6ae1d797b53899b8017fa7004f2ad918facde9aef9a403024abd51f6aab3a2ed4a322fe62c6b6f19433cfeb5a9ca6279f6d50bc53fb9abf9a3e16ca471b3841b2ced13a496d2d43bf103c2ecc700419df8b0969f8e3ab361f3920fbd19a3d4e06df88213ae28cf143ef579ae0a3014c2310088dfb01e9a69a241055e9ce079b29d1b65ed1baa4cca6924ec693156c5decb6035df9b645729ea3d98cc57b490dbea5d16e26c30d4fabc86dacef0d645b67d0a2c8e00b6e809317f1f33502bd58c0fff9f3def6f37f1d557ea00cccc5439b9d96b24c17162441393a8cac1e352650f4fcb7942319e028b46b5a7ad3fe4f016d35459ad721e13efc1395d4e95f06ef627b81f4fc65e86888b037a7b002ecb70b65f3131bb70046db3e00564ea7c6436b246eff25e76b438c544adb5d67f280d8dc3d65ff0fbdbd23161ec12dfa15fb46dbe38bd74fb2b815ff7bd3961f9970f05c6c57f219d39caa65d7c2bc73ff0697b3492b53affd8d995c444cba5bc183851a46a3c29180ce7eda293dd22cbc2f6945971a2c51ff8ab487669a09d548184395e81ffdffc0d5e82647714d78f55f3d264f2105fd795278071bc9db3d3650ec2944099172688da7c0239ef7dbdb04c97f1cabbb2f357f3a3f34ce19162657e1ccba98eb0d2eebe858c469edf1a4fce7442812f52d5fe6db5bfc742b3ddaaf28920a3cf98fa07fddf3b3bd499832163e58e6d00f1c1bc0f3024f573ec94c293ead055509a745dd78dea977fbece91ad5ab4f5dadd9db329914fa616819214a36ca2a33161fc88ccf57a0fe7c41aecc98b5ffa568e208571e1e93b5627ff7ecb4ad1eca0f88c4fb44fa1189744fc6478e69d7c0e18d99ea971a6aca704e03ace432a3e36b84d4a863b8c6f086e92f64a6847d0c59b425b39d6a34c5e3f9cb2a80259893b4ebeb3da07fcf81d34a8816ea7edf554d40bed11116f3b77667588069a61f33cc3b1db27273d9b5062a4316d90d64269583b658e442a1c6a044feec0c577b1e9462c95a90902902d6b53ff80e409d753db8b4c13aaeebdad64bde5bff453edf5767cc03bf672177bd38fb808196b8ce4a493b68ec8ae3c022a40002b90638f23e90af32b1e7375114978a4b22318bfc4888c49b5c18eb753d3e8886b087f86774d21b146c26c119968f691646ee5e4e4cf7487df729d174fdcc421c02de50d6c64921056ab3f27d14696e596736a21a2ff7f04cab7ba2c28b6006d2ad827df378e2d475299771b87137916ed05331c9cbd7c860fdad93245878690840e4ea7c1c177149cabc2b61bff8f5120563b170e266a4013c1c5265a16cba787257d5d16f20dd6936e9d9af2b766df034b2d173e2cac9b70eb7c09310c7adc9311fb026b7165134330d7f73f35c736731a471a86f93ec7ee1f62b32d81ece828df6609a74fe8d9ce881203953cbaa1b824f6644ddd1ba440bdb30fdb4f489e7a9c5a04a41b3d6e3280f29da9cfda8c982d5b1f3217410ea72e5b650673aee6c17ddca770a7774adf32182d966e23b70cbd99aed94d4b8f670689aec56713e92a8512b58deec762670abe71a0c30e28174e9ae60f2e20a1407b90a31476092ad076c8babc275d5682b54f29daf757bdb7efde02acc53146d8924f8d9d19381c738fb8648e9936397b79eac1065064502bd3f89525f246e90675d718ee1b7e5a9c0242dc0f8a661e8fb4ea5c7b567b449e24917b75f090b7484a0b34afd2e235222d8953df7b7732c6fd5a7467c3f2b534eae2c0adbddcaef9e67d3626dbe86f38dca3725935bd08dfeb078fe7c6034b8006c4caddb33cf9fb3db3897a1ab4c14c1a282337ffb832cb8e4903727f80a62f50dec36cdf70cbb25c9d6c91e9beab520fef44656ebcea07a9be88c05a632fdacb552082fbe39ae5cdffb5824443d3ab50ab8f25560d7785e92e0582552f2bf29602075a1195563b0536c09bf0c329c87acdbedf1a115bcfb3f0b1ec8d1acb4de9368d4348610328116c930dc37fb2b63766454fce76881944b3d8f683ba9c8b6974ad33f31105bc18912aadda82348e00e16509c8029d8435adb86f750114ce0633e5db8e9f30c649d103127bb3961cb5f3d8f99337e350cf55925818f9df4a554a16115bf1770da03f9ffbfe6476c38382b49214d2795abcac9925b62d18c563e3b198b385c0daa5116196b37d9a70fd63ebbceb99d06888d8b640e0f9c81c6931565fd48b292e47878a1fed5c23b82a634a34c1f2c3fc9a43dca2591031b5991a664d9426ab096a5cdc1abd429c0f40c4fc706bd5a212f7c194e24cf5fc08a1b4e96c30fa5e3538f8f954caf399b84c9ab612978fc7e73d92e080767d6b57138a0fc62018c87a2b1907259b73dc492a80a724ca934045304ef301217a7c605fe64f928b4ded8ea2f389400a6cd5119e1f028c0b6588107a8a41fdac02997318f6e0832a69431924e8b22e68afd18b86b0f00d28e511f61573bbfa6a397b75fab8a09e3ada1085904cf2ab80257d6ef2c9d8bf47957cf0e86145f0605e805acc18a8a6e8fdd8ef21d59aa4a400c91b084ff34c0ed20575b5018cb801f80bcf1268d9dc4d92d21a63bd789933161bf595cd00c1c707522678cbff5e12a2910e9afb01081170ecba79c07aa88ac8590e690b739bfaad068610ea44a21df8c2a2d40ba2bfbd65c0efd6814bafa71e321620c4fcd91473c5ec8e4c6b78e56112fa970ff7859353322484aa24ca4f11cf7b3667ef6e830a106238a3e95198cb4ea79e5b13930855790e44e5d147550525cd0bdf0ba5a002d3c6aca875ee6f266f6b23a579241151a08d573b1632c0d5cb0440c7c5faa476390709d6d54f4933fdbab21404387e3c0d3352a8717f7a2cffb2ec30086f14b2f35539793376561ca0d6d3affddbd05d518592130f207294dc913c211260b986821e9cea351fb5b8decf5efe1b81db4fa85f56c814087ba814c1c2eb626d0430f3a170061581830250714fbbde5cc34e14f26618c7fdb2897614815f8d25da8acb996702f630c5a38dccf21aa43721cb77bba77281081fb869b006bfc88e499dce49b88cd22c997f2aab478724c1643d920d64085c58c509194d5de144c988674fcc68514c8dea70d75885aca583952e138acf14be969434da8f7c9acb8f68ba6870dfd9d81e3d410dc781e54b4c9ffe381ccfa5fd40d208eeac05e9b800a3e948ee1037cb9cb02c2cee9e509de6036cf05420010c60b3257d184b6948cedbbe713d7255b992e9e68d4f993bc293acf2419648c2b94de33b3e4ef5e62bf931587dcc0fd410bb230c17e5882cb44cda0c9fa6f75f18adbf874455804f0b3476fd35bdc302c28e31e72e0f8a63799d4714b683ee62a195b6f061533b186b25f230306d63ac09284c32e4323d3a067613b379fd7ef1b79a418ebe960cf556a30937313cbd243a92f01b877c28e09c16212ba8320721160542b564b0685858ebd8b6641ac963566f0b5617b4386ee9663a6511b98ce2f9d746438f30640938a020abb4247513b6dc9f66d7ae9b1f5a88e5399a3f021b898f2c7f673e9c7ece5fb055dac6592b1ed2a1f4f385bbfd7f5b63e60dcd8845020aae7f9763468dcf10f023df29080962953bf1dd1b636f0c511444ccb623539d0e981fa3992ea4d1729680c8fe3ebea1186442a661e47f0a4d5ae1d5d4f72616d180ee1058bd5e1768b30303a98dcc9e51d1ad41f679848779608420986634823cab219a1a4f82c28e503a69effd21e907b267d744f328e44b8343b5d11062cc8bcd28c420635faabffc95c206d7a4116d43105e0d84188721f2a18697f4c12ca63b14ed4a579b5d904714cd28381cb29917a326a47c46b51c39eda8ca23815108f8717aa913c584c3f0f60e88cc7323cf7ad400715b08306a6ba8575ba6f61bc694f926ee6e53ad9416a37352bbd44812fe571abeb5b140229d52634eceb583e3ebcb32516700c6f7b2a3b2761ed4c2fc8b85d82d0ffc11544f13be9e4db69006da068149b63eee750b8cc59c900b71da5fa5d7358e69e16160de9d88a43bff831142feac4bac7fbe2693cff60cc2b2c6fdbdccbea94b442ad5b36723aa8a3d41875ec59d5fb2435337e1c1a2fe1fc77c133861334612167f7091c0b2b2b66fdc32e0a6cd2b2f222593f10fc5a5312dff97d50e5c4d179c84bc9c4cb955e051c0f48775de5c9f5cfe1f285f49aac75f6e9d692467bdd128a4b4fda8bb9ae9b2698978f661cce76ca75c78eb0c763cb9ad4becb3a7d31a3ba8776ae37d7a841d655e397a0d76a1bb4991acd5048fd1891be21c755fcefa69cecfcee58a73c1e99ad8630783070ead28e8f16d3cb215249f49f38f7ac05066f15cd46d4f6918bc19400ac63c26489c3200033833a204932f6da1a51c5900b7c3aea5bbc7b8198aae49b6d473b44cb9a1c74b94f6b3c31ea17814c8baa9bb07e3a43451584b1ecd61368511133c686c445ea4ec6f2d0d2f6933547a38fc6c03579804a7e4f68b1e6f8bc6c19fd81784bd0039900f7153cec42ed9529b3c356c8d1779c606ebcc02aedda83dcbaa54805f97c035ca85e442237e368def52d418cd724fc0b57e2cf3fa80377363ea805f78ef2eeda5dd83e164c150cdf99ab122efeb024a0b7f42c886c6000d16f78dca384e4971bb218bf16075ac470e25fdd3adeb1834d9d5bc87c420cf66dceb2c8aa0e38ce71da7366af13dff0783c9bc1ad70681bb90ce032e1d00b49c9340551457e75b5d29c28cd826fd407c114466a2f7ea676edf29cdcb38289480036ff6a4de7711f877ac003c78f554658a34f47f46f43a9a63ac37a6fa7cba663fcb60a2ba8756ba703d0e1b48e71eb2211f4dccbb581d432a25cd13f96fc49e2067dad10ed45da147e068657e05630c5ff9b988f58b9dc2343b70e6e0172d859e47bbf39310e76fd2c99e82f05caa56e716ee8f5602fee3d044b335c98233c3ed91a62750af33e2bed545a91722f16ab975f0ffd01abfd1905c3d502455782de918bce6b6e0ead7ff3cad32506bd46c5a3e940286c48b02d7ab735ce5e7fb7a939d72ebe2c64a61ef91251b252d452724ae13c14fae8c4881f7599ff47a3450d46b3653774ff19e31dd77b06a09c45c7fad8bfd8bc2dad8d7bddfe22660775df2b2ffa044a4cf7beeb0b2d9bd44ade45efdd9c5649d5cac7c49859b04dbfcd77c98e22d584861674c88c0d6e0fdfc35268022520f9ef4962388e9275b53ad5ad869ab8fdcce8040f52eb8fc819b04d0f7312fae7fb4902569517b06af24d9d6b0acb35b5031208475f75a226f04efe82f594f9f97d7723faaf196ffb9857dcd935f7322ddfaef5e10ed741c791dfc7cb04994fdbf555728d949f3b524ddf48132d0fabdf019aabf52e42b018f0db8135a2e8539fe20b6f1b3bb3f4c1ff8999006bebee39a470a5588cbed96cb2c75dadd67a6306e22870fe01c952fab5c90a901a50d9cb06e8c321605e8ce6145382deb858e264e7999fd1d7495fe767a16db53fd77c44bd53495fa63af3067d2b77573e0969d9b5ce99941ab4876fa7cbb7acf8b888aa8f1847a43b2a486d903e380a138b3c923ea03f2255fa6ede7959a9f857b948a496aec1e68a0611024abcfbe9f4f1ca36a342d6f6ab2f9e115162b1840fdd5fe2591bd07d1698de3fbf39a641bb51c0a5f8adb8430bd9e549f296b1fa3800c0a26fe81e27cb91cefe6d8379edce11c3e8afb4e1973ee017d7c3dbc1cd49b2aa3d21cf69f11a000000f61ba87da548afc59e0499debdefac3db1b28bc83466b1612185"], 0x10b6}) (async)
write$P9_RVERSION(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff00b7903f00590110000008003950323030302e75"], 0x15) (async)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
sendmsg(r3, &(0x7f0000000800)={&(0x7f0000000580)=@ll={0x11, 0x6, 0x0, 0x1, 0x7, 0x6, @broadcast}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000600)="9d497ed611a4198c81e31f16e446ea318d63b7e2f32925c1ba2c178b1287dc0f1b9515da0ec730eb1f7fb7873bd97c7df9f7298238f179c137c5c88b4c6696671515f43456c044b437352bdf92940ef2d84bf4f99a8a3f32fa36531a232d9c0fd3727e08e7", 0x65}, {&(0x7f0000000680)="0c54a1812a803dcd4ef45f8adbea2b73db17681fe675286c2058eaf8326ae9fa419ca23dec831e1d51a3507fc685e7149f0d19fa91c1f9e946e2a9fefb4f8d43e7296dacdc99f301b83d97a0cdf854c2b510f32093d773995b8908b6c63a97e9227b034c4a718d2750b537dbcccfd738ec61a51382911340457e3ca194b12cc80366c31949826b6e14b752d3dea85fc1ad7e19498dba124c6387b9dff7ac4f4f43867e6ebc2bf955530ab719e1a036bbeb67b95f1839cd37fee0e52a9af816b50a92f322d5959aaea375ebf4aade5e32f38b2444aa2184c23d61d186da401d02cdfe340f24827d36121a828f58283547b04c496edb09", 0xf6}], 0x2, &(0x7f0000000ec0)=ANY=[@ANYBLOB="080100000000000017010000060000008b113e08ae575fdae8b4c35b9f9c2d1eb6864900b0d3c9d30dcc24061cd979c502b90f686a2e2ca35889ec85abb0b76c1d75ef578a4e6c863e7cbf14c01c2aa63fd157df50ef281df7d2c6d1bd43acd9ed219fa1239322aa2ab80c38e0ce525b7a3652a42e8979c8ada16b13b1ee57e0f6cae6656b3133c8982f55a0483c525248ce445555bce7cf1eb5d16dbe32c2f6e9a61c0cfe492e18305bc83b262639b87540fd66e0dfa8ec7071cf643960144fed71e8ff1065a7a122d50423ee510329a3bacaab9bf045df90a699a63c9a0b1911ff2e7c05d185853dabaa8319190edd835ac22f798e1c2ac3e9f12dd9e939fc61a8000000000000c8000000000000001901000007000000b62ad0632eb5c53b6792643547eba29bc3c5e2320512ee4d24436d39e9b0e5ae7a1e53b55a9002c7faa7fd4c0cfe46e53de1a10411684f767e7f2360fa18cea0bde0db96ffb284e22fd5436520c8bbf10ef67045c96c6d66b3c36e30048753bddd12e52e046d5f6def18f3ac8614e48013f8377242f05fbfc5867471fb178b65554d9194cc79e804b60e82b28e1e166a4056554de40ac82e9c3865e5ca6e421555e89f6ed382991dc43be1cee529b08af13619594c000000c00000fa8ca5f700000000003e000000050000003c0f4ff616ab35cd0bf11a2de67441d362a9a35d2463936a9c90bc235964e60a6b309833586b3d6d0e920047fb226f3840715f68a7b88ca18c3b2638a9d2346b2ca11de32f7b6783fd3a47778ed03f0257a555b904089aac9cf09a2e61e4c70e18a2064397457b14c5045b7983264c1b49b23b16b02894e686889802b3b9224e1551092a4a72098bb38f822805e3f9d153bbb6e8fb5707751bbe129d56e5c8e2f3590b309cb44d6e0f40b8eb000000004f6892aeaaa4bf1b7190ef0636c739ef6efa21535d525b5ac52acb75a2f0294eda760401c8e53660d23d9632146a86c450739518939bab6e66a5ad66109e80ffe88d6d81c316dc09528535d4b02e6dc7953d5bec93a76c66da44f93d028d35cc829353a06719d4298f10d64c7ebd79c2b09157835dfa"], 0x290}, 0x20000800) (async)
write$FUSE_INIT(r3, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50) (async)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000980)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYRESDEC=r2])
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
truncate(&(0x7f0000000000)='./file0\x00', 0x6) (async)
execve(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x800)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000700)={0xffffffffffffffff, 0x3, 0x3, 0x0, 0x7}) (async)
setresgid(0x0, 0x0, 0x0) (async)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
unlinkat(0xffffffffffffff9c, 0x0, 0x200) (async)
sendmmsg$inet(r5, &(0x7f0000003a40)=[{{&(0x7f00000004c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x5, 0x0}}, 0x10, 0x0}}, {{&(0x7f00000007c0)={0x2, 0x4e23, @loopback}, 0x10, 0x0}}], 0x2, 0x4001) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x54, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfdf, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x16}, @fda={0x66646185, 0x8, 0x0, 0x5}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x27}}, &(0x7f0000000180)={0x0, 0x28, 0x48}}, 0x400}, @acquire={0x40046305, 0x2}], 0x0, 0x0, 0x0}) (async)
r6 = getpid()
r7 = syz_open_procfs(r6, &(0x7f0000000480)='net/ip_mr_vif\x00')
memfd_create(0x0, 0x20)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CAP_DIRTY_LOG_RING(r7, 0x4068aea3, &(0x7f0000000500)={0xc0, 0x0, 0x13000})

5m31.879771719s ago: executing program 5 (id=888):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r2 = socket$inet(0x2, 0xa, 0x3)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x10)
r3 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@fd={0x66642a85, 0x0, r1}, @flat=@weak_binder={0x77622a85, 0x1000, 0x3}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x28}}, &(0x7f0000000180)={0xffffffffffffffcb, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000080)=[@register_looper, @free_buffer={0x40086303, r3}, @enter_looper], 0x79, 0x0, &(0x7f0000000280)="6dc005603ca76fed2aea2f95710ad49f288d9047c96cf3f4f63290a48c074818003a648d6dcf2e0c6792f34db27736127b730a840214d3cca9d51513848e4b5c0011a1dd6564b8e6a347e91fec5f02bafc959c62abdefdfe97613f86ac8c584237c2f2fdc6cd029c12713d717e98c766e0f03b8544d5807827"})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
memfd_create(&(0x7f00000001c0)='/dev/ptmx\x00', 0x4)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
ioctl$TCXONC(r7, 0x540a, 0x0)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$KVM_REINJECT_CONTROL(r6, 0xae71, &(0x7f0000000000)={0x5})
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_SET_IRQCHIP(r8, 0xae64, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, 0x0, 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5m31.878652129s ago: executing program 5 (id=889):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom0\x00', 0x801, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x108)
syz_io_uring_setup(0x1e9c, &(0x7f00000000c0)={0x0, 0xb6cc, 0x4000, 0x2, 0xc6}, 0x0, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/disk', 0x5c1282, 0x33)
write$cgroup_freezer_state(r3, &(0x7f00000001c0)='THAWED\x00', 0x7)
close(r1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x1})
r4 = memfd_create(&(0x7f0000000440)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\xc2%/u\x17\xdaM\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d_\v\xfc\xad\x0f\xa8\xc5\xad\x00\xc2\x12\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV$\x80\x8aJ$\x81\xc0\x16\xf5\x9cz\x10\x97\xdb\x12H\xee/\xe3sY\x02D;L~\xd0\xb44\x01*\xfb\xa4 \xb2b\x90H$\xb2\xad\xbf\x8aM\xb6\x81\x81^\x02\xa0\xa7t\xfbHb\xa5=\xdd+$\xc06J\xb4\xf0\xab\x85Xz\x9f\xb2D$\xbe\xd9\x7f-\r\x9aj9r\n_\x11\xd4\x19\xb0\xa0G\xb7\x94\xf7\xfd~\xe9\xb6G\xbfE\xbb\x15\x15\xa6\xca2\xd0\xd3\x8c\xf7nO\xf9\xa8\xfd\x8a\xd2\xb2\xab\xff\xe4\xb0;\xd9\xa8\f\x03R\xbd%\x9fF\xee\x05\x11', 0x2)
ftruncate(r4, 0xffff)
r5 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "ed27fbb5d5ba69000e6769b69dc51dc5c32930bc5b6886786c9c975fe54da42154c59a884c54b5ff1e0501c423c33cd3314f79fd035e590fec690ad23ecae1dc", 0x33}, 0x48, 0xfffffffffffffffe)
keyctl$assume_authority(0x10, r5)
fchdir(0xffffffffffffffff)
setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0)
close(0xffffffffffffffff)
exit(0xffff)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
fallocate(0xffffffffffffffff, 0x22, 0x0, 0xad)
bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e27, @broadcast}, 0x10)
sendto$inet(r6, &(0x7f0000000280)="bc183bceb3664143edc12c37e93c02b31a75fe70e6", 0x15, 0xb397002ace186103, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x2f, &(0x7f0000000180)=0x8000b, 0x4)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
recvfrom(r6, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb)
fcntl$addseals(r4, 0x409, 0x3)
ftruncate(r4, 0x7)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x100000000)

5m30.982757327s ago: executing program 5 (id=908):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@weak_binder={0x77622a85, 0x100a, 0x1}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x28}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$GTP_CMD_ECHOREQ(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x28, 0x0, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @empty}]}, 0x28}, 0x1, 0x0, 0x0, 0x4050}, 0x80)

5m30.95592768s ago: executing program 5 (id=909):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="1501000065ffff0010000008003950323030302e04009903df286b495a0369b93dac698d20213612941426ccf09fae856ddd242755f3c9af9ac6c650d1d1f9b4357d931273faf39636fdfba3beb4a6c475231c6a0401eff698caa21cf6233f502d1bb7baab0056b98879af821b67aba6b460b65d490346a4a47d219e3a74c1825a6d55f14fd8e077bc26fd929080ed1d30f6ea02cf6ae4daa121a64e9bde3bf518a8fcec7e23"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
sendfile(r2, r2, &(0x7f0000000280)=0x80000000, 0x4)
write$FUSE_INIT(r3, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x81, 0x1005, 0xfffffffc, 0x5, 0x0, 0x0, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080))
getsockopt$CAN_RAW_LOOPBACK(r3, 0x65, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @ioapic={0x10000, 0x5fa, 0x8, 0x1ff, 0x0, [{0x6d, 0x6, 0x9, '\x00', 0xa}, {0x6, 0xb, 0x72, '\x00', 0x3}, {0x1, 0xfe, 0x9, '\x00', 0x40}, {0x81, 0x3, 0x8, '\x00', 0x5}, {0xb, 0x6, 0x7f, '\x00', 0x5c}, {0x0, 0x4, 0x6, '\x00', 0x8}, {0x6, 0x6, 0x8, '\x00', 0xa}, {0xd, 0x7, 0xb, '\x00', 0x9}, {0x2, 0x9, 0x0, '\x00', 0x8}, {0x7, 0x5, 0x0, '\x00', 0x6}, {0x40, 0x4, 0x2, '\x00', 0x1}, {0x8, 0x4, 0x19, '\x00', 0xff}, {0x1, 0x86, 0xc, '\x00', 0xfb}, {0x5, 0x4f}, {0x4, 0x4, 0x96, '\x00', 0x3}, {0xb, 0x0, 0x7, '\x00', 0x7f}, {0x10, 0x5, 0x1, '\x00', 0x3}, {0x68, 0x3, 0x2, '\x00', 0x3}, {0x5, 0x9e, 0xc0, '\x00', 0x2}, {0x3e, 0x4c, 0xa, '\x00', 0x3}, {0x7, 0x1, 0x2, '\x00', 0x1}, {0x3, 0x0, 0x6, '\x00', 0x6}, {0x93, 0x4, 0x4, '\x00', 0xe9}, {0x3, 0x7f, 0xdf, '\x00', 0x47}]}})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000740)={"0bd13af7e222d7b82977a894bcf2d741b99f8f02da617b9ad94014424a83db0314f34fdfe9a260e953f1aaf3610eec4c839a08a42b569d1e59b5520d8ad988ecacf773bc8c1855c13291a20986512ff73d4967f734679cb88ac4c1013a6d38828f96b71019283ce07d08bbb370738322ffae7a0afc79279598c1166ec564d5be5344fc87a5f00ca1354bced1fccde226dcd6e864d8262199e37fda0824cafccbe5f8cd0518aa106eb5f8a0986aca2d05a5eaa0177c72d3caeb3579fd729cfe1e7c8e2bb7a9dcfc32e31c7dd4cb48b11128a933481391a63c788de6306217984ef3aa5c402cf680385d96c065818632f2eb3b976ae7997d793ee5a91e26017c70319748f5b8505ce26e2fc2a50296523adc134596ff6ce79f6b58e5ca0612085af940096fb90cb23a7eac4d0e1f0933ef17dd5b760ed2864d8cc3dca7174f7d10bc4ccde5463f72f0265c673a73a1d7d41a581d8491c8f37615278b543c2c3310ae461a924409d0b5a1a75085d800e69f73510c7a1b7961a017dcbd827381d2133be3eda141656239ee6859843e51305726cc2444f1360e65e2993842d09428843f2c50c989084ed7722d34e930873d420e9c9fffda5fedf8370000000000000000885e2e653d083ccc91792e12e3082139763d44f68d1115d8e545444accee3bb38a9fa3b9ff7172868cfaf0a8f22a6939248404db646f2aa405a21b953498132fe3167e4783623451da9253e12187b4086f56bdd827e75a5523e04683335992552fa2cce95d2b23833d57bf2872f9e428b374d049a35636113207f68e34d7f1392c05add0d78b9d999c7a5d47dcbb803bcab54544dbceb73f41d5ac0970883308fecd0edcbb3eea10c1b56c851d13ff248353994d4fc68815b1bf45d202c9944b5cecc4d09a99b422ef51442a8c16e1dbb6a955c4618d592d43cd7e52c206929662f178afe060401868ffaf0db2f1eb3aaeb591be9eae546ae97266315e87487dd399ea4ec20423904c3953376a3ab41853f00b720b270b6ae8fd3cbd6c66e4af6d15bbae6aa085e56a3f8ca4a40117a72209d18e4e31e06389650b8115ef5f1fcd8c2d56b37d66fff06008836e501304a332dd3a9e6eea4f8f8d9e3671edc0abe7788692ba653850e980c36a4d3f60d090a58e34fa033b8e92ce7c19a1730872bd9b58530729400823e68ebb0ab9294bebfcd5404194a9dce119d204e01736b57ef37f7bc11ebf9bbf4d33a35ccebc67a3e38bc092cc208e8d70f33d830d26e16b5adcfb3a8928ececc4273771716dce7a0cd4d6f37f8cf70242fe91f09d9d07745e60c35b93bc343eb27751afc6ffb4693ef290668824287595c20cda170ff582c630e2a5df595cb8b7868b8f28665c7fb592d8763b6a0c3e20154f6400"})
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000100)={0x1, 0x0, @pic={0x0, 0xff, 0x3, 0x93, 0x0, 0x0, 0x1, 0xbb, 0x4, 0x7, 0x4d, 0x0, 0x61, 0xb, 0x90, 0x10}})
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000380)=0x5, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
r7 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="0903023cee0d000000252a"], 0x14}, 0x1, 0x0, 0x0, 0x4008915}, 0x20040000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000002680)=[@free_buffer={0x40086303, r7}], 0x0, 0x0, 0x0})

5m25.239487633s ago: executing program 3 (id=1007):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0)
r1 = open(&(0x7f00000003c0)='./file2\x00', 0x81, 0x0)
ioctl$BTRFS_IOC_DEFRAG(r1, 0xc0101282, 0x3)
ioctl$ASHMEM_GET_NAME(r0, 0x81007702, 0x0)

5m25.192376317s ago: executing program 3 (id=1008):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom0\x00', 0x7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x0, 0x3})
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0xe6b3ad04c68b4a93, @host}, 0x10, 0x800)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r2 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000080000008000200000000002c000180140003"], 0xe4}}, 0x4000005)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xa8, 0x0, &(0x7f0000000580)=[@exit_looper, @free_buffer={0x40086303, r2}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)={0x30, 0x30, 0x30}}, 0x40}], 0x0, 0x0, 0x0})

5m25.190447398s ago: executing program 3 (id=1009):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc0100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x2)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

5m24.655536011s ago: executing program 3 (id=1017):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8})
link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00')
r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000100)=@usbdevfs_connect={0x7c82})
r2 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000400)=ANY=[], 0x31)
r3 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@out_dx={0xaa, 0x28, {0x62f6, 0x0, 0xe5}}, @uexit={0x0, 0x18, 0x6}, @rdmsr={0x32, 0x18, {0x63a}}, @in_dx={0x82, 0x20, {0x7c36, 0x4}}, @set_irq_handler={0xbe, 0x20, {0x12, 0x2}}, @uexit={0x0, 0x18, 0xffff}, @wr_drn={0x6e, 0x20, {0x2, 0x7a}}, @wr_drn={0x6e, 0x20, {0x7, 0x8000000000000000}}, @cpuid={0x14, 0x18, {0x0, 0xc}}, @cpuid={0x14, 0x18, {0x1, 0x3}}, @out_dx={0xaa, 0x28, {0x4a98, 0x0, 0x401}}, @out_dx={0xaa, 0x28, {0xdf89, 0x7, 0x2}}, @cpuid={0x14, 0x18, {0x0, 0x6}}, @set_irq_handler={0xbe, 0x20, {0x4a, 0x2}}, @out_dx={0xaa, 0x28, {0x36c7, 0x0, 0xffe00000}}, @uexit={0x0, 0x18, 0x101}, @rdmsr={0x32, 0x18, {0x34c}}, @wr_drn={0x6e, 0x20, {0x7, 0x9}}, @in_dx={0x82, 0x20, {0x2edd, 0x3}}, @cpuid={0x14, 0x18, {0x4, 0x4}}, @wr_drn={0x6e, 0x20, {0x5, 0x20}}, @cpuid={0x14, 0x18, {0x7, 0x8}}, @set_irq_handler={0xbe, 0x20, {0xc7, 0x2}}, @cpuid={0x14, 0x18, {0xf63, 0x7}}, @code={0xa, 0x60, {"0f019a0e000000450f01c2ddeab9bb0900000f32b805000000b9a1d589fa0f01d966b825010f00d8f30f0171e2400f09c744240001000000c74424028e77ffffc7442406000000000f011c24f30f09"}}, @wrmsr={0x1e, 0x20, {0xb36, 0x5}}, @wrmsr={0x1e, 0x20, {0xa48, 0xffffffff}}, @code={0xa, 0x4f, {"0f01ca0f01cf430f01d166b8a2008ed8c483791dd027f30f06c4a2ed47fa42d17f0b48b820000000000000000f23c80f21f8350800b0000f23f8f2420f07"}}, @code={0xa, 0x5a, {"45d9cd0f8402000000b8010000000f01d90f01c2c4e11deb29460f06b9da0200000f32b9ff0300000f3248b824000000000000000f23c00f21f835000002000f23f866baa000b094ee"}}], 0x411})
r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d3450009050102100000000009058b0240"], 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$sierra_net(r4, 0x0, &(0x7f00000007c0)={0x1c, &(0x7f0000000240)={0x62be0bec76cb5c4, 0x15, 0x22}, 0x0, 0x0})
ioctl$KVM_GET_CPUID2(r3, 0xc008ae91, &(0x7f00000005c0)={0x7, 0x0, [{}, {}, {}, {}, {}, {}, {}]})
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4a81, &(0x7f0000000040)=ANY=[@ANYBLOB="6d6178c615303030303030303001303030303030303030303030302c00"])
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}, 0x1, 0x0, 0x0, 0x68840}, 0x4)
recvmmsg(r5, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}}, {{0x0, 0x0, 0x0}, 0x1b20cfe5}, {{0x0, 0x0, 0x0}, 0x3}], 0x3, 0x2, 0x0)
writev(r3, &(0x7f0000000b00)=[{&(0x7f0000000700)="4a09353452a2b172e7e8a2f18a46d2061d6078fe7cad32d69893a8efb0f242705ea66ef9a8bcc268c82847bef46f92c6079ee3b8a5f21fc298e3f207e8c6f0aaa51553d75e959b6fc3c84bc5d599f33ea0d7fdc678c9584f4709f40ab11a31aed8261cf397a48725b76a1b248676d2edaca28c89b4ede8136f86b4c8f122ca9b98a779031b67b7", 0x87}, {&(0x7f00000007c0)="479a9cf8fb3648c321edbf285610357803f463bd295e89b5a0ff7383217cc9c720d17227aab84e606f36300c573f9a6808b5", 0x32}, {&(0x7f0000000800)="a0706ae0cb04209c63ea39b4045935f8bd39e1a3d4a86e631630610d0d6c7050ca2aa133c5d26d686c43ab0594466c2d52f586a6b690985543c5dfd7d5680f297995d319d7e65d95d5857e235c9fa90d4ff49c83bc13bbbb0a75733c38c86a56eae6881445a366da1052353aab18de117628de67463700ab609bab2f84c5cf0dff4b983f9affe91c6b8c28fb1a3544a028ada2d69bb90e2da5f2b7e7db2b45761475f0c2709969330075a9397c2e8b8a7142b46c1523", 0xb6}, {&(0x7f00000008c0)="146a89e2e2e8b4a1352f14591009f6abfefdf83404de250e1dc6cfeb7e120720820e980244758e22f5748606cd228974948dae54f41c72c7dc25", 0x3a}, {&(0x7f0000000900)="7ea5fac69f6ede3daf3ff0ee73861b6251cf7e5f7f437be90e57b79e281d443902c6275e40bdc7f30906e38d3c597f823e98fbcd7ee502b4286450bf1c9b9766da3bf65c6a64901236c20e3207c2cb1936ac249e74736ec5afa653d692eedcd9506e796caa81d03bacbc5643ea0c3263a1a5cd86b721c2e8f53f49a19f2ccd3aab27ec7efe90636a62a6bde70b2ba936ae7ad4c8c35bb6664d51cb69fcdb2f2f63fa3cf6672a891848cbeb32e3d7283e6b80158e95a97122fd4b9375eeee3f1dcb40cb941e99e96e71fbe917b0ad14d1e51d4f635b287e5274aebb4019e7ba4c30cc8e8ef005e1fbf488cb24719e2d811982cbe8cdd46d9b37b32e", 0xfb}, {&(0x7f0000000a00)="fed02671d07d8998606e25ca4bedf91914ff83a45c64e2c3f5550f9ceb927afc3b084b653e041348359eb3a9f05e172c39abf1be435aa5da5ac0ee", 0x3b}, {&(0x7f0000000a40)="af2919a7d94ecd73d17249bfde87ee05601b0e1a885605bd7d3cd7b7bdef106fa23ef2d77076478ca7293c537b4f17bdb65ef3fc76b358b221afdb063369f538e7bfb4a0c6b8d52f94c58d3239bf69ebd564fe3ba3186b988392d7d098b49b448ec1bb418bf240b39f98c4c68fc7e79f82d4c18cc4397fbb19c4c9332597c088b59feae3fa76f588cace71dc79e8321b893392a5f7dc9301cfc9b1c87fe824c77ff7e4147d46b9", 0xa7}], 0x7)

5m24.086438246s ago: executing program 3 (id=1029):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)={0x1, 0x0, [{0xffff1000, 0x64, &(0x7f0000000300)=""/100}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
sendmmsg$inet(r2, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f00000002c0)}}], 0x1, 0x4048850) (async)
sendmmsg$inet(r2, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f00000002c0)}}], 0x1, 0x4048850)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000140)={0x3, 0x2}})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101880, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'vxcan1\x00', 0x2})
ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000080)={'dummy0\x00', 0x400}) (async)
ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000080)={'dummy0\x00', 0x400})
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x62, 0x2, 0x16}, @ptr={0x70742a85, 0xfffffffc, &(0x7f00000029c0)=""/201, 0xc9, 0x1, 0x14}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x62, 0x2, 0x16}, @ptr={0x70742a85, 0xfffffffc, &(0x7f00000029c0)=""/201, 0xc9, 0x1, 0x14}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0})

5m23.896380255s ago: executing program 3 (id=1038):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000100), 0x309000, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000040)=0x6, 0x4)
bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e24, @broadcast}, 0x10)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x110, r0, 0x9000)
r2 = socket$netlink(0x10, 0x3, 0x1)
r3 = socket(0x2, 0x3, 0xff)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000002c0)=0x3, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[], 0x18}}, 0x4020)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000330009000000000000000000100000000c000000000000000000000004000e00a837159676ec52bb6aac16fe5f6655f2e4f0"], 0x24}], 0x1}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0xfffc, @multicast1}}}, 0x88)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = memfd_secret(0x80000)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r2)
sendmsg$IPVS_CMD_GET_CONFIG(r5, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00(', @ANYRES16=r6, @ANYBLOB="02002abd7000fcdbdf250d00000034000380060007004e2200001400060000000000000000000000000000000000140002007663616e3000000000000000000000001400038005000800e50000000800010000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r5, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000180)=<r7=>0x0)
clock_gettime(0x0, &(0x7f0000000480)={<r8=>0x0, <r9=>0x0})
timer_settime(r7, 0x0, &(0x7f00000001c0)={{}, {r8, r9+60000000}}, &(0x7f0000000200))
ftruncate(r5, 0x3)
ioctl$RTC_VL_CLR(r5, 0x7014)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r10, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r10, 0x40505412, 0x0)

5m23.889238126s ago: executing program 34 (id=1038):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000100), 0x309000, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000040)=0x6, 0x4)
bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e24, @broadcast}, 0x10)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x110, r0, 0x9000)
r2 = socket$netlink(0x10, 0x3, 0x1)
r3 = socket(0x2, 0x3, 0xff)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000002c0)=0x3, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[], 0x18}}, 0x4020)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000330009000000000000000000100000000c000000000000000000000004000e00a837159676ec52bb6aac16fe5f6655f2e4f0"], 0x24}], 0x1}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0xfffc, @multicast1}}}, 0x88)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = memfd_secret(0x80000)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r2)
sendmsg$IPVS_CMD_GET_CONFIG(r5, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00(', @ANYRES16=r6, @ANYBLOB="02002abd7000fcdbdf250d00000034000380060007004e2200001400060000000000000000000000000000000000140002007663616e3000000000000000000000001400038005000800e50000000800010000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r5, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000180)=<r7=>0x0)
clock_gettime(0x0, &(0x7f0000000480)={<r8=>0x0, <r9=>0x0})
timer_settime(r7, 0x0, &(0x7f00000001c0)={{}, {r8, r9+60000000}}, &(0x7f0000000200))
ftruncate(r5, 0x3)
ioctl$RTC_VL_CLR(r5, 0x7014)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r10, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r10, 0x40505412, 0x0)

5m14.953877616s ago: executing program 35 (id=909):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="1501000065ffff0010000008003950323030302e04009903df286b495a0369b93dac698d20213612941426ccf09fae856ddd242755f3c9af9ac6c650d1d1f9b4357d931273faf39636fdfba3beb4a6c475231c6a0401eff698caa21cf6233f502d1bb7baab0056b98879af821b67aba6b460b65d490346a4a47d219e3a74c1825a6d55f14fd8e077bc26fd929080ed1d30f6ea02cf6ae4daa121a64e9bde3bf518a8fcec7e23"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
sendfile(r2, r2, &(0x7f0000000280)=0x80000000, 0x4)
write$FUSE_INIT(r3, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x81, 0x1005, 0xfffffffc, 0x5, 0x0, 0x0, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080))
getsockopt$CAN_RAW_LOOPBACK(r3, 0x65, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @ioapic={0x10000, 0x5fa, 0x8, 0x1ff, 0x0, [{0x6d, 0x6, 0x9, '\x00', 0xa}, {0x6, 0xb, 0x72, '\x00', 0x3}, {0x1, 0xfe, 0x9, '\x00', 0x40}, {0x81, 0x3, 0x8, '\x00', 0x5}, {0xb, 0x6, 0x7f, '\x00', 0x5c}, {0x0, 0x4, 0x6, '\x00', 0x8}, {0x6, 0x6, 0x8, '\x00', 0xa}, {0xd, 0x7, 0xb, '\x00', 0x9}, {0x2, 0x9, 0x0, '\x00', 0x8}, {0x7, 0x5, 0x0, '\x00', 0x6}, {0x40, 0x4, 0x2, '\x00', 0x1}, {0x8, 0x4, 0x19, '\x00', 0xff}, {0x1, 0x86, 0xc, '\x00', 0xfb}, {0x5, 0x4f}, {0x4, 0x4, 0x96, '\x00', 0x3}, {0xb, 0x0, 0x7, '\x00', 0x7f}, {0x10, 0x5, 0x1, '\x00', 0x3}, {0x68, 0x3, 0x2, '\x00', 0x3}, {0x5, 0x9e, 0xc0, '\x00', 0x2}, {0x3e, 0x4c, 0xa, '\x00', 0x3}, {0x7, 0x1, 0x2, '\x00', 0x1}, {0x3, 0x0, 0x6, '\x00', 0x6}, {0x93, 0x4, 0x4, '\x00', 0xe9}, {0x3, 0x7f, 0xdf, '\x00', 0x47}]}})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000740)={"0bd13af7e222d7b82977a894bcf2d741b99f8f02da617b9ad94014424a83db0314f34fdfe9a260e953f1aaf3610eec4c839a08a42b569d1e59b5520d8ad988ecacf773bc8c1855c13291a20986512ff73d4967f734679cb88ac4c1013a6d38828f96b71019283ce07d08bbb370738322ffae7a0afc79279598c1166ec564d5be5344fc87a5f00ca1354bced1fccde226dcd6e864d8262199e37fda0824cafccbe5f8cd0518aa106eb5f8a0986aca2d05a5eaa0177c72d3caeb3579fd729cfe1e7c8e2bb7a9dcfc32e31c7dd4cb48b11128a933481391a63c788de6306217984ef3aa5c402cf680385d96c065818632f2eb3b976ae7997d793ee5a91e26017c70319748f5b8505ce26e2fc2a50296523adc134596ff6ce79f6b58e5ca0612085af940096fb90cb23a7eac4d0e1f0933ef17dd5b760ed2864d8cc3dca7174f7d10bc4ccde5463f72f0265c673a73a1d7d41a581d8491c8f37615278b543c2c3310ae461a924409d0b5a1a75085d800e69f73510c7a1b7961a017dcbd827381d2133be3eda141656239ee6859843e51305726cc2444f1360e65e2993842d09428843f2c50c989084ed7722d34e930873d420e9c9fffda5fedf8370000000000000000885e2e653d083ccc91792e12e3082139763d44f68d1115d8e545444accee3bb38a9fa3b9ff7172868cfaf0a8f22a6939248404db646f2aa405a21b953498132fe3167e4783623451da9253e12187b4086f56bdd827e75a5523e04683335992552fa2cce95d2b23833d57bf2872f9e428b374d049a35636113207f68e34d7f1392c05add0d78b9d999c7a5d47dcbb803bcab54544dbceb73f41d5ac0970883308fecd0edcbb3eea10c1b56c851d13ff248353994d4fc68815b1bf45d202c9944b5cecc4d09a99b422ef51442a8c16e1dbb6a955c4618d592d43cd7e52c206929662f178afe060401868ffaf0db2f1eb3aaeb591be9eae546ae97266315e87487dd399ea4ec20423904c3953376a3ab41853f00b720b270b6ae8fd3cbd6c66e4af6d15bbae6aa085e56a3f8ca4a40117a72209d18e4e31e06389650b8115ef5f1fcd8c2d56b37d66fff06008836e501304a332dd3a9e6eea4f8f8d9e3671edc0abe7788692ba653850e980c36a4d3f60d090a58e34fa033b8e92ce7c19a1730872bd9b58530729400823e68ebb0ab9294bebfcd5404194a9dce119d204e01736b57ef37f7bc11ebf9bbf4d33a35ccebc67a3e38bc092cc208e8d70f33d830d26e16b5adcfb3a8928ececc4273771716dce7a0cd4d6f37f8cf70242fe91f09d9d07745e60c35b93bc343eb27751afc6ffb4693ef290668824287595c20cda170ff582c630e2a5df595cb8b7868b8f28665c7fb592d8763b6a0c3e20154f6400"})
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000100)={0x1, 0x0, @pic={0x0, 0xff, 0x3, 0x93, 0x0, 0x0, 0x1, 0xbb, 0x4, 0x7, 0x4d, 0x0, 0x61, 0xb, 0x90, 0x10}})
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000380)=0x5, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
r7 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="0903023cee0d000000252a"], 0x14}, 0x1, 0x0, 0x0, 0x4008915}, 0x20040000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000002680)=[@free_buffer={0x40086303, r7}], 0x0, 0x0, 0x0})

2m43.018187202s ago: executing program 0 (id=3856):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) (async)
syz_io_uring_setup(0x2421, &(0x7f0000000380)={0x0, 0x0, 0x13090}, 0x0, 0x0) (async)
pipe2(&(0x7f0000001040)={<r1=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x84000)
tee(r1, r2, 0xfffffffffffffc01, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x3, 0x10000, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x202, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7ffd, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x0, 0x2, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0xf30, 0x0, 0x12f, 0x6, 0x10, 0x0, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x100, 0x5f31, 0x4, 0x1, 0x2, 0xffffffff, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x5, 0x80000001, 0x2, 0x0, 0x40000100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x40, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800005, 0x200, 0x80, 0x2, 0x100, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x100006, 0xac8, 0xbf, 0x10002, 0x403, 0x7fc, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x21, 0x6, 0x5, 0x2, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0xa74, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x5, 0x100, 0x3, 0x4, 0xa, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c18, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x1fe, 0xffff3441, 0xfff]}, 0x45c) (async)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220a0000005089af"], 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x101c00, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r4, 0x400448e7, 0x0) (async)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x9, 0x28011, r3, 0xffffa000)

2m42.978527306s ago: executing program 0 (id=3857):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
r0 = socket(0x2, 0x803, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0)
getsockname$packet(r0, 0x0, &(0x7f0000000200))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) (async)
socket(0x2, 0x803, 0x0) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0) (async)
getsockname$packet(r0, 0x0, &(0x7f0000000200)) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)

2m42.964770967s ago: executing program 0 (id=3858):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008) (async)
pipe2$9p(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
ioctl$BTRFS_IOC_FS_INFO(r2, 0x8400941f, &(0x7f0000001280)) (async)
r3 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)='-:-%-(\'\xb9^/$]&\x00', r3)
write$FUSE_BMAP(r2, &(0x7f0000000140)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) (async)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4000, &(0x7f0000001200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@debug={'debug', 0x3d, 0x7}}]}}) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pread64(r4, &(0x7f0000000200)=""/4087, 0xff7, 0xd37)

2m42.896569404s ago: executing program 0 (id=3859):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x8)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
fadvise64(r1, 0x1fe, 0x7ffc, 0x3)

2m42.865194018s ago: executing program 0 (id=3865):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af066e73b34110b635f4be0000000000000000ea1915858a13f168644a5f2c6d5463f442eab13f77e01311a81ce581c479f408e5a7097dabfda0f5188d90cc6aa5455860b88ca22c8900"/99])
syz_open_dev$evdev(&(0x7f0000000640), 0x2, 0x82000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, 0x0, 0x4081)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket(0x200000100000011, 0x803, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x8c, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x402}, @NL80211_ATTR_SCAN_SSIDS={0x5c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0x19, 0x0, @random="c3d52bc596e57a5bd4501d6476e85648159608a6b1"}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x1320}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x800}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000004)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(r5, &(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00'], 0xe)
socket$packet(0x11, 0x3, 0x300)
close(0x3)
close_range(r0, 0xffffffffffffffff, 0x0)

2m42.761310708s ago: executing program 0 (id=3866):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000))
close_range(r1, r0, 0x0)

2m42.670259737s ago: executing program 36 (id=3866):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000))
close_range(r1, r0, 0x0)

2m25.726606026s ago: executing program 2 (id=4060):
syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0xd8af42) (async)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x80000000, 0x181400)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000140)=0xffc0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_mr_vif\x00')
preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x33, 0x0) (async, rerun: 64)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async, rerun: 64)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r2, 0x0, 0x16, 0x0, 0x0) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x200000, 0x0)

2m25.721586686s ago: executing program 2 (id=4061):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x3a, 0x0, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m25.721077326s ago: executing program 2 (id=4062):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b00), r1)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000000600)={0x2c, r2, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40060}, 0x10) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2m25.708475797s ago: executing program 2 (id=4064):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20b00, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x89, &(0x7f0000000000), &(0x7f0000000040)=0x4)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/129, 0x81}], 0x1, 0xffffffff, 0x8, 0xd)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20b00, 0x0) (async)
socket$tipc(0x1e, 0x5, 0x0) (async)
getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x89, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/129, 0x81}], 0x1, 0xffffffff, 0x8, 0xd) (async)

2m25.656184153s ago: executing program 2 (id=4066):
r0 = request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x3, r0, 0x0, 0x0)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, &(0x7f0000000180)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}})
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$link(0x8, r0, r1) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async)
epoll_create1(0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5543, 0x47, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x2, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x0, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io$hid(r3, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\"\a'], 0x0}, 0x0) (async)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000080), 0x10) (async)
sendmsg$can_bcm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x0)
sendmsg$can_bcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB='\a'], 0x48}, 0x1, 0x0, 0x0, 0xc4}, 0x0) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x6}, @flat=@weak_handle={0x77682a85, 0x1000}, @fda={0x66646185, 0x1, 0x0, 0x15}}, &(0x7f00000001c0)={0x0, 0xffffffffffffffaa, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

2m24.920502635s ago: executing program 2 (id=4081):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
io_setup(0x8, &(0x7f00000002c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001240)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0300ffff00", 0x5}])
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0xe0000000, 0x564b143a, 0x83, 0xfffb, 0x5, 0x2, 0x0, 0x0, 0x80, 0x80000004}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, 0x0)
ioctl$UDMABUF_CREATE_LIST(r5, 0x40087543, &(0x7f0000000440)=ANY=[])
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000180)=[@acquire_done={0x40106309, 0x2}], 0x0, 0x0, 0x0})

2m8.823893461s ago: executing program 37 (id=4081):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
io_setup(0x8, &(0x7f00000002c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001240)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0300ffff00", 0x5}])
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0xe0000000, 0x564b143a, 0x83, 0xfffb, 0x5, 0x2, 0x0, 0x0, 0x80, 0x80000004}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, 0x0)
ioctl$UDMABUF_CREATE_LIST(r5, 0x40087543, &(0x7f0000000440)=ANY=[])
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000180)=[@acquire_done={0x40106309, 0x2}], 0x0, 0x0, 0x0})

1m40.419319438s ago: executing program 6 (id=4591):
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10)
sendmsg$inet(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="c962", 0x2}], 0x1}, 0x4004045)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x2, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x2, 0x4d, 0x39cc1919, 0x5c, 0x9, 0x5, 0xfffff807, 0x0, 0x5, 0x48, 0x0, 0x2ab, 0x4, 0x7, 0x101, 0x3c5b, 0x7fff, 0xa, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xe, 0x0, 0x71, 0x2, 0x7, 0x3, 0x2, 0x5, 0x3c, 0x8f, 0x6, 0x6, 0x3, 0x80092aa, 0x4, 0x1, 0x30000000, 0x5, 0xdee9, 0x7, 0x3, 0x8, 0x800004, 0x1, 0x40], [0x4, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x4f6, 0xcb, 0xf9, 0xd, 0x2bf, 0x3, 0x40, 0xfffffffc, 0x100003, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x40, 0x3, 0x0, 0xfffffffe, 0x0, 0x4, 0x680, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xfb, 0x7, 0x8cd, 0x5f31, 0x4, 0x900000, 0x2002, 0x2, 0x9, 0x4, 0x9, 0x8, 0x5, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400005], [0x6, 0x3, 0x80000400, 0x2, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x400, 0x800001, 0xb, 0x2000005, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x6, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x440, 0x80, 0x3, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0x3f, 0x10002, 0x40e, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x1, 0x6, 0x1d, 0x7, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x81, 0xbb31, 0x203, 0x8, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x71, 0x1003, 0x101, 0x10000, 0x6, 0x4, 0xffff, 0xe620, 0x2, 0x1, 0x1, 0x2, 0x14c, 0x9, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc6, 0xee1, 0x0, 0x1, 0x3, 0x3, 0x100, 0x20009602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x2, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000000380)={0xa, 0x4e24, 0x5, @initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}, 0x2}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000000080)="580000001400add405000000000000000a117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ffff0100f5c71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x2b08}}, 0x4000806)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000340)=@ccm_128={{0x304}, "49c2ace48cb54d80", "e0e6d4a271e30000596600", '\x00', "c962b0c0b5d958c9"}, 0x28)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f00000002c0)="05031600d3fc141200004788031c09103228", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0xa, r5, 0x24}, 0x10)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$TCSETSF2(r3, 0x402c542d, &(0x7f0000000580)={0x5, 0xe4, 0x6ff9, 0x2, 0x40, "020000000000050000001f022bc7971a74e400", 0x0, 0x3})
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="c80000001b001d0328bd7000fcdbdf25ffffffff000000000000000000000000fe8000000000000000000000000000244e2000014e2404000200800087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="08000000000000000100010000000000f4ffffffffffffff04b4000000000000000200000000000000ba4100000000000007000000000000000000008000000000ffffff3f0000000003000000000000000400000000000000080000000000000003000000b86b6e000000030100000000040000000000000008001f0001000000"], 0xc8}}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0xc6225a99193a0f6e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})
r8 = memfd_secret(0x0)
sendmsg$nl_generic(r8, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)={0x15c, 0x25, 0x20, 0x70bd2d, 0x25dfdbfe, {0x10}, [@generic="9a4d362be957811a420237cd4a6be788e1aec5913db2b30ff6ce553dad96a71e0049b0760ab8f2e85024eacdb13f39978a74db88fb95e33d419cedae4f4da60952a90b5ccac857d3dd134b691c464890639b9a88559a12997cdebfd94cfac444e2b7b46df449a785fe", @typed={0x8, 0x91, 0x0, 0x0, @ipv4=@empty}, @typed={0xd4, 0x2f, 0x0, 0x0, @binary="cba9a1b7aa6cf4c57b641d873f5377e310e1c3bb10fc18672212a39d97b24c657d4e6f43c252a67938872adba5126e917a0eb33317a8d781c7a36ffc6aa4185b9addeb38b9f7cebd7aa0e8de82cdb785ec926434ab32297a8d9202306f6481b47fff77544f1bd54a20f335c0627e0d7ad1b9bdb108825fec9b283dceb60b1dc14a78a1a057ac9874afb52c36f258f588ec9a3bc4d3cc1001d6cf5bf12846be7aba600b49027cbe97c16e2c1b725117bbd19032649d4f64aaac3c01edcb4bf9d4d867c0cc9114004fc8fd73b582001ca1"}]}, 0x15c}, 0x1, 0x0, 0x0, 0x4008041}, 0xc040010)

1m39.517152367s ago: executing program 6 (id=4612):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
unshare(0x44040200)
r1 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000280)={'filter\x00', 0x0, [0x664, 0x0, 0x7ff, 0x8, 0x1]}, &(0x7f00000001c0)=0x54)
ppoll(&(0x7f0000000000)=[{r0, 0xc0}, {r0, 0x2000}], 0x2, 0x0, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r3 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x3)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x38, 0x0, &(0x7f00000000c0)=[@free_buffer={0x40086303, r3}, @clear_death={0x400c630f, 0x2}, @request_death, @dead_binder_done], 0x0, 0x0, 0x0})
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) (async)
unshare(0x44040200) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000280)={'filter\x00', 0x0, [0x664, 0x0, 0x7ff, 0x8, 0x1]}, &(0x7f00000001c0)=0x54) (async)
ppoll(&(0x7f0000000000)=[{r0, 0xc0}, {r0, 0x2000}], 0x2, 0x0, 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x3) (async)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x38, 0x0, &(0x7f00000000c0)=[@free_buffer={0x40086303, r3}, @clear_death={0x400c630f, 0x2}, @request_death, @dead_binder_done], 0x0, 0x0, 0x0}) (async)

1m39.411703668s ago: executing program 6 (id=4613):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
io_setup(0x1ff, &(0x7f0000000000)=<r2=>0x0)
unshare(0x400)
io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x8, 0xc13c, 0xffffffffffffffff, &(0x7f0000000180)="da412ac50a72fbf16e06f788130a3a7a505e1f08df802c8f28eeb2ade9a4afb788f9e583c8d2f55bfd23828ecc270257f294d312643a4627d28446f487adaa2820162584145fdf4c08e396556cc6022db40880c5bdef97b6b39151f458ebfa0a7164e6f8c8690e8c4227103ef50be29fc28da65f843186884e012abc573034988f4634203f049753b3bf80158ecdd57f7cde3da2e0b76a19a7203c1308d4c41369c9ed95007ca9", 0xa7, 0x8, 0x0, 0x3, r1}])
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req={0x88, 0xfff, 0x41}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x5, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x7})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x87, 0x8, 0x4000006, 0x8, {{0x13, 0x4, 0x0, 0x0, 0x4c, 0x64, 0x0, 0x83, 0x4, 0x0, @multicast1, @private=0xa010102, {[@end, @timestamp_prespec={0x44, 0x34, 0x9, 0x3, 0xa, [{@loopback, 0x7}, {@empty, 0x4}, {@multicast1, 0x1ff}, {@private=0xa010101, 0x2}, {@remote, 0x19fa}, {@rand_addr=0x64010101, 0x101}]}]}}}}})
ioctl$F2FS_IOC_FLUSH_DEVICE(r3, 0x4008f50a, &(0x7f0000000240)={0x6, 0x5})
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f00000002c0)={'wg1\x00', 0x7})
write$cgroup_netprio_ifpriomap(r1, &(0x7f0000000280)={'vlan0', 0x32, 0x37}, 0x8)

1m39.361461173s ago: executing program 6 (id=4614):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x2010004, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='.\x00')
r0 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000000)={'ip6_vti0\x00', 0x0})
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff})
ioctl$SIOCSIFMTU(r2, 0x8923, &(0x7f0000000140)={'veth0_to_bond\x00', 0x4e171e2e})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000080)={&(0x7f0000ffc000/0x4000)=nil, 0x4000})
r3 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
ftruncate(r3, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
lseek(r3, 0x80000, 0x3)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x309dce3, &(0x7f0000000200)=ANY=[@ANYBLOB="5999e5f41db34ffbebeab8f08e6f8b75538c08ae77801bd2a08ec634dff1d9797474519587e1ecd04028a1c911e311f7962ed4c8f397e7af04538e100a1f869be9e4376c48bfb19342a7f1b1546df971d16e15252198d3d585bd00f4dd8b996ac36c279792d17b66d606a40d42cb91403600cb7b86fde86153b6d8a152caa7efc0f787", @ANYRES8=r0])

1m39.29395308s ago: executing program 6 (id=4615):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket(0x10, 0x3, 0x0)
pipe2(&(0x7f0000000100), 0x4800)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)={0x14, 0x1e, 0x9, 0x2, 0x25dfdbff, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
r3 = socket$inet6(0xa, 0x80000, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r5, 0xc208ae62, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000c0000000c0000800800", @ANYRES16=<r6=>r3], 0x20}}, 0x40816)
r7 = syz_open_dev$usbmon(&(0x7f0000000800), 0x1, 0xa02)
r8 = syz_open_dev$usbmon(&(0x7f0000000740), 0x0, 0x20402)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
dup3(r7, r8, 0x80000)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r6, @ANYRES32=r1])

1m39.216327207s ago: executing program 6 (id=4616):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
gettid() (async)
r1 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0x10000008ebc, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r5, 0x107, 0x11, 0x0, &(0x7f0000000180))
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, &(0x7f00000005c0)=0x8000000000000001, 0x8)
connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000002680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0xffffffffffffff8b, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x2, &(0x7f0000000280)=""/226, 0xe2, 0x2, 0x138}, @fda={0x66646185, 0xffffffffffffffff, 0x0, 0xe}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x28}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x40}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000002680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0xffffffffffffff8b, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x2, &(0x7f0000000280)=""/226, 0xe2, 0x2, 0x138}, @fda={0x66646185, 0xffffffffffffffff, 0x0, 0xe}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x28}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x40}], 0x0, 0x0, 0x0})

1m39.208290708s ago: executing program 38 (id=4616):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
gettid() (async)
r1 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0x10000008ebc, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r5, 0x107, 0x11, 0x0, &(0x7f0000000180))
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, &(0x7f00000005c0)=0x8000000000000001, 0x8)
connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000002680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0xffffffffffffff8b, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x2, &(0x7f0000000280)=""/226, 0xe2, 0x2, 0x138}, @fda={0x66646185, 0xffffffffffffffff, 0x0, 0xe}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x28}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x40}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000002680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0xffffffffffffff8b, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x2, &(0x7f0000000280)=""/226, 0xe2, 0x2, 0x138}, @fda={0x66646185, 0xffffffffffffffff, 0x0, 0xe}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x28}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x40}], 0x0, 0x0, 0x0})

41.82838501s ago: executing program 9 (id=5526):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000000)={0x0, @initdev, @private}, &(0x7f00000001c0)=0xc)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000340)=ANY=[@ANYBLOB="090000000000000002000000e0000002"], 0x110)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ext4\x00', 0x0, 0x0)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00')
ioctl$NS_GET_USERNS(r1, 0x8004b708, 0x0)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs2\x00', 0x0, 0x120020, &(0x7f0000000080)=ANY=[@ANYRESDEC=r0, @ANYRESOCT])
socket$inet_udplite(0x2, 0x2, 0x88) (async)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x108) (async)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290) (async)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000000)={0x0, @initdev, @private}, &(0x7f00000001c0)=0xc) (async)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000340)=ANY=[@ANYBLOB="090000000000000002000000e0000002"], 0x110) (async)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ext4\x00', 0x0, 0x0) (async)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00') (async)
ioctl$NS_GET_USERNS(r1, 0x8004b708, 0x0) (async)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs2\x00', 0x0, 0x120020, &(0x7f0000000080)=ANY=[@ANYRESDEC=r0, @ANYRESOCT]) (async)

41.82286464s ago: executing program 9 (id=5529):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000001100)=@req3={0x8000, 0x200, 0x80, 0x20000}, 0x1c)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000140)=0x4, 0x4)
r2 = socket$packet(0x11, 0xa, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'veth1_to_bridge\x00', <r4=>0x0})
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r3, &(0x7f00000000c0)="3f031c00030214001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe460000", 0x48, 0x0, &(0x7f0000000540)={0xc9, 0xd, r4, 0x1, 0x80, 0x6, @multicast}, 0x14)
ftruncate(0xffffffffffffffff, 0x2)
r5 = socket$tipc(0x1e, 0x5, 0x0)
listen(r5, 0xffffeffc)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x1011, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
accept4(r5, 0x0, 0x0, 0x400000000000000)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x107842, 0xa)
write$binfmt_misc(r0, &(0x7f0000000000), 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00')
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/ip_mr_cache\x00')
fchdir(r7)
r8 = inotify_init()
inotify_add_watch(r8, &(0x7f0000000000)='./file0\x00', 0x1)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16=r10, @ANYBLOB="010028bd7000fdffffff3900000008000300", @ANYRES32=0x0, @ANYRES16=r8], 0x5c}, 0x1, 0x0, 0x0, 0x45}, 0x4000000)
splice(r0, 0x0, r6, 0x0, 0x33fe0, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x200000, 0x0)

40.868549475s ago: executing program 9 (id=5544):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x165142, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x165142, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
write(r0, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0xfffffcf1)

39.959293104s ago: executing program 9 (id=5561):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x9c, &(0x7f0000000140)={{0x12, 0x1, 0x250, 0x2d, 0xf4, 0x9f, 0x40, 0x1686, 0xdd, 0x37c4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8a, 0x3, 0x2, 0x61, 0x10, 0xe, [{{0x9, 0x4, 0x1, 0xbe, 0x1, 0x3e, 0x4, 0xf2, 0x4, [@generic={0x2, 0x11}, @uac_as], [{{0x9, 0x5, 0x6, 0x0, 0x200, 0x8, 0xfc, 0x6}}]}}, {{0x9, 0x4, 0x22, 0x8, 0x3, 0x6b, 0x1b, 0x50, 0x8, [@uac_control={{0xa, 0x24, 0x1, 0xd1df, 0x1}}], [{{0x9, 0x5, 0x5, 0x0, 0x8, 0xc, 0x4, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x0, 0xfff8}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xd, 0x5}]}}, {{0x9, 0x5, 0x2, 0x1, 0x40, 0x6, 0x2, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x87, 0x3, 0xf4c}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x60}]}}, {{0x9, 0x5, 0x5, 0x8, 0x10, 0x2, 0x40, 0x90}}]}}, {{0x9, 0x4, 0x2, 0x9, 0x3, 0x19, 0x7d, 0x19, 0x3, [], [{{0x9, 0x5, 0xc, 0x8, 0x400, 0x6, 0xb4, 0x4}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x8, 0x5, 0x8}}, {{0x9, 0x5, 0x8, 0x0, 0x20, 0xc2, 0x1, 0x7}}]}}]}}]}}, &(0x7f0000001080)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x1, 0x8, 0x6, 0xff, 0x7}, 0x0, 0x0})
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x12, 0xffffffffffffffff, 0x8ee49000)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000100)=0x1, 0x4)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x4}, 0x8}, {0xa, 0x0, 0x4, @empty}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x89f, 0x8, 0x1]}}, 0x5c)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000001080)=[0xee01, <r4=>0xffffffffffffffff])
keyctl$chown(0x4, r3, 0x0, r4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000000)={0x1})

38.532414575s ago: executing program 9 (id=5580):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x24000000, 0xfffffffffffffffd, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101040, 0xd1)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x102, 0xfffd, 0xe0, 0x0, 0x0})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x20)
r5 = socket$netlink(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x0)
fsetxattr$system_posix_acl(r4, &(0x7f0000000380)='system.posix_acl_access\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000001000000000000000800060000000000100007000000000020"], 0x24, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000006c0)={&(0x7f0000000780)={0x110, 0x2, 0x1, 0x201, 0x0, 0x0, {0x6, 0x0, 0x8}, [@CTA_SYNPROXY={0x34, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x6}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x9}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xf}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7e0571df}]}, @CTA_FILTER={0x1c, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x152}, @CTA_FILTER_ORIG_FLAGS={0x8}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x80}]}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xf202}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xa}]}, @CTA_LABELS_MASK={0xc, 0x17, [0x3, 0x9]}, @CTA_NAT_SRC={0x84, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @remote}, @CTA_NAT_V6_MINIP={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast1}}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_V4_MINIP={0x8, 0x1, @empty}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @empty}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x11}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010100}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x730e5c586fc41589}, 0x50)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0xa02000000000000, 0x60, &(0x7f0000000100)={'filter\x00', 0xb001, 0x4, 0x408, 0x238, 0x130, 0x238, 0x320, 0x320, 0x320, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1fe]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x10001, 'syz0\x00', {0x7b}}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x8000, 0x101}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x458)
r7 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x6]}, 0x8, 0x80000)
sendmmsg$inet6(r7, 0x0, 0x0, 0x20044000)
close_range(r1, 0xffffffffffffffff, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
unshare(0x60000600)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x87, 0x8, 0x4000006, 0x8, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x66, 0x0, 0x83, 0x4, 0x0, @multicast1, @private=0xa010102}}}})
r10 = socket(0x10, 0x803, 0x0)
sendto(r10, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r10, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0xe4e}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000dc0)=""/4101, 0x1005}, {&(0x7f00000000c0)=""/174, 0xae}, {&(0x7f0000000c80)=""/258, 0x102}, {&(0x7f00000033c0)=""/218, 0xda}, {&(0x7f0000000a80)=""/184, 0xb8}, {&(0x7f0000000180)=""/63, 0x3f}, {&(0x7f00000001c0)=""/243, 0xf3}, {&(0x7f00000002c0)=""/129, 0x81}, {&(0x7f0000000000)=""/92, 0x5c}, {&(0x7f00000005c0)=""/34, 0x22}], 0xa}, 0x5}], 0x3, 0x2100, 0x0)
ioctl$FS_IOC_FSSETXATTR(r8, 0x401c5820, &(0x7f0000000080)={0x8})
link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00')
socket$nl_generic(0x10, 0x3, 0x10)

38.510251807s ago: executing program 9 (id=5582):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10005) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x82013, r1, 0x81c5e000)
ioctl$VHOST_VDPA_SET_STATUS(r1, 0x4001af72, &(0x7f00000000c0)=0x9)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f00000000c0)={0x9, 0xc, 0x50a2, 0xfffffffffffffffd, 0x1c})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_on}]})
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x2000) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) (async)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil) (async)
syz_clone(0x85240000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) (async)
r4 = dup3(r0, r0, 0x80000)
ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) (async)
close_range(r0, r0, 0x0)

22.416104062s ago: executing program 39 (id=5582):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10005) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x82013, r1, 0x81c5e000)
ioctl$VHOST_VDPA_SET_STATUS(r1, 0x4001af72, &(0x7f00000000c0)=0x9)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f00000000c0)={0x9, 0xc, 0x50a2, 0xfffffffffffffffd, 0x1c})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_on}]})
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x2000) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) (async)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil) (async)
syz_clone(0x85240000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) (async)
r4 = dup3(r0, r0, 0x80000)
ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) (async)
close_range(r0, r0, 0x0)

1.058488816s ago: executing program 7 (id=6037):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x2002000, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, 0x0, 0x200) (async)
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)

1.004633021s ago: executing program 7 (id=6038):
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max'])
mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x1000448, &(0x7f0000000280)={[{@readahead={'readahead', 0x3d, 0x5}}, {@read_timeout_ms={'read_timeout_ms', 0x3d, 0x40}}, {@rlog_wakeup_cnt={'rlog_wakeup_cnt', 0x3d, 0x9}}, {@no_bf_cache={'no_bf_cache', 0x3d, 0x1}}, {@rlog_pages={'rlog_pages', 0x3d, 0xe41}}, {@no_bf_readahead}, {@no_bf_cache={'no_bf_cache', 0x3d, 0x1}}], [{@func={'func', 0x3d, 'MMAP_CHECK'}}]})

1.004338551s ago: executing program 7 (id=6039):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000140)=0x9, 0x4) (async)
r2 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r3 = dup(r2)
write$P9_RVERSION(r3, 0x0, 0x0) (async)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x68, 0x3, 0x3, 0x5, 0x0, 0x0, {0x9, 0x0, 0x7}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x8}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x6}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x2}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xf7}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x5}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x848e}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x40000}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0x1bcf8e9}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x1004) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.003702152s ago: executing program 7 (id=6040):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f0000000200)=@kern={0x10, 0x0, 0x0, 0x8}, 0x5)
getrandom(&(0x7f0000000380)=""/307, 0x133, 0x1)
getrandom(&(0x7f0000000080)=""/170, 0xaa, 0x2)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000300)=ANY=[@ANYRESHEX=r0])

1.003291171s ago: executing program 7 (id=6041):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x109100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup2(r1, r2)
ioctl$SIOCGETSGCNT(r3, 0x89e1, &(0x7f0000000180)={@broadcast, @empty})
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f00000002c0)=@file={0x1, './file0\x00'}, 0x6e)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x1)
creat(&(0x7f0000000240)='./file7\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$inet(r6, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000002540)="955232d6c9", 0x5}], 0x1}}], 0x1, 0x4044805)
recvfrom(r5, 0x0, 0x0, 0x40010061, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x0, {{0x0, 0x3}, 0x1}}, 0x80)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000380)='./file8/file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00')
renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000900)='./file7\x00', 0x0)
r7 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r7, &(0x7f0000000b80)=[{{&(0x7f0000000100)={0xa, 0x4e1e, 0x7ffe, @mcast2, 0x4}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000080)="8000102e7577d401", 0x8}], 0x1, &(0x7f0000001400)=ANY=[], 0x18}}], 0x1, 0x4000084)
unlink(&(0x7f0000000000)='./file0\x00')
r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r8)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r8, 0x83c0550b, 0x0)

722.620409ms ago: executing program 1 (id=6043):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x1802, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

717.564899ms ago: executing program 4 (id=6044):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x107200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000040)={0xcc, 0x0, 0x1})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r2, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
recvmmsg(r2, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000014c0)=""/4096, 0x1000}], 0x1}, 0x200}], 0x2, 0x10162, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
socket$pptp(0x18, 0x1, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000280)={@flat=@handle={0x73682a85, 0x100b}, @flat=@weak_binder={0x77622a85, 0x1, 0x10000000002}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x26}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_xfrm(0x10, 0x3, 0x6)

642.835937ms ago: executing program 1 (id=6045):
syz_open_dev$evdev(&(0x7f0000000080), 0xc000, 0x40040)
pselect6(0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000100)={0x8}, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000092000040"])
openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x8001, 0xffffffffffffffff, 0x0}])
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff6)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000880), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000200)=0x2)
ioctl$TCSETS2(r4, 0x402c542b, 0x0)
close(r4)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000540))
syz_usb_connect$cdc_ecm(0x3, 0x0, 0x0, &(0x7f0000000540)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x61, 0x7, 0xca, 0x40, 0x6}, 0x0, 0x0})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, 0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r4, 0x5000943a, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000c40)={0x4c, 0x12, 0x200, 0x70bd29, 0x25dfdbfe, {0x25, 0x4, 0x0, 0x72, {0x4e21, 0x4e21, [0x9, 0x10000, 0x3, 0x84c], [0x3, 0x417ce3d2, 0x8, 0xf54], 0x0, [0xffff8000, 0x361]}, 0xc7f9, 0x5}}, 0x4c}, 0x1, 0x0, 0x0, 0x20000018}, 0x4001)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, 0x0)
mmap(&(0x7f0000878000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0xffffc000)

642.408987ms ago: executing program 4 (id=6046):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0xa77)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
rename(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)='./file0/file0\x00')
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/72, 0x48}], 0x1)

642.134977ms ago: executing program 4 (id=6047):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
getdents64(0xffffffffffffffff, &(0x7f0000000000)=""/68, 0x44)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x81)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/sync_on_suspend', 0x101022, 0x1d1)
fcntl$setown(r1, 0x8, 0xffffffffffffffff)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
getpgid(0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda000020"], 0x69)
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01072cbd7000fedbdf2532000000"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8814)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2401, 0x0)
clock_adjtime(0xffffffd3, &(0x7f0000000000)={0xfffc, 0x6, 0x2, 0x0, 0x7, 0xb, 0x651, 0xfffffffffffffff9, 0x8000009657, 0x1, 0x7fffffff, 0x0, 0x10, 0xb, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0x0, 0x3, 0xfffffffffffffffb, 0x0, 0xffff, 0x3, 0x9})
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0)
time(&(0x7f0000000100))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=@newsa={0x128, 0x10, 0x7, 0x0, 0x0, {{@in=@multicast1, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @lifetime_val={0x24, 0x9, {0xb4, 0x8000000000000001, 0xb4, 0x5}}]}, 0x128}}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x19}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0xb400, 0x2, 0x100000000000000, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)

566.252324ms ago: executing program 4 (id=6048):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffff9}], 0x0, 0x0, 0x0})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4000000004, 0xbdb], 0x1, 0xc7252})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wake_lock', 0x202, 0x46)
ioctl$UI_SET_ABSBIT(r4, 0x40045567, 0x3)
setresuid(0xee00, 0xee00, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200001)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0x49, &(0x7f0000000040), 0x4)
copy_file_range(r4, 0x0, r4, &(0x7f0000000040)=0x400, 0x100, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40106309, 0x3}], 0x0, 0x0, 0x0})

458.974745ms ago: executing program 4 (id=6050):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x1802, 0x0)
socket(0xa, 0x3, 0x3a)
process_vm_readv(0x0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/215, 0xd7}], 0x1, &(0x7f00000004c0)=[{0x0}, {0x0}], 0x2, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, 0x8001, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0xf0, 0x4c, &(0x7f0000001b00)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@flat=@weak_handle={0x77682a85, 0x1, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000880)=""/207, 0xcf, 0x1, 0x2f}, @fda={0x66646185, 0x8, 0x1, 0x29}}, &(0x7f0000000140)={0x0, 0x18, 0x40}}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000340)={@ptr={0x70742a85, 0x0, &(0x7f0000000ac0)=""/4096, 0x1000, 0x0, 0x11}, @fd={0x66642a85, 0x0, r0}, @flat=@binder={0x73622a85, 0x1100, 0x1}}, &(0x7f00000003c0)={0x0, 0x28, 0x40}}}, @enter_looper, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x58, 0x18, &(0x7f00000009c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x3100}, @ptr={0x70742a85, 0x0, &(0x7f0000000980)=""/39, 0x27, 0x1, 0x27}}, &(0x7f0000001ac0)={0x0, 0x18, 0x30}}, 0x400}, @acquire={0x40046305, 0x1}, @increfs={0x40046304, 0x3}, @release={0x40046306, 0x3}], 0x0, 0x0, 0x0})
sendto$inet(r0, 0x0, 0x0, 0x404c802, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x4004084, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x59, 0x9, 0x5, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0xb, 0x8, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x401, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0xffe, 0xfffffffc, 0x334000, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0xbcf5, 0x1, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0x40, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e8, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x7ffd, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xfffffff6, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xb8d, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x9, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0xffffffff, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x6, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10001, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="3400000013000100000100dffddbdf25070000f61600000008000000", @ANYRES32, @ANYBLOB="14000c8008"], 0x34}], 0x1, 0x0, 0x0, 0x4000}, 0x0)

443.131737ms ago: executing program 4 (id=6051):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000400), 0x242840, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async, rerun: 32)
syz_clone(0x1204000, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0) (rerun: 32)
io_setup(0x5, &(0x7f0000000000)=<r1=>0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000010000000800070000000000140002007767300000426eed1a000000000000008800088048000080"], 0xb8}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp6\x00')
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000200)=""/235, 0xeb}], 0x1, 0xfff, 0xfffffffe)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
io_submit(r1, 0x3, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0x0, r0, &(0x7f0000000080)="fda427ec4dfbdb5d0fa7eb5adee27f711e11e12aaf2b2a609fb6b2e063a141259ad46d86d48988774803202a344009afb46fab5ba4a855f2ec0ea9d177003344db6d88ddb83ac8944763e085ae13ebbe7c97a399fd386120c6acd6699229b1b33fca81533836b5b86f46775e659e44ea1014e5393a90bcd0e6b8a3071ce54ae099454465ef7382c831b7f57cd47449b396153046670f91172344a464bf0fc6b69ee22fe8c2ad1abb4486d003dd0e0f8064563e6cdc2515761a59ef532def4df6a80101e9100077fcae364e8187a78975a7545a5fe565", 0xd6, 0x4, 0x0, 0x1}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x55, r4, &(0x7f00000003c0)="c8136788f90065b577a6241af328688efd59864ebd69327ffdb8da1bb65a1e2c21f23fb7a6581409bb9dfe3bd8959812e1eb6dea", 0x34, 0x5, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x3, 0x9, r5, &(0x7f0000000240)="7a3516257d843476c12072e93ca41dce7589201bbde4984ddcbbf437dfe90d806e551ff5d078f13a4c5f0789609517ff5206c5dc14957a5920163b69133f753e6d65fac2a05b037ddd74a5534732f9785a923306df4228a27af97d8a017db02226ccc45f166d4c9fe5238056abdb64b38626edd6b5c48e0b016b430bbdd5e6e3c6f377e8e282420c6d9fb527441b482a002083e962162c0f4362247e55ce65ee640de487e3b8a65bba89c05c17fcf49666a2ed", 0xb3, 0x8001}])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0xffffc000)

433.529357ms ago: executing program 8 (id=6052):
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)={0x28, 0x1e, 0x9, 0x2, 0x25dfdbff, {0x3}, [@typed={0x11, 0x1, 0x0, 0x0, @str='/dev/rnullb0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
socket(0x1e, 0x4, 0x0) (async)
r1 = socket(0x1e, 0x4, 0x0)
syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x260c00) (async)
r2 = syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x260c00)
ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000300)=[0x1, 0x3])
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x35, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x3, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xa86a, 0x3, 0x7fff, 0x4c74, 0x80000001, 0x800242, 0xffffffff, 0xa, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0xffffffd3, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xffffffef, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0x20000003, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x7, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7d, 0x9, 0x2, 0x3, 0x9, 0xfffffeff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x40000100, 0x8d2, 0x9, 0x5, 0x5, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x1, 0x1, 0x9, 0x3e7, 0x9, 0x6, 0x2, 0x2, 0x800, 0x8, 0x0, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfb1, 0x1000, 0xa5, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x2, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x2, 0x5, 0x0, 0x6, 0x80ce7, 0x1fe, 0x3, 0x7, 0x5, 0x1003, 0xfd, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc9, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x18, 0x14, 0x301, 0x0, 0x0, {0x1e}, [@generic="c1"]}, 0x18}}, 0x0) (async)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x18, 0x14, 0x301, 0x0, 0x0, {0x1e}, [@generic="c1"]}, 0x18}}, 0x0)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x120020, &(0x7f0000000000)=ANY=[@ANYBLOB='defcontext', @ANYRESOCT])
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff) (async)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000880)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="100028bd7000fedbdf25050000000c00030001010000000000000c00030006000000000000000c000800b7000000000000000c000800b000000000000000280007800c00018008000100", @ANYRES32, @ANYBLOB="0c00018008000100", @ANYRES32=r1, @ANYBLOB="d91c4376af80849707ae42e3d50dcc04e6082751fcb070e67e6f8803c70d24e87223ea75f6d48a27cd6564de1fbe38307fa13840850b125f1f7ecfaf09ab092dd540bddf9a1a0d7a5e3a58cea163dc0bf47afcdccc48223267f3dda36ea10000b07bcba416ed788f0516978d3959f56029b49933d2318ae7c316f5a378090cc73ba70ef91633", @ANYRES32=r1, @ANYBLOB], 0x6c}, 0x1, 0x0, 0x0, 0x4044}, 0x4004894)

356.458675ms ago: executing program 8 (id=6053):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
r3 = socket$inet(0x2, 0xa, 0x262)
ioctl$sock_inet_SIOCSARP(r3, 0x8953, &(0x7f0000000000)={{0x2, 0x4e22, @dev}, {0x0, @multicast}, 0x38, {0x2, 0x2, @broadcast}, 'syz_tun\x00'})
eventfd2(0x4, 0x80000)
read$eventfd(r0, &(0x7f0000000100), 0x8)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f00000000c0)={'team_slave_0\x00', 0x1ff})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/249, 0xf9, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x22}, @fda={0x66646185, 0x4, 0x0, 0x25}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})
syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
close(r1) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003}) (async)
socket$inet(0x2, 0xa, 0x262) (async)
ioctl$sock_inet_SIOCSARP(r3, 0x8953, &(0x7f0000000000)={{0x2, 0x4e22, @dev}, {0x0, @multicast}, 0x38, {0x2, 0x2, @broadcast}, 'syz_tun\x00'}) (async)
eventfd2(0x4, 0x80000) (async)
read$eventfd(r0, &(0x7f0000000100), 0x8) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) (async)
ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f00000000c0)={'team_slave_0\x00', 0x1ff}) (async)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/249, 0xf9, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x22}, @fda={0x66646185, 0x4, 0x0, 0x25}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) (async)

354.337245ms ago: executing program 8 (id=6054):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000000)=0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x58, 0x0, &(0x7f00000008c0)=[@enter_looper, @release={0x40046306, 0x1}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x5, 0x0, &(0x7f0000000780)="1f4e60867a"})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) (async)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x5c, 0x0, &(0x7f0000000140)=[@increfs_done, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0xa, 0x2, 0x2e}}, &(0x7f0000000100)={0x0, 0x18, 0x30}}}, @exit_looper], 0xe2, 0x0, &(0x7f00000001c0)="085b6395c17894cc157d6ab275b5be3d6eaeb5d47dc6b6b5b8af5cb88b770cdbbadd51ced6188923b7b4215c1720e762e938e79204ca40216010ceda9b0244095ab4166dce795b0a1943a712af5203a347636333d42a4048435f40a26e9fc8b883534b8fb8b064fd1bab11e0cce8cef090d979f33b15b46ebf29ba0a2c6fafceced4187ee5e93b5fc96cfb7a60611503664c7ee27767d89cddeffdc16da34d989fbdeb4022d9f89bd67821167f387019f28c385c0cb875b082f3aa7fde3c0fd9139d92945e731a579ed60846eada082ffa26e77e097c464214b25b9813910039dbb0"})

352.500686ms ago: executing program 8 (id=6055):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x10a942, 0x9f667fd378a54ed4)
write$P9_RREADLINK(r0, &(0x7f0000000040)={0x10, 0x17, 0x2, {0xffffffffffffffc1, './file0'}}, 0xfffffdab)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1a1c00000000010001000000000000000000"], 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x14, 0x1, 0x3, 0x101}, 0x14}}, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r2, &(0x7f00000042c0)={0x2020}, 0x2020)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8)
rt_sigaction(0x17, &(0x7f0000000180)={0x0, 0x80000000, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f00000002c0))
r5 = gettid()
tkill(r5, 0x17)
ppoll(0x0, 0x0, &(0x7f0000002d00), &(0x7f0000002d40)={[0x100000001]}, 0x8)
sendmsg$NFC_CMD_GET_TARGET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0xc004000)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r4)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), r4)
r7 = add_key$user(&(0x7f0000000000), &(0x7f00000002c0)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xfffffffffffffff8)
keyctl$KEYCTL_MOVE(0x1e, r7, 0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000600)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000e8ffffff1b0000"], 0x74}, 0x1, 0x0, 0x0, 0x2000}, 0x40000)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan3\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r3, &(0x7f0000000280)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x4c, r6, 0x100, 0xff, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000840}, 0x8840)

282.732223ms ago: executing program 8 (id=6056):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000006800000000000000000aa14000400fe8000000000000000000000000000aa0c00028005000100000000000800074000000000180006801400040020010000000000000000000000000001", @ANYRESDEC=r0], 0xac}, 0x1, 0x0, 0x0, 0x4000}, 0x4000894)

242.759876ms ago: executing program 8 (id=6057):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x35, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = eventfd2(0xfff, 0x1)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(r5, r4, 0x0)
recvmmsg$unix(r6, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000005140)=""/4111, 0x100f}], 0x1}}], 0x1, 0x18ca2382, 0x0)
fcntl$setown(r3, 0x8, 0x0)
fcntl$getownex(r3, 0x10, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r1}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

192.465601ms ago: executing program 7 (id=6058):
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
r0 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000580), &(0x7f0000000600)=0x60, 0x800)
accept(r0, 0x0, &(0x7f0000000640))
mount$tmpfs(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f00000001c0), 0x400, &(0x7f0000000100)=ANY=[@ANYBLOB='noswap,huge=never,nr_blocks=G'])
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
setns(r1, 0x40000000)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in6=@mcast2, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@local}, 0x0, @in6=@private0}}, &(0x7f0000000300)=0xe8)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$cgroup_pid(r4, &(0x7f0000000000), 0xffffff98)
r5 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r5, &(0x7f0000000440)={0x10, 0x0, 0x25dfdbfe, 0x1000000}, 0xc)
bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfe, 0x800000}, 0xc)
splice(r3, 0x0, r4, 0x0, 0x200, 0xc)
statx(r4, &(0x7f0000000340)='./file0\x00', 0x1000, 0x100, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
socket(0x1d, 0xa, 0x6)
mount$9p_xen(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x4000, &(0x7f0000000480)={'trans=xen,', {[{@nodevmap}, {@cache_none}, {@cache_readahead}, {@cache_readahead}, {@cache_fscache}, {@cache_fscache}, {@mmap}, {@fscache}, {@cachetag={'cachetag', 0x3d, 'tmpfs\x00'}}, {@msize={'msize', 0x3d, 0x9}}], [{@uid_eq={'uid', 0x3d, r2}}, {@euid_lt={'euid<', r6}}, {@subj_type}, {@fsmagic={'fsmagic', 0x3d, 0x9e6b}}, {@audit}]}})
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r7, &(0x7f0000006b40)={0x2020}, 0x206e)

79.174483ms ago: executing program 1 (id=6059):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
removexattr(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)=@known='system.posix_acl_default\x00')
ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000100)={0x0, 0x1, 0x800}) (async)
ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000100)={0x0, 0x1, 0x800})

67.969884ms ago: executing program 1 (id=6060):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x0, 0x2, 0x3, 0x1000, 0xffffffffffffffff})
timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
unshare(0x42000000)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
write$UHID_INPUT2(r0, &(0x7f0000000000)={0xc, {0x2a, "879804e0734951d5f7a51c597918d41099e24a020542dba5d6eaf32ac74df8e7d0416d23ba6d1206d806"}}, 0x30)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x4, 0x0, &(0x7f0000000040)=[@clear_death={0x400c630f, 0x1}], 0xfffffffffffffff5, 0x0, 0x0})

432.75µs ago: executing program 1 (id=6061):
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, 0x0, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$USBDEVFS_GETDRIVER(r0, 0x41045508, &(0x7f0000000240)={0xa50c, "5836fb94db98514ae4ba5ab2ddd9f43182d35285b196598eda927f3ecc359ad7d7f2597a432554656b1bbd4f0711be971ff4db4e69be82597e50a729385246f6d126a92cbe61dea16317fc180e7f43119bb8862a5a8481e52ea2c400c571bbc5bae16152087d949873776b5496ee8545ce10ac8fa1d937eba7888d6ca98d866d957106200151436e37e4cc07a44c8423a7b4e1a5defa6217d90f1af4b351d1acf7330471780af59ee8259fb46094f153af097575bf4953a49c9711a0f4c584451ec18c9a2786164e834243b41e8e357680b2a2979d26b30548e2f86ac5fb1fcefa421fee8a67caa380c9e12660135637b1af9db2e47a51ed2a3639058a83d55b"})
r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r2 = dup2(r1, r1)
ioctl$BLKSECDISCARD(r2, 0x127d, 0x0)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r2, 0x4008af7c, &(0x7f00000000c0)={0x3, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x4000010, r0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, &(0x7f0000000140)={0x1, 0x8}, 0x2)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000000)=ANY=[@ANYBLOB="2302000000e30047c7f7f40073797c7465225f75dd3dd0b90ba05b48aa550a1c588662792de5678995d0f4a40882df2eaa27960cdacb4763cac7b18f4d43c63e935791592e705e4133d69fcb4e8f94e9fcc2897e82467303"])

0s ago: executing program 1 (id=6062):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40902, 0x0) (async, rerun: 64)
r1 = socket(0xa, 0x2400000001, 0x0) (rerun: 64)
getsockopt$sock_buf(r1, 0x1, 0x3d, 0x0, &(0x7f0000000100)) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f0000000680)=[{{&(0x7f0000000200)={0x2, 0x4e23, @remote}, 0x10, 0x0}}], 0x1, 0x8000) (async, rerun: 64)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) (rerun: 64)
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$invalidate(0x15, r4) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8fe69000) (async, rerun: 32)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002"], 0x7c}}, 0x0) (async, rerun: 64)
r5 = socket$inet6(0xa, 0x80001, 0x0) (rerun: 64)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1, 0xfffffffc}}}, 0x88) (async)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000240)={0x3, {{0xa, 0x0, 0x0, @mcast1, 0x1000}}, {{0xa, 0x4e21, 0x0, @empty, 0x8}}}, 0x108) (async, rerun: 32)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff010000000000000000000000000001"], 0x190) (async, rerun: 32)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000331000/0x400000)=nil) (async)
fadvise64(r0, 0x81, 0x9, 0x5) (async)
madvise(&(0x7f00003f5000/0x4000)=nil, 0x4000, 0x19)

kernel console output (not intermixed with test programs):

dDevice=f7.f4
[  337.285690][ T1068] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.293774][ T1068] usb 8-1: Product: syz
[  337.298060][ T1068] usb 8-1: Manufacturer: syz
[  337.303664][ T1068] usb 8-1: SerialNumber: syz
[  337.309320][ T1068] usb 8-1: config 0 descriptor??
[  337.314965][T14591] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  337.323471][ T1068] asix 8-1:0.251: probe with driver asix failed with error -22
[  337.354827][  T337] usb 10-1: Using ep0 maxpacket: 16
[  337.361890][  T337] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  337.372180][  T337] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2
[  337.382898][  T337] usb 10-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00
[  337.392290][  T337] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.400548][  T337] usb 10-1: Product: syz
[  337.405031][  T337] usb 10-1: Manufacturer: syz
[  337.409848][  T337] usb 10-1: SerialNumber: syz
[  337.415234][  T337] usb 10-1: config 0 descriptor??
[  337.429628][  T626] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  337.590629][  T626] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  337.599263][  T626] usb 2-1: config 1 has no interface number 0
[  337.606058][  T626] usb 2-1: config 1 interface 105 altsetting 2 endpoint 0x82 has invalid maxpacket 19008, setting to 64
[  337.617664][  T626] usb 2-1: config 1 interface 105 has no altsetting 0
[  337.626102][  T626] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=31.6d
[  337.635650][  T626] usb 2-1: New USB device strings: Mfr=107, Product=102, SerialNumber=146
[  337.644613][  T626] usb 2-1: Product: syz
[  337.648832][  T626] usb 2-1: Manufacturer: syz
[  337.653787][  T626] usb 2-1: SerialNumber: syz
[  337.659645][T14631] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  337.664639][  T337] asix 10-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  337.684463][  T337] asix 10-1:0.0: probe with driver asix failed with error -71
[  337.711494][  T337] usb 10-1: USB disconnect, device number 14
[  337.725111][T14635] netlink: 'syz.9.4859': attribute type 27 has an invalid length.
[  337.757531][T14635] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.765022][T14635] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.957877][T14646] rust_binder: Error in use_page_slow: ESRCH
[  337.957903][T14646] rust_binder: use_range failure ESRCH
[  337.964187][T14646] rust_binder: Failed to allocate buffer. len:1176, is_oneway:false
[  337.969920][T14646] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  337.978095][T14646] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:387
[  338.112780][T14631] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  338.271407][  T605] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  338.345584][  T626] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  338.356916][  T626] aqc111 2-1:1.105: probe with driver aqc111 failed with error -71
[  338.368028][  T626] usb 2-1: USB disconnect, device number 7
[  338.441933][  T605] usb 10-1: Using ep0 maxpacket: 16
[  338.448499][  T605] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  338.458667][  T605] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  338.468900][  T605] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32
[  338.480576][  T605] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  338.490258][  T605] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  338.498862][  T605] usb 10-1: SerialNumber: syz
[  338.505707][T14654] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  338.513806][  T605] cdc_acm 10-1:1.0: skipping garbage
[  338.520154][  T605] cdc_acm 10-1:1.0: probe with driver cdc_acm failed with error -12
[  338.542128][   T36] kauditd_printk_skb: 129 callbacks suppressed
[  338.542148][   T36] audit: type=1400 audit(16777768.275:10360): avc:  denied  { connect } for  pid=14686 comm="syz.8.4876" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  338.569279][   T36] audit: type=1400 audit(16777768.275:10361): avc:  denied  { ioctl } for  pid=14686 comm="syz.8.4876" path="socket:[56851]" dev="sockfs" ino=56851 ioctlcmd=0xae82 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  338.741961][   T36] audit: type=1400 audit(16777768.472:10362): avc:  denied  { getopt } for  pid=14653 comm="syz.9.4864" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  338.742587][  T337] usb 10-1: USB disconnect, device number 15
[  338.921121][   T36] audit: type=1400 audit(16777768.631:10363): avc:  denied  { unmount } for  pid=13854 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  338.949567][   T36] audit: type=1400 audit(16777768.659:10364): avc:  denied  { set_context_mgr } for  pid=14692 comm="syz.1.4879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  338.970297][   T36] audit: type=1400 audit(16777768.659:10365): avc:  denied  { read } for  pid=14692 comm="syz.1.4879" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  338.993692][   T36] audit: type=1400 audit(16777768.659:10366): avc:  denied  { open } for  pid=14692 comm="syz.1.4879" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  339.017414][   T36] audit: type=1400 audit(16777768.659:10367): avc:  denied  { ioctl } for  pid=14692 comm="syz.1.4879" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  339.091115][T14698] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  339.091144][T14698] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:167
[  339.116071][   T36] audit: type=1326 audit(16777768.819:10368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14699 comm="syz.1.4881" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb5e8f8efc9 code=0x0
[  339.250743][   T36] audit: type=1400 audit(16777768.941:10369): avc:  denied  { create } for  pid=14707 comm="syz.8.4884" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  340.031193][  T626] usb 8-1: USB disconnect, device number 40
[  340.076559][T14722] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  340.076593][T14722] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:871
[  341.191930][ T1068] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  341.362434][ T1068] usb 10-1: Using ep0 maxpacket: 16
[  341.369029][ T1068] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  341.380382][ T1068] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  341.390467][ T1068] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  341.399657][ T1068] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.408816][ T1068] usb 10-1: config 0 descriptor??
[  341.844378][ T1068] usbhid 10-1:0.0: can't add hid device: -71
[  341.851220][ T1068] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  341.861072][ T1068] usb 10-1: USB disconnect, device number 16
[  342.048041][T14809] 9pnet_fd: Insufficient options for proto=fd
[  342.780055][ T1068] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  342.941184][ T1068] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  342.952745][ T1068] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  342.964430][ T1068] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  342.974849][ T1068] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  342.988230][ T1068] usb 10-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[  342.997555][ T1068] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.011713][ T1068] usb 10-1: config 0 descriptor??
[  343.110483][  T530] usb 8-1: new high-speed USB device number 41 using dummy_hcd
[  343.159717][T14858] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14858 comm=syz.1.4935
[  343.174642][T14858] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=14858 comm=syz.1.4935
[  343.188545][T14858] IPv6: NLM_F_CREATE should be specified when creating new route
[  343.281125][  T530] usb 8-1: Using ep0 maxpacket: 16
[  343.291697][  T530] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  343.312170][  T530] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  343.327382][  T530] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  343.339428][  T530] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.355881][  T530] usb 8-1: config 0 descriptor??
[  343.459025][ T1068] lg-g15 0003:046D:C225.0010: unknown main item tag 0x0
[  343.472868][ T1068] lg-g15 0003:046D:C225.0010: unknown main item tag 0x0
[  343.483599][ T1068] lg-g15 0003:046D:C225.0010: unknown main item tag 0x0
[  343.490728][ T1068] lg-g15 0003:046D:C225.0010: unknown main item tag 0x0
[  343.501479][ T1068] lg-g15 0003:046D:C225.0010: unknown main item tag 0x0
[  343.508915][ T1068] lg-g15 0003:046D:C225.0010: unknown main item tag 0x0
[  343.519465][ T1068] lg-g15 0003:046D:C225.0010: unknown main item tag 0x0
[  343.532826][ T1068] lg-g15 0003:046D:C225.0010: hidraw0: USB HID v0.00 Device [HID 046d:c225] on usb-dummy_hcd.9-1/input0
[  343.669214][ T1068] usb 10-1: USB disconnect, device number 17
[  343.870982][  T530] usbhid 8-1:0.0: can't add hid device: -71
[  343.878133][  T530] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  343.888441][  T530] usb 8-1: USB disconnect, device number 41
[  343.929991][   T36] kauditd_printk_skb: 38 callbacks suppressed
[  343.930012][   T36] audit: type=1326 audit(16777773.332:10408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  343.960851][   T36] audit: type=1326 audit(16777773.332:10409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  343.984780][   T36] audit: type=1326 audit(16777773.332:10410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.009064][   T36] audit: type=1326 audit(16777773.332:10411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.033678][   T36] audit: type=1326 audit(16777773.332:10412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.059070][   T36] audit: type=1326 audit(16777773.341:10413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.084258][   T36] audit: type=1326 audit(16777773.341:10414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.108023][   T36] audit: type=1326 audit(16777773.341:10415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.132080][   T36] audit: type=1326 audit(16777773.341:10416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.171957][   T36] audit: type=1326 audit(16777773.341:10417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14898 comm="syz.8.4949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5dc38efc9 code=0x7ffc0000
[  344.257418][T14917] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  344.300255][T14917] rust_binder: Error in use_page_slow: ESRCH
[  344.307519][T14917] rust_binder: use_range failure ESRCH
[  344.313910][T14917] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  344.319717][T14917] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  344.328202][T14917] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:407
[  344.453666][T14944] binder: Unknown parameter './binderfs'
[  344.504999][T14949] 9pnet_fd: Insufficient options for proto=fd
[  344.594478][T14966] rust_binder: Write failure EFAULT in pid:416
[  344.631812][T14970] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  344.640121][T14975] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  344.643080][T14974] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  344.663617][T14975] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  344.663658][T14975] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:420
[  344.941668][T14984] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  345.039790][  T530] usb 8-1: new high-speed USB device number 42 using dummy_hcd
[  345.211472][  T530] usb 8-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  345.220431][  T530] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  345.230956][  T530] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  345.240053][  T530] usb 8-1: config 1 has no interface number 0
[  345.246191][  T530] usb 8-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[  345.257036][  T530] usb 8-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  345.271972][  T530] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  345.281943][  T530] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.290501][  T530] usb 8-1: Product: syz
[  345.294990][  T530] usb 8-1: Manufacturer: syz
[  345.300374][  T530] usb 8-1: SerialNumber: syz
[  345.528842][  T530] cdc_mbim 8-1:1.1: probe with driver cdc_mbim failed with error -71
[  345.538474][T14995] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  345.552351][  T530] usb 8-1: USB disconnect, device number 42
[  345.573591][T14997] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  345.576580][T14997] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  345.583437][T14997] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:431
[  345.633897][T15002] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  345.644772][T15002] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  345.651664][T15002] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  345.660239][T15002] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:435
[  345.691680][T15007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  345.703652][T15007] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  345.710498][T15007] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  345.718937][T15007] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:437
[  345.934241][T15019] netlink: 'syz.1.4994': attribute type 4 has an invalid length.
[  346.245888][T15049] cgroup: Bad value for 'name'
[  346.287555][T15053] netlink: 'syz.1.5006': attribute type 1 has an invalid length.
[  346.325978][T15059] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  346.326296][T15059] rust_binder: Error in use_page_slow: ESRCH
[  346.333207][T15059] rust_binder: use_range failure ESRCH
[  346.339236][T15059] rust_binder: Failed to allocate buffer. len:224, is_oneway:true
[  346.345190][T15059] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  346.353756][T15059] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:455
[  346.382720][  T530] usb 8-1: new high-speed USB device number 43 using dummy_hcd
[  346.416643][T15072] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  346.430089][T15074] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  346.439296][T15074] rust_binder: Error in use_page_slow: ESRCH
[  346.446042][T15074] rust_binder: use_range failure ESRCH
[  346.452237][T15074] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  346.458116][T15074] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  346.466871][T15074] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:465
[  346.555299][  T530] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  346.575063][  T530] usb 8-1: config 1 interface 0 altsetting 181 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  346.588402][  T530] usb 8-1: config 1 interface 0 has no altsetting 0
[  346.595483][  T530] usb 8-1: language id specifier not provided by device, defaulting to English
[  346.606027][  T530] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  346.615287][  T530] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.623885][  T530] usb 8-1: Product: syz
[  346.628158][  T530] usb 8-1: Manufacturer: syz
[  346.632778][  T530] usb 8-1: SerialNumber: syz
[  346.852356][T15039] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  346.859767][T15039] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  346.867115][T15039] rust_binder: Write failure EINVAL in pid:907
[  346.868971][  T530] cdc_ether 8-1:1.0: skipping garbage
[  346.880705][  T530] usb 8-1: bad CDC descriptors
[  346.886657][  T530] usb 8-1: USB disconnect, device number 43
[  347.363108][T15107] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  347.363326][T15107] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:472
[  347.579780][  T640] hid (null): unknown global tag 0xd5
[  347.594804][  T640] hid (null): unknown global tag 0xc
[  347.602150][  T640] hid-generic 0003:0006:0038.0011: unexpected long global item
[  347.610084][  T640] hid-generic 0003:0006:0038.0011: probe with driver hid-generic failed with error -22
[  347.654436][T15123] fuse: Bad value for 'fd'
[  347.740278][T15134] rust_binder: Write failure EFAULT in pid:918
[  348.120060][ T1068] usb 8-1: new high-speed USB device number 44 using dummy_hcd
[  348.292927][ T1068] usb 8-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  348.302128][ T1068] usb 8-1: config 1 has an invalid descriptor of length 248, skipping remainder of the config
[  348.314329][ T1068] usb 8-1: config 1 interface 0 altsetting 181 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  348.327936][ T1068] usb 8-1: config 1 interface 0 has no altsetting 0
[  348.336238][ T1068] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  348.345567][ T1068] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.354117][ T1068] usb 8-1: Product: ˝憒㑆ఠ㷆乖䢋듖略鲈䘈苬㿓鈓ꊐݜㄿ↦裌莡ꉳ咆纥㉸從ழ讧걿⨔亓뉭얄슀葋䤝빗馿㞘톷注栴享◗◧報ꓨ莏藷⢞덥ﯕ좢떸枱嘯떦摵﹧겥鈐ᜇ䤬漳
[  348.377345][ T1068] usb 8-1: SerialNumber: syz
[  348.392602][T15153] netlink: 'syz.9.5042': attribute type 1 has an invalid length.
[  348.441418][T15155] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.441532][T15155] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.448588][T15155] rust_binder: Error in use_page_slow: ESRCH
[  348.455171][T15155] rust_binder: use_range failure ESRCH
[  348.461516][T15155] rust_binder: Failed to allocate buffer. len:1184, is_oneway:false
[  348.467433][T15155] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  348.475785][T15155] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:483
[  348.570263][T15162] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.580865][T15162] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.586755][T15162] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.593795][T15162] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.612145][ T1068] cdc_ether 8-1:1.0: skipping garbage
[  348.613386][T15162] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.618012][ T1068] cdc_ether 8-1:1.0: skipping garbage
[  348.618081][ T1068] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22
[  348.625336][T15162] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  348.635907][ T1068] usb 8-1: USB disconnect, device number 44
[  348.640289][T15162] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  349.004745][  T530] usb 10-1: new high-speed USB device number 18 using dummy_hcd
[  349.166002][  T530] usb 10-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  349.175244][  T530] usb 10-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  349.185539][  T530] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  349.196700][  T530] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  349.206252][  T530] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.214789][  T530] usb 10-1: Product: syz
[  349.219271][  T530] usb 10-1: Manufacturer: syz
[  349.223985][  T530] usb 10-1: SerialNumber: syz
[  349.347841][   T36] kauditd_printk_skb: 74 callbacks suppressed
[  349.347863][   T36] audit: type=1400 audit(16777778.417:10492): avc:  denied  { append } for  pid=15198 comm="syz.7.5058" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  349.380972][   T36] audit: type=1400 audit(16777778.445:10493): avc:  denied  { execute } for  pid=15198 comm="syz.7.5058" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  349.445646][   T36] audit: type=1400 audit(16777778.510:10494): avc:  denied  { watch } for  pid=15170 comm="syz.9.5048" path="/175/file0" dev="tmpfs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  349.447139][T15171] binder: Unknown parameter 'verity'
[  349.470110][   T36] audit: type=1400 audit(16777778.510:10495): avc:  denied  { audit_write } for  pid=15170 comm="syz.9.5048" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  349.518995][  T530] usb 10-1: 0:2 : does not exist
[  349.527202][  T530] usb 10-1: USB disconnect, device number 18
[  349.535395][T14636] udevd[14636]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  349.644252][ T1068] usb 8-1: new high-speed USB device number 45 using dummy_hcd
[  349.804117][ T1068] usb 8-1: Using ep0 maxpacket: 8
[  349.810764][ T1068] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  349.819877][ T1068] usb 8-1: config 179 has no interface number 0
[  349.826915][ T1068] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  349.838968][ T1068] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  349.850753][ T1068] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  349.862097][ T1068] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  349.873917][ T1068] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  349.887259][ T1068] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  349.896622][ T1068] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.907954][T15200] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  350.349283][ T1068] usb 8-1: USB disconnect, device number 45
[  350.349331][    C0] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  350.363845][    C0] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  350.588927][T15228] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  350.616617][T15230] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  351.027889][   T36] audit: type=1400 audit(16777779.993:10496): avc:  denied  { lock } for  pid=15237 comm="syz.7.5073" path="/dev/binderfs/binder1" dev="binder" ino=26 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  351.054465][   T36] audit: type=1400 audit(16777780.021:10497): avc:  denied  { setattr } for  pid=15241 comm="syz.8.5074" name="/" dev="configfs" ino=184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  351.095955][   T36] audit: type=1400 audit(16777780.021:10498): avc:  denied  { connect } for  pid=15237 comm="syz.7.5073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  351.120581][   T36] audit: type=1400 audit(16777780.021:10499): avc:  denied  { map } for  pid=15242 comm="syz.9.5075" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=59047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  351.146063][   T36] audit: type=1400 audit(16777780.021:10500): avc:  denied  { read write } for  pid=15242 comm="syz.9.5075" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=59047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  351.173586][   T36] audit: type=1400 audit(16777780.058:10501): avc:  denied  { getopt } for  pid=15241 comm="syz.8.5074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  351.337150][T15261] netlink: 104 bytes leftover after parsing attributes in process `syz.8.5081'.
[  351.370955][ T1068] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[  351.530880][ T1068] usb 8-1: Using ep0 maxpacket: 8
[  351.537799][ T1068] usb 8-1: unable to get BOS descriptor or descriptor too short
[  351.546474][ T1068] usb 8-1: config 4 has an invalid interface number: 147 but max is 0
[  351.554775][ T1068] usb 8-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  351.563623][ T1068] usb 8-1: config 4 has no interface number 0
[  351.571364][ T1068] usb 8-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  351.580768][ T1068] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.588820][ T1068] usb 8-1: Product: syz
[  351.593442][ T1068] usb 8-1: Manufacturer: syz
[  351.598209][ T1068] usb 8-1: SerialNumber: syz
[  351.822501][ T1068] usb 8-1: Found UVC 0.02 device syz (04f2:b746)
[  351.828987][ T1068] usb 8-1: No valid video chain found.
[  351.835592][ T1068] usb 8-1: USB disconnect, device number 46
[  351.908108][T15268] netlink: 'syz.1.5083': attribute type 1 has an invalid length.
[  352.192570][  T337] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[  352.352981][  T337] usb 10-1: config 220 has an invalid interface number: 76 but max is 2
[  352.361571][  T337] usb 10-1: config 220 has an invalid descriptor of length 166, skipping remainder of the config
[  352.372737][  T337] usb 10-1: config 220 has no interface number 2
[  352.379500][  T337] usb 10-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  352.388644][T15285] binder: Binderfs stats mode cannot be changed during a remount
[  352.393187][  T337] usb 10-1: config 220 interface 0 has no altsetting 0
[  352.407974][  T337] usb 10-1: config 220 interface 76 has no altsetting 0
[  352.415334][  T337] usb 10-1: config 220 interface 1 has no altsetting 0
[  352.426012][  T337] usb 10-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  352.426558][T15287] rust_binder: Error while translating object.
[  352.435795][  T337] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.435988][T15287] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  352.450391][  T337] usb 10-1: Product: syz
[  352.450531][T15287] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:941
[  352.460141][  T337] usb 10-1: Manufacturer: syz
[  352.460166][  T337] usb 10-1: SerialNumber: syz
[  352.493480][T15289] rust_binder: Write failure EFAULT in pid:943
[  352.558243][T15297] netlink: 'syz.1.5095': attribute type 1 has an invalid length.
[  352.572632][T15297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5095'.
[  352.726432][  T337] usb 10-1: selecting invalid altsetting 0
[  352.732567][  T337] usb 10-1: Found UVC 7.01 device syz (8086:0b07)
[  352.739324][  T337] usb 10-1: No valid video chain found.
[  352.748842][  T337] usb 10-1: USB disconnect, device number 19
[  353.545348][ T1068] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[  353.705196][ T1068] usb 10-1: Using ep0 maxpacket: 16
[  353.714169][ T1068] usb 10-1: config 0 interface 0 has no altsetting 0
[  353.721562][ T1068] usb 10-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  353.732798][ T1068] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.745158][ T1068] usb 10-1: config 0 descriptor??
[  353.974494][ T1068] usbhid 10-1:0.0: can't add hid device: -71
[  353.983844][ T1068] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  354.004008][ T1068] usb 10-1: USB disconnect, device number 20
[  354.010554][T15363] netlink: 'syz.9.5117': attribute type 33 has an invalid length.
[  354.019586][T15363] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5117'.
[  354.032128][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.038860][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.045612][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.052246][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.059083][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.066100][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.072863][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.079561][T15365] binder: Unknown parameter 'm0#00;0017777777777'
[  354.127980][T15368] netlink: 'syz.9.5118': attribute type 29 has an invalid length.
[  354.157749][T15373] netlink: 1347 bytes leftover after parsing attributes in process `syz.9.5119'.
[  354.181452][T15373] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  354.181593][T15373] rust_binder: Error in use_page_slow: ESRCH
[  354.197396][T15373] rust_binder: use_range failure ESRCH
[  354.203853][T15373] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  354.209747][T15373] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  354.218470][T15373] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:520
[  354.313626][T15377] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  354.345900][T15382] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  354.395305][T15387] netlink: 'syz.9.5123': attribute type 4 has an invalid length.
[  354.410312][T15387] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5123'.
[  354.512072][T15396] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  354.514318][T15396] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  354.521521][T15396] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  354.533194][T15398] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:957
[  354.534836][T15396] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:543
[  354.866919][   T36] kauditd_printk_skb: 13 callbacks suppressed
[  354.882724][   T36] audit: type=1400 audit(16777783.586:10515): avc:  denied  { listen } for  pid=15433 comm="syz.7.5139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  355.092197][   T36] audit: type=1400 audit(16777783.811:10516): avc:  denied  { create } for  pid=15456 comm="syz.1.5145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  355.114038][   T36] audit: type=1400 audit(16777783.811:10517): avc:  denied  { sys_admin } for  pid=15456 comm="syz.1.5145" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  355.136503][T15457] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5145'.
[  355.145774][T15457] netlink: 43 bytes leftover after parsing attributes in process `syz.1.5145'.
[  355.154794][T15457] netlink: 43 bytes leftover after parsing attributes in process `syz.1.5145'.
[  355.181718][T15460] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5146'.
[  355.191596][   T36] audit: type=1400 audit(16777783.905:10518): avc:  denied  { ioctl } for  pid=15459 comm="syz.1.5146" path="socket:[59361]" dev="sockfs" ino=59361 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  355.224299][  T605] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  355.228347][   T36] audit: type=1400 audit(16777783.905:10519): avc:  denied  { relabelfrom } for  pid=15459 comm="syz.1.5146" name="NETLINK" dev="sockfs" ino=59363 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  355.257090][   T36] audit: type=1400 audit(16777783.905:10520): avc:  denied  { mac_admin } for  pid=15459 comm="syz.1.5146" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  355.278787][T15462] 9pnet_fd: Insufficient options for proto=fd
[  355.293097][   T36] audit: type=1400 audit(16777783.990:10521): avc:  denied  { associate } for  pid=15458 comm="syz.1.5145" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  355.389273][  T605] usb 8-1: device descriptor read/64, error -71
[  355.645073][  T605] usb 8-1: device descriptor read/64, error -71
[  355.699264][   T36] audit: type=1400 audit(16777784.384:10522): avc:  denied  { accept } for  pid=15475 comm="syz.9.5152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  355.911573][  T605] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[  355.915541][   T36] audit: type=1400 audit(16777784.581:10523): avc:  denied  { connect } for  pid=15484 comm="syz.9.5155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  355.949687][T15489] netlink: 16 bytes leftover after parsing attributes in process `syz.9.5156'.
[  355.959326][T15489] rust_binder: 573: no such ref 0
[  355.965037][T15489] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  355.972607][T15489] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  356.060774][  T605] usb 8-1: device descriptor read/64, error -71
[  356.129679][   T36] audit: type=1400 audit(16777784.778:10524): avc:  denied  { mount } for  pid=15493 comm="syz.1.5158" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  356.316616][  T605] usb 8-1: device descriptor read/64, error -71
[  356.433947][  T605] usb usb8-port1: attempt power cycle
[  356.796231][  T605] usb 8-1: new high-speed USB device number 49 using dummy_hcd
[  356.829391][  T605] usb 8-1: device descriptor read/8, error -71
[  356.968095][  T605] usb 8-1: device descriptor read/8, error -71
[  357.226479][  T605] usb 8-1: new high-speed USB device number 50 using dummy_hcd
[  357.256016][  T605] usb 8-1: device descriptor read/8, error -71
[  357.307886][ T1068] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[  357.394530][  T605] usb 8-1: device descriptor read/8, error -71
[  357.469288][ T1068] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  357.480785][ T1068] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.494239][ T1068] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.505292][ T1068] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  357.520919][ T1068] usb 10-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[  357.521330][  T605] usb usb8-port1: unable to enumerate USB device
[  357.530514][ T1068] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.532463][ T1068] usb 10-1: config 0 descriptor??
[  357.981419][ T1068] lg-g15 0003:046D:C225.0012: unknown main item tag 0x0
[  357.988830][ T1068] lg-g15 0003:046D:C225.0012: unknown main item tag 0x0
[  357.991280][T15539] __nla_validate_parse: 1 callbacks suppressed
[  357.991310][T15539] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5175'.
[  357.997468][ T1068] lg-g15 0003:046D:C225.0012: unknown main item tag 0x0
[  358.020656][ T1068] lg-g15 0003:046D:C225.0012: unknown main item tag 0x0
[  358.028077][ T1068] lg-g15 0003:046D:C225.0012: unknown main item tag 0x0
[  358.035688][ T1068] lg-g15 0003:046D:C225.0012: unknown main item tag 0x0
[  358.042977][ T1068] lg-g15 0003:046D:C225.0012: unknown main item tag 0x0
[  358.053006][ T1068] lg-g15 0003:046D:C225.0012: hidraw0: USB HID v0.00 Device [HID 046d:c225] on usb-dummy_hcd.9-1/input0
[  358.196984][ T1068] usb 10-1: USB disconnect, device number 21
[  358.256901][T15579] lo: entered allmulticast mode
[  358.262412][T15579] lo: left allmulticast mode
[  358.391419][T15592] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pid=15592 comm=syz.1.5192
[  358.391738][T15593] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15593 comm=syz.1.5192
[  358.420190][T15592] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pid=15592 comm=syz.1.5192
[  358.480082][T15601] overlayfs: failed to clone lowerpath
[  358.754120][T15613] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  358.755345][T15613] rust_binder: Error in use_page_slow: ESRCH
[  358.762113][T15613] rust_binder: use_range failure ESRCH
[  358.768661][T15613] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  358.774198][T15613] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  358.782613][T15613] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:590
[  358.824259][T15621] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  358.833768][T15621] rust_binder: Error in use_page_slow: ESRCH
[  358.840583][T15621] rust_binder: use_range failure ESRCH
[  358.846756][T15621] rust_binder: Failed to allocate buffer. len:1184, is_oneway:true
[  358.852477][T15621] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  358.860933][T15621] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:598
[  358.909649][T15623] netlink: 'syz.9.5203': attribute type 27 has an invalid length.
[  358.953557][T15623] veth0_vlan: left promiscuous mode
[  358.959247][T15623] veth0_vlan: entered promiscuous mode
[  358.965981][T15624] netlink: 40 bytes leftover after parsing attributes in process `syz.9.5203'.
[  358.967488][T15623] veth1_macvtap: left promiscuous mode
[  358.982350][T15623] veth1_macvtap: entered promiscuous mode
[  358.984519][T15624] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  358.992660][ T3243] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.006390][ T3243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.019468][T15623] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  359.020310][ T3243] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.033873][ T3243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.228004][T15635] rust_binder: Error while translating object.
[  359.228053][T15635] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  359.234375][T15635] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:995
[  359.282226][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.292249][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.298920][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.306101][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.312644][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.319143][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.325895][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.332415][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.339144][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.345586][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.357501][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.365019][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.371988][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.379010][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.385339][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.391667][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.398198][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.404429][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.410938][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.417472][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.424012][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.430455][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.436686][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.442695][T15659] netlink: 'syz.8.5217': attribute type 4 has an invalid length.
[  359.443528][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.449893][T15659] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5217'.
[  359.457599][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.472869][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.486243][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.492602][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.505014][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.511696][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.520170][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.525229][T15669] SELinux:  Context system_u:object_r:logrotate_exec_t:s0 is not valid (left unmapped).
[  359.533927][T15666] netlink: 'syz.1.5220': attribute type 4 has an invalid length.
[  359.551001][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.551036][T15647] rust_binder: Write failure EINVAL in pid:999
[  359.558052][T15666] netlink: 17 bytes leftover after parsing attributes in process `syz.1.5220'.
[  359.715092][T15698] netlink: 'syz.7.5231': attribute type 27 has an invalid length.
[  359.757716][T15698] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.765053][T15698] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.183107][T15763] rust_binder: Error in use_page_slow: ESRCH
[  360.183143][T15763] rust_binder: use_range failure ESRCH
[  360.206352][T15763] rust_binder: Failed to allocate buffer. len:88, is_oneway:false
[  360.226721][T15763] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  360.239462][   T36] kauditd_printk_skb: 47 callbacks suppressed
[  360.239482][   T36] audit: type=1400 audit(16778301.635:10572): avc:  denied  { create } for  pid=15770 comm="syz.8.5252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  360.282798][T15763] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:610
[  360.283011][   T36] audit: type=1400 audit(16778301.682:10573): avc:  denied  { connect } for  pid=15770 comm="syz.8.5252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  360.313377][T15771] netlink: 'syz.8.5252': attribute type 16 has an invalid length.
[  360.338606][T15771] netlink: 'syz.8.5252': attribute type 4 has an invalid length.
[  360.362681][   T36] audit: type=1400 audit(16778301.747:10574): avc:  denied  { write } for  pid=15774 comm="syz.9.5253" name="binder1" dev="binder" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  360.386549][T15771] netlink: 64094 bytes leftover after parsing attributes in process `syz.8.5252'.
[  360.440837][T15778] netlink: 9 bytes leftover after parsing attributes in process `syz.7.5254'.
[  360.471807][T15778] gretap0: entered promiscuous mode
[  360.502136][T15778] netlink: 5 bytes leftover after parsing attributes in process `syz.7.5254'.
[  360.525423][   T36] audit: type=1400 audit(16778301.897:10575): avc:  denied  { read } for  pid=15788 comm="syz.9.5259" dev="nsfs" ino=4026532720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  360.553586][T15778] 0��{X��: renamed from gretap0
[  360.559835][T15778] 0��{X��: left promiscuous mode
[  360.571860][T15778] 0��{X��: entered allmulticast mode
[  360.577570][   T36] audit: type=1400 audit(16778301.897:10576): avc:  denied  { open } for  pid=15788 comm="syz.9.5259" path="net:[4026532720]" dev="nsfs" ino=4026532720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  360.610364][T15778] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  360.645387][T15794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5260'.
[  360.655570][   T36] audit: type=1400 audit(16778301.897:10577): avc:  denied  { create } for  pid=15788 comm="syz.9.5259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  360.686994][T15794] batadv_slave_1: entered promiscuous mode
[  360.704840][T15794] batadv_slave_1: left promiscuous mode
[  360.711924][T15804] binder: Binderfs stats mode cannot be changed during a remount
[  360.720201][   T36] audit: type=1400 audit(16778301.926:10578): avc:  denied  { connect } for  pid=15788 comm="syz.9.5259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  360.742605][   T36] audit: type=1400 audit(16778301.944:10579): avc:  denied  { create } for  pid=15793 comm="syz.1.5260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  360.779575][   T36] audit: type=1400 audit(16778302.029:10580): avc:  denied  { ioctl } for  pid=15793 comm="syz.1.5260" path="socket:[61031]" dev="sockfs" ino=61031 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  360.809676][   T36] audit: type=1400 audit(16778302.057:10581): avc:  denied  { setopt } for  pid=15793 comm="syz.1.5260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  360.857297][T15806] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  360.867474][T15806] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  360.910086][T15815] rust_binder: 628: no such ref 0
[  360.917944][T15815] rust_binder: 628: no such ref 1
[  360.923578][T15815] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:628
[  360.953961][T15819] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  361.040470][T15831] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  361.060370][T15831] rust_binder: Failed to allocate buffer. len:5192, is_oneway:false
[  361.067055][T15831] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  361.075151][T15831] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:637
[  361.252648][T15858] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  361.277183][T15858] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  361.283863][T15858] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  361.292044][T15858] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:643
[  361.645937][  T530] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  361.743420][T15883] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  361.743704][T15883] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  361.794078][T15889] binder: Unknown parameter 'e'
[  361.828242][  T530] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  361.844284][  T530] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.858305][  T530] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.868665][  T530] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  361.882684][  T530] usb 10-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[  361.906037][  T530] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.936225][  T530] usb 10-1: config 0 descriptor??
[  362.107499][T15904] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4274882444 (136796238208 ns) > initial count (11109752672 ns). Using initial count to start timer.
[  362.335467][T15914] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1045
[  362.387837][  T530] lg-g15 0003:046D:C225.0013: unknown main item tag 0x0
[  362.428998][T15919] netlink: 68 bytes leftover after parsing attributes in process `syz.8.5305'.
[  362.437999][  T530] lg-g15 0003:046D:C225.0013: unknown main item tag 0x0
[  362.452231][T15923] rust_binder: 1050: no such ref 1
[  362.455264][  T530] lg-g15 0003:046D:C225.0013: unknown main item tag 0x0
[  362.466679][T15923] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1050
[  362.484446][T15926] netlink: 'syz.8.5307': attribute type 4 has an invalid length.
[  362.509363][  T530] lg-g15 0003:046D:C225.0013: unknown main item tag 0x0
[  362.515222][T15922] /dev/rnullb0: Can't lookup blockdev
[  362.527350][  T530] lg-g15 0003:046D:C225.0013: unknown main item tag 0x0
[  362.554516][  T530] lg-g15 0003:046D:C225.0013: unknown main item tag 0x0
[  362.572349][  T530] lg-g15 0003:046D:C225.0013: unknown main item tag 0x0
[  362.602669][  T530] lg-g15 0003:046D:C225.0013: hidraw0: USB HID v0.00 Device [HID 046d:c225] on usb-dummy_hcd.9-1/input0
[  362.654740][  T530] usb 10-1: USB disconnect, device number 22
[  363.103380][T15965] 9pnet_fd: Insufficient options for proto=fd
[  363.234292][T15971] binder: Unknown parameter 'weclabel'
[  363.238572][T15972] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5322'.
[  363.276497][T15972] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15972 comm=syz.1.5322
[  363.608280][T15979] rust_binder: Write failure EFAULT in pid:1063
[  363.647409][T15981] SELinux: security_context_str_to_sid () failed with errno=-22
[  364.112537][T16001] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  364.112606][T16001] rust_binder: inc_ref_done called when no active inc_refs
[  364.159021][T16011] fuse: Invalid rootmode
[  364.384488][T16037] 9pnet_fd: Insufficient options for proto=fd
[  364.427860][T15722] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[  364.582185][T16051] netlink: 'syz.1.5353': attribute type 1 has an invalid length.
[  364.590688][T16051] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5353'.
[  364.601236][T16051] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.609454][T15722] usb 10-1: no configurations
[  364.614436][T15722] usb 10-1: can't read configurations, error -22
[  364.758310][T15722] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  364.830007][T16051] /dev/rnullb0: Can't lookup blockdev
[  364.882685][T16064] binder: Unknown parameter 'm
'
[  364.920325][T15722] usb 10-1: no configurations
[  364.925204][T15722] usb 10-1: can't read configurations, error -22
[  364.932327][T15722] usb usb10-port1: attempt power cycle
[  365.291244][T15722] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  365.313737][T15722] usb 10-1: no configurations
[  365.318828][T15722] usb 10-1: can't read configurations, error -22
[  365.405143][T16091] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5366'.
[  365.435530][T16095] overlayfs: failed to clone lowerpath
[  365.441596][T16095] overlayfs: failed to clone lowerpath
[  365.461763][T15722] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[  365.494455][T15722] usb 10-1: no configurations
[  365.499195][T15722] usb 10-1: can't read configurations, error -22
[  365.507986][T15722] usb usb10-port1: unable to enumerate USB device
[  365.595502][T16120] fuse: Unknown parameter 'rootmode-00000000000000000040000'
[  365.804737][   T36] kauditd_printk_skb: 79 callbacks suppressed
[  365.804756][   T36] audit: type=1400 audit(16778306.861:10661): avc:  denied  { ioctl } for  pid=16139 comm="syz.1.5384" path="socket:[61668]" dev="sockfs" ino=61668 ioctlcmd=0x89f3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  365.859090][   T36] audit: type=1400 audit(16778306.907:10662): avc:  denied  { module_load } for  pid=16141 comm="syz.1.5385" path="/243/file0" dev="tmpfs" ino=1333 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  365.859123][T16143] Invalid ELF header len 1
[  365.874589][T16142] 9pnet_fd: Insufficient options for proto=fd
[  365.887616][T16143] 9pnet_fd: Insufficient options for proto=fd
[  365.900554][T16142] /dev/rnullb0: Can't lookup blockdev
[  365.973396][T15722] usb 8-1: new full-speed USB device number 51 using dummy_hcd
[  366.134707][T15722] usb 8-1: not running at top speed; connect to a high speed hub
[  366.143761][T15722] usb 8-1: config 105 has an invalid interface number: 32 but max is 3
[  366.152141][T15722] usb 8-1: config 105 has an invalid interface number: 111 but max is 3
[  366.160661][T15722] usb 8-1: config 105 has an invalid interface number: 255 but max is 3
[  366.169170][T15722] usb 8-1: config 105 contains an unexpected descriptor of type 0x2, skipping
[  366.178174][T15722] usb 8-1: config 105 has an invalid interface number: 188 but max is 3
[  366.186649][T15722] usb 8-1: config 105 has an invalid interface number: 145 but max is 3
[  366.195439][T15722] usb 8-1: config 105 has an invalid interface number: 5 but max is 3
[  366.203867][T15722] usb 8-1: config 105 has 7 interfaces, different from the descriptor's value: 4
[  366.213463][T15722] usb 8-1: config 105 has no interface number 0
[  366.219947][T15722] usb 8-1: config 105 has no interface number 1
[  366.226320][T15722] usb 8-1: config 105 has no interface number 2
[  366.232723][T15722] usb 8-1: config 105 has no interface number 4
[  366.239029][T15722] usb 8-1: config 105 has no interface number 6
[  366.245444][T15722] usb 8-1: config 105 interface 32 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  366.258999][T15722] usb 8-1: too many endpoints for config 105 interface 3 altsetting 251: 41, using maximum allowed: 30
[  366.270226][T15722] usb 8-1: config 105 interface 3 altsetting 251 has a duplicate endpoint with address 0xC, skipping
[  366.281273][T15722] usb 8-1: config 105 interface 3 altsetting 251 has 3 endpoint descriptors, different from the interface descriptor's value: 41
[  366.294705][T15722] usb 8-1: too many endpoints for config 105 interface 111 altsetting 142: 204, using maximum allowed: 30
[  366.306174][T15722] usb 8-1: config 105 interface 111 altsetting 142 has 3 endpoint descriptors, different from the interface descriptor's value: 204
[  366.320352][T15722] usb 8-1: config 105 interface 255 altsetting 64 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  366.331799][T15722] usb 8-1: config 105 interface 255 altsetting 64 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  366.343715][T15722] usb 8-1: config 105 interface 255 altsetting 64 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  366.355577][T15722] usb 8-1: config 105 interface 255 altsetting 64 has a duplicate endpoint with address 0x4, skipping
[  366.366868][T15722] usb 8-1: config 105 interface 255 altsetting 64 has a duplicate endpoint with address 0xB, skipping
[  366.377865][T15722] usb 8-1: config 105 interface 255 altsetting 64 has a duplicate endpoint with address 0xE, skipping
[  366.389055][T15722] usb 8-1: config 105 interface 255 altsetting 64 has a duplicate endpoint with address 0x7, skipping
[  366.400418][T15722] usb 8-1: config 105 interface 255 altsetting 64 has an endpoint descriptor with address 0xE5, changing to 0x85
[  366.412631][T15722] usb 8-1: config 105 interface 255 altsetting 64 endpoint 0x85 has invalid maxpacket 61107, setting to 64
[  366.424160][T15722] usb 8-1: config 105 interface 255 altsetting 64 has 12 endpoint descriptors, different from the interface descriptor's value: 11
[  366.441225][T15722] usb 8-1: config 105 interface 188 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  366.452208][T15722] usb 8-1: config 105 interface 188 altsetting 2 has a duplicate endpoint with address 0x5, skipping
[  366.463288][T15722] usb 8-1: config 105 interface 188 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  366.464208][   T36] audit: type=1400 audit(16778307.480:10663): avc:  denied  { getopt } for  pid=16146 comm="syz.1.5387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  366.476933][T15722] usb 8-1: config 105 interface 145 altsetting 201 has a duplicate endpoint with address 0xB, skipping
[  366.509806][T15722] usb 8-1: config 105 interface 145 altsetting 201 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  366.521475][T15722] usb 8-1: config 105 interface 145 altsetting 201 has an invalid descriptor for endpoint zero, skipping
[  366.532862][T15722] usb 8-1: config 105 interface 145 altsetting 201 has a duplicate endpoint with address 0x4, skipping
[  366.544196][T15722] usb 8-1: config 105 interface 145 altsetting 201 has 4 endpoint descriptors, different from the interface descriptor's value: 28
[  366.558465][T15722] usb 8-1: too many endpoints for config 105 interface 5 altsetting 149: 206, using maximum allowed: 30
[  366.569884][T15722] usb 8-1: config 105 interface 5 altsetting 149 has a duplicate endpoint with address 0x3, skipping
[  366.580920][T15722] usb 8-1: config 105 interface 5 altsetting 149 has 1 endpoint descriptor, different from the interface descriptor's value: 206
[  366.594709][T15722] usb 8-1: config 105 interface 32 has no altsetting 0
[  366.601927][T15722] usb 8-1: config 105 interface 3 has no altsetting 0
[  366.606024][T16157] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5391'.
[  366.609164][T15722] usb 8-1: config 105 interface 111 has no altsetting 0
[  366.625251][T15722] usb 8-1: config 105 interface 255 has no altsetting 0
[  366.632364][T15722] usb 8-1: config 105 interface 188 has no altsetting 0
[  366.639763][T15722] usb 8-1: config 105 interface 145 has no altsetting 0
[  366.646874][T15722] usb 8-1: config 105 interface 5 has no altsetting 0
[  366.655606][T15722] usb 8-1: New USB device found, idVendor=05cc, idProduct=3363, bcdDevice=71.b7
[  366.665026][T15722] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.673279][T15722] usb 8-1: Product: 睰롰诃偓ႁ沅ꦎ着ꈅ瞵᲍뤂䠠㘋淤骢ฟῬ濘쎉걥紮쑵䘐ꑌꚢပ죩⹅绩ꍋㄆ괭篌鼎벫큛፾⸵鸇ꔨ␒⻅﹧҈㯮翼ᩥ᧻ꃰ꾵㋦杯쎅䅜翳ᖗ繰䅐徤ք壧Ꟃ鵦牞峬ꊩ뀋鍇￐⫑쵃旅脢潜绑풯盵줟㬝쾄繩嗝贌⛧ꉓ띢뤙刴ዂ㛵趏废ⷒ
[  366.706015][T15722] usb 8-1: Manufacturer: 㵥ꈑשּ
[  366.711356][T15722] usb 8-1: SerialNumber: Ц
[  366.953015][T15722] usb 8-1: USB disconnect, device number 51
[  366.976214][T16166] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1089
[  367.059346][   T36] audit: type=1400 audit(16778308.033:10664): avc:  denied  { read } for  pid=16173 comm="syz.1.5396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  367.113397][   T36] audit: type=1400 audit(16778308.080:10665): avc:  denied  { write } for  pid=16173 comm="syz.1.5396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  367.327838][   T36] audit: type=1400 audit(16778308.287:10666): avc:  denied  { map } for  pid=16192 comm="syz.8.5403" path="socket:[61785]" dev="sockfs" ino=61785 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  367.362732][   T36] audit: type=1400 audit(16778308.315:10667): avc:  denied  { map } for  pid=16194 comm="syz.8.5404" path="socket:[62612]" dev="sockfs" ino=62612 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  367.395786][   T36] audit: type=1400 audit(16778308.352:10668): avc:  denied  { lock } for  pid=16194 comm="syz.8.5404" path="socket:[62614]" dev="sockfs" ino=62614 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  367.624512][T16202] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  367.624623][T16202] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  367.640863][T16202] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:667
[  367.728330][   T36] audit: type=1400 audit(16778308.662:10669): avc:  denied  { unlink } for  pid=16205 comm="syz.9.5407" name="#b" dev="tmpfs" ino=1248 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  367.760824][   T36] audit: type=1400 audit(16778308.662:10670): avc:  denied  { mount } for  pid=16205 comm="syz.9.5407" name="/" dev="overlay" ino=1242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  367.847391][T16212] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  367.851892][T16212] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  367.858537][T16212] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  367.866897][T16212] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:677
[  367.989204][  T605] hid-generic 007F:6E8D:0005.0014: item fetching failed at offset 1/5
[  368.014532][  T605] hid-generic 007F:6E8D:0005.0014: probe with driver hid-generic failed with error -22
[  368.024703][T16226] netlink: 60 bytes leftover after parsing attributes in process `syz.7.5415'.
[  368.488854][  T605] usb 8-1: new high-speed USB device number 52 using dummy_hcd
[  368.648700][  T605] usb 8-1: Using ep0 maxpacket: 16
[  368.655249][T16269] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  368.665478][  T605] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.677496][  T605] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  368.703008][  T605] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  368.712822][  T605] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.722547][  T605] usb 8-1: config 0 descriptor??
[  368.729351][T16276] 9pnet_fd: Insufficient options for proto=fd
[  368.772800][T16278] /dev/rnullb0: Can't lookup blockdev
[  369.157697][  T605] usbhid 8-1:0.0: can't add hid device: -71
[  369.164346][  T605] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  369.173305][  T605] usb 8-1: USB disconnect, device number 52
[  369.352287][T15722] usb 10-1: new full-speed USB device number 27 using dummy_hcd
[  369.513481][T15722] usb 10-1: unable to get BOS descriptor or descriptor too short
[  369.522124][T15722] usb 10-1: not running at top speed; connect to a high speed hub
[  369.531251][T15722] usb 10-1: config 1 has an invalid interface number: 132 but max is 0
[  369.539725][T15722] usb 10-1: config 1 has no interface number 0
[  369.546093][T15722] usb 10-1: config 1 interface 132 altsetting 4 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  369.557277][T15722] usb 10-1: config 1 interface 132 has no altsetting 0
[  369.565749][T15722] usb 10-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=b7.27
[  369.575524][T15722] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.583834][T15722] usb 10-1: Product: syz
[  369.588435][T15722] usb 10-1: Manufacturer: syz
[  369.593160][T15722] usb 10-1: SerialNumber: syz
[  369.599065][T16283] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  369.748498][T16307] fuse: Unknown parameter '&d'
[  369.754254][T16307] rust_binder: Write failure EFAULT in pid:1120
[  369.802974][T16311] bridge_slave_1: left allmulticast mode
[  369.815291][T16311] bridge_slave_1: left promiscuous mode
[  369.821234][T16311] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.827548][T16282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  369.837536][T16311] bridge_slave_0: left allmulticast mode
[  369.838948][T16282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  369.843548][T16311] bridge_slave_0: left promiscuous mode
[  369.857509][T16311] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.955392][T15722] usb 10-1: USB disconnect, device number 27
[  370.031172][T16311] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  370.031215][T16311] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1124
[  370.129220][T16326] netlink: 'syz.7.5448': attribute type 6 has an invalid length.
[  370.252386][T16328] rust_binder: Error while translating object.
[  370.252419][T16328] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  370.258728][T16328] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1133
[  370.269071][T16330] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  370.278825][T16329] rust_binder: Error while translating object.
[  370.285564][T16329] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  370.292161][T16329] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1133
[  370.317113][T16332] rust_binder: Error while translating object.
[  370.326994][T16332] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  370.334238][T16332] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1137
[  370.345010][T16333] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  370.526662][T16361] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5458'.
[  370.594185][T16370] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  371.037849][T16396] cgroup: subsys name conflicts with all
[  371.100269][T16405] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:701
[  371.147494][   T36] kauditd_printk_skb: 29 callbacks suppressed
[  371.147514][   T36] audit: type=1400 audit(16778311.866:10700): avc:  denied  { connect } for  pid=16408 comm="syz.9.5475" lport=136 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  371.202038][   T36] audit: type=1326 audit(16778311.922:10701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16414 comm="syz.8.5476" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd5dc38efc9 code=0x0
[  371.213615][T16407] binder: Unknown parameter 'context����[7�'
[  371.228106][   T36] audit: type=1400 audit(16778311.922:10702): avc:  denied  { bind } for  pid=16406 comm="syz.7.5474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  371.256414][   T36] audit: type=1326 audit(16778311.969:10703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16406 comm="syz.7.5474" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9daf78efc9 code=0x0
[  371.287532][T16417] netlink: 180 bytes leftover after parsing attributes in process `syz.8.5476'.
[  371.308416][   T36] audit: type=1400 audit(16778312.016:10704): avc:  denied  { setopt } for  pid=16414 comm="syz.8.5476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  371.393713][   T36] audit: type=1400 audit(16778312.100:10705): avc:  denied  { append } for  pid=16413 comm="syz.9.5477" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:syslogd_var_lib_t:s0"
[  371.455096][   T36] audit: type=1400 audit(16778312.128:10706): avc:  denied  { open } for  pid=16413 comm="syz.9.5477" path="/dev/ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:syslogd_var_lib_t:s0"
[  371.488381][   T36] audit: type=1400 audit(16778312.128:10707): avc:  denied  { ioctl } for  pid=16413 comm="syz.9.5477" path="/dev/ptp0" dev="devtmpfs" ino=196 ioctlcmd=0x3d07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:syslogd_var_lib_t:s0"
[  371.518143][   T36] audit: type=1400 audit(16778312.128:10708): avc:  denied  { ioctl } for  pid=16413 comm="syz.9.5477" path="/dev/ptp0" dev="devtmpfs" ino=196 ioctlcmd=0x3d07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:syslogd_var_lib_t:s0"
[  371.548350][   T36] audit: type=1400 audit(16778312.250:10709): avc:  denied  { bind } for  pid=16422 comm="syz.9.5478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  371.584726][T16425] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  371.584974][T16425] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  371.878407][  T605] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[  372.050799][  T605] usb 10-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  372.060184][  T605] usb 10-1: config 1 has an invalid descriptor of length 248, skipping remainder of the config
[  372.070737][  T605] usb 10-1: config 1 interface 0 altsetting 181 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  372.084146][  T605] usb 10-1: config 1 interface 0 has no altsetting 0
[  372.093950][  T605] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  372.103280][  T605] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.111814][  T605] usb 10-1: Product: ˝憒㑆ఠ㷆乖䢋듖略鲈䘈苬㿓鈓ꊐݜㄿ↦裌莡ꉳ咆纥㉸從ழ讧걿⨔亓뉭얄슀葋䤝빗馿㞘톷注栴享◗◧報ꓨ莏藷⢞덥ﯕ좢떸枱嘯떦摵﹧겥鈐ᜇ䤬漳
[  372.127578][T16429] netlink: 92 bytes leftover after parsing attributes in process `syz.8.5481'.
[  372.133629][  T605] usb 10-1: SerialNumber: syz
[  372.146532][T16429] 9pnet_fd: Insufficient options for proto=fd
[  372.485236][  T605] cdc_ether 10-1:1.0: skipping garbage
[  372.491058][  T605] cdc_ether 10-1:1.0: skipping garbage
[  372.497032][  T605] cdc_ether 10-1:1.0: probe with driver cdc_ether failed with error -22
[  372.508966][  T605] usb 10-1: USB disconnect, device number 28
[  373.168176][T16453] SELinux: security_context_str_to_sid (sytem_u�Gй�:��) failed with errno=-22
[  373.168452][T16456] SELinux: security_context_str_to_sid (sytem_u�Gй�:��) failed with errno=-22
[  373.250783][T16465] __vm_enough_memory: pid: 16465, comm: syz.7.5494, bytes: 18014402804453376 not enough memory for the allocation
[  373.467546][T16512] rust_binder: Error in use_page_slow: ESRCH
[  373.467575][T16512] rust_binder: use_range failure ESRCH
[  373.479511][T16512] rust_binder: Failed to allocate buffer. len:88, is_oneway:false
[  373.492514][T16512] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  373.500662][T16512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:723
[  373.510791][T16500] rust_binder: Write failure EFAULT in pid:1205
[  373.527578][T16520] netlink: 92 bytes leftover after parsing attributes in process `syz.8.5514'.
[  373.686955][T16548] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  373.713371][T16548] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=16548 comm=syz.9.5522
[  373.759991][T16555] overlayfs: failed to clone lowerpath
[  373.768993][T16557] netlink: 92 bytes leftover after parsing attributes in process `syz.7.5525'.
[  373.841009][T16532] devpts: called with bogus options
[  373.945438][T16585] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5534'.
[  374.026828][T16588] rust_binder: Read failure Err(EAGAIN) in pid:1228
[  374.421325][T16593] netlink: 92 bytes leftover after parsing attributes in process `syz.8.5536'.
[  374.734661][T16613] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  374.781745][T16616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1233
[  374.831558][T16618] netlink: 92 bytes leftover after parsing attributes in process `syz.7.5546'.
[  374.916348][T16622] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  374.931548][T16622] rust_binder: Write failure EINVAL in pid:1239
[  374.932050][T16622] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  374.959769][T16622] rust_binder: Write failure EINVAL in pid:1239
[  374.983041][T16625] __vm_enough_memory: pid: 16625, comm: syz.7.5549, bytes: 18014402804453376 not enough memory for the allocation
[  375.082251][T16629] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  375.245574][T16638] netlink: 92 bytes leftover after parsing attributes in process `syz.1.5555'.
[  375.363705][    T9] usb 8-1: new high-speed USB device number 53 using dummy_hcd
[  375.535450][    T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  375.545897][    T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  375.557246][    T9] usb 8-1: config 1 interface 1 has no altsetting 0
[  375.565507][    T9] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  375.575712][    T9] usb 8-1: New USB device strings: Mfr=199, Product=2, SerialNumber=3
[  375.584339][    T9] usb 8-1: Product: syz
[  375.588931][    T9] usb 8-1: Manufacturer: syz
[  375.593941][    T9] usb 8-1: SerialNumber: syz
[  375.601609][    T9] cdc_ncm 8-1:1.0: skipping garbage
[  375.607244][    T9] cdc_ncm 8-1:1.0: NCM or ECM functional descriptors missing
[  375.615251][    T9] cdc_ncm 8-1:1.0: bind() failure
[  375.815820][    T9] usb 8-1: USB disconnect, device number 53
[  375.939294][  T605] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  376.102019][  T605] usb 10-1: unable to get BOS descriptor or descriptor too short
[  376.110886][  T605] usb 10-1: config 2 has an invalid interface number: 34 but max is 2
[  376.119204][  T605] usb 10-1: config 2 has an invalid interface number: 6 but max is 2
[  376.127352][  T605] usb 10-1: config 2 has an invalid descriptor of length 1, skipping remainder of the config
[  376.137575][  T605] usb 10-1: config 2 has no interface number 0
[  376.143825][  T605] usb 10-1: config 2 has no interface number 2
[  376.150050][  T605] usb 10-1: config 2 interface 1 altsetting 190 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  376.161273][  T605] usb 10-1: config 2 interface 34 altsetting 8 has an invalid endpoint descriptor of length 5, skipping
[  376.172821][  T605] usb 10-1: config 2 interface 34 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  376.186071][  T605] usb 10-1: too many endpoints for config 2 interface 6 altsetting 7: 37, using maximum allowed: 30
[  376.197495][  T605] usb 10-1: config 2 interface 6 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  376.210739][  T605] usb 10-1: config 2 interface 1 has no altsetting 0
[  376.217783][  T605] usb 10-1: config 2 interface 34 has no altsetting 0
[  376.224745][  T605] usb 10-1: config 2 interface 6 has no altsetting 0
[  376.238870][  T605] usb 10-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=37.c4
[  376.248258][  T605] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.256558][  T605] usb 10-1: Product: syz
[  376.261328][  T605] usb 10-1: Manufacturer: syz
[  376.266253][  T605] usb 10-1: SerialNumber: syz
[  376.267451][T16663] netlink: 92 bytes leftover after parsing attributes in process `syz.8.5565'.
[  376.377690][T16669] rust_binder: Write failure EFAULT in pid:1251
[  376.430075][T16680] rust_binder: validate_parent_fixup: fixup_min_offset=46, parent_offset=35
[  376.436412][T16680] rust_binder: Error while translating object.
[  376.445362][T16680] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  376.451834][T16680] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1258
[  376.490785][T16654] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  376.504096][  T605] usb 10-1: selecting invalid altsetting 0
[  376.522980][  T605] usb 10-1: USB disconnect, device number 29
[  376.547071][T16686] netlink: 92 bytes leftover after parsing attributes in process `syz.7.5574'.
[  376.567890][T16688] rust_binder: Write failure EFAULT in pid:1264
[  376.579700][T16690] rust_binder: 1266: no such ref 1
[  376.591423][T16690] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1266
[  376.605834][T16692] netlink: 324 bytes leftover after parsing attributes in process `syz.7.5577'.
[  377.009216][   T36] kauditd_printk_skb: 30 callbacks suppressed
[  377.009238][   T36] audit: type=1400 audit(16778317.373:10740): avc:  denied  { read } for  pid=16694 comm="syz.1.5578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  377.055022][   T36] audit: type=1400 audit(16778317.410:10741): avc:  denied  { append } for  pid=16698 comm="syz.9.5580" name="001" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  377.081586][   T36] audit: type=1400 audit(16778317.439:10742): avc:  denied  { setopt } for  pid=16694 comm="syz.1.5578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  377.169194][   T36] audit: type=1400 audit(16778317.523:10743): avc:  denied  { map } for  pid=16710 comm="syz.1.5585" path="socket:[63723]" dev="sockfs" ino=63723 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  377.247390][T16724] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5590'.
[  377.328689][T16737] batadv_slave_0: mtu less than device minimum
[  377.392292][T16743] netlink: 140 bytes leftover after parsing attributes in process `syz.8.5596'.
[  377.392380][T16742] netlink: 140 bytes leftover after parsing attributes in process `syz.8.5596'.
[  377.410811][T16743] netlink: 48 bytes leftover after parsing attributes in process `syz.8.5596'.
[  377.421151][T16742] netlink: 48 bytes leftover after parsing attributes in process `syz.8.5596'.
[  377.524321][T16748] netlink: 56 bytes leftover after parsing attributes in process `syz.7.5599'.
[  377.608694][T16761] SELinux: security_context_str_to_sid () failed with errno=-22
[  377.686375][   T36] audit: type=1326 audit(16778318.001:10744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16763 comm="syz.7.5604" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9daf78efc9 code=0x0
[  377.849112][T16769] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  378.184933][   T36] audit: type=1400 audit(16778318.471:10745): avc:  denied  { mounton } for  pid=16770 comm="syz.8.5607" path="/file0" dev="rootfs" ino=3946 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  378.260282][T16777] netlink: 56 bytes leftover after parsing attributes in process `syz.8.5610'.
[  388.083655][   T36] audit: type=1326 audit(16778327.759:10746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16796 comm="syz.7.5618" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9daf78efc9 code=0x0
[  388.112980][T16801] /dev/rnullb0: Can't lookup blockdev
[  388.128973][   T36] audit: type=1400 audit(16778327.787:10747): avc:  denied  { create } for  pid=16799 comm="syz.8.5617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  388.178332][T16805] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5620'.
[  388.200896][T16806] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1280
[  388.239400][   T36] audit: type=1400 audit(16778327.899:10748): avc:  denied  { create } for  pid=16811 comm="syz.1.5623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  388.906205][T16823] /dev/rnullb0: Can't lookup blockdev
[  388.929110][T16825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5628'.
[  388.954845][T16827] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5629'.
[  389.014831][T16836] sit0: entered promiscuous mode
[  389.029618][T16836] netlink: 'syz.1.5632': attribute type 1 has an invalid length.
[  389.060148][T16836] netlink: 1 bytes leftover after parsing attributes in process `syz.1.5632'.
[  389.203398][T16860] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5640'.
[  389.312146][T16869] netlink: 'syz.1.5643': attribute type 46 has an invalid length.
[  389.320144][T16869] netlink: 'syz.1.5643': attribute type 28 has an invalid length.
[  389.344160][T16871] SELinux: security_context_str_to_sid (E�) failed with errno=-22
[  389.451646][T16873] fuse: Unknown parameter '�'
[  389.962512][   T36] audit: type=1400 audit(16778329.523:10749): avc:  denied  { setopt } for  pid=16882 comm="syz.8.5648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  389.979368][T16885] netlink: 56 bytes leftover after parsing attributes in process `syz.8.5649'.
[  390.008759][  T605] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[  390.081765][   T36] audit: type=1400 audit(16778329.626:10750): avc:  denied  { bind } for  pid=16890 comm="syz.8.5651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  390.200605][  T605] usb 8-1: Using ep0 maxpacket: 16
[  390.212092][  T605] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.225573][  T605] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  390.239674][  T605] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  390.251111][  T605] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.264708][  T605] usb 8-1: config 0 descriptor??
[  390.306188][   T36] audit: type=1400 audit(16778329.842:10751): avc:  denied  { setopt } for  pid=16913 comm="syz.8.5658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  390.492292][  T605] usbhid 8-1:0.0: can't add hid device: -71
[  390.506318][  T605] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  390.518394][  T605] usb 8-1: USB disconnect, device number 54
[  390.545234][   T36] audit: type=1400 audit(16778330.067:10752): avc:  denied  { mount } for  pid=16942 comm="syz.1.5670" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  390.570093][   T36] audit: type=1400 audit(16778330.095:10753): avc:  denied  { read } for  pid=16942 comm="syz.1.5670" name="/" dev="configfs" ino=184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  390.592608][   T36] audit: type=1400 audit(16778330.095:10754): avc:  denied  { open } for  pid=16942 comm="syz.1.5670" path="/" dev="configfs" ino=184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  391.032182][   T36] audit: type=1400 audit(16778330.526:10755): avc:  denied  { create } for  pid=16946 comm="syz.8.5672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  391.257739][T16956] rust_binder: Failed copying remainder into alloc: EFAULT
[  391.257770][T16956] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  391.265159][T16956] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  391.274003][T16956] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1296
[  391.323576][T16961] rust_binder: Write failure EFAULT in pid:1304
[  391.348886][T16964] binder: Bad value for 'stats'
[  391.391137][T16969] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  391.391400][T16969] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  391.398545][T16969] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  391.407104][T16969] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1312
[  391.744976][T16987] rust_binder: Write failure EFAULT in pid:1318
[  391.826513][T16994] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5687'.
[  392.017559][T17000] /dev/rnullb0: Can't lookup blockdev
[  392.060534][T17002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5691'.
[  392.167047][T17006] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.174431][T17006] bridge0: port 1(bridge_slave_0) entered disabled state
[  392.181636][T17006] bridge_slave_0: entered allmulticast mode
[  392.184698][T17008] netlink: 272 bytes leftover after parsing attributes in process `syz.1.5692'.
[  392.188459][T17006] bridge_slave_0: entered promiscuous mode
[  392.213413][T17006] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.221191][T17006] bridge0: port 2(bridge_slave_1) entered disabled state
[  392.228623][T17006] bridge_slave_1: entered allmulticast mode
[  392.236464][T17006] bridge_slave_1: entered promiscuous mode
[  392.326137][T17006] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.333289][T17006] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.340750][T17006] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.347865][T17006] bridge0: port 1(bridge_slave_0) entered forwarding state
[  392.378867][ T3196] bridge0: port 1(bridge_slave_0) entered disabled state
[  392.387516][ T3196] bridge0: port 2(bridge_slave_1) entered disabled state
[  392.409303][ T3243] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.416475][ T3243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  392.424860][ T3243] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.432054][ T3243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.462960][T17006] veth0_vlan: entered promiscuous mode
[  392.479999][T17006] veth1_macvtap: entered promiscuous mode
[  392.529790][T17025] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  392.530249][T17025] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  392.536911][T17026] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  392.544600][T17025] tipc: Started in network mode
[  392.556602][T17025] tipc: Node identity 7ff, cluster identity 4711
[  392.576402][T17025] tipc: Node number set to 2047
[  392.616152][T17032] netlink: 40 bytes leftover after parsing attributes in process `syz.8.5696'.
[  392.668449][T17037] binder: Bad value for 'max'
[  392.704553][T17039] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  392.724695][T17042] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  392.739496][T17042] rust_binder: Write failure EINVAL in pid:1328
[  393.014992][T15719] usb 8-1: new full-speed USB device number 55 using dummy_hcd
[  393.220170][T15719] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  393.262422][T15719] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  393.294187][T15719] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  393.323846][T15719] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  393.355567][T15719] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  393.385675][ T3243] bridge_slave_1: left allmulticast mode
[  393.385982][T15719] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  393.402740][ T3243] bridge_slave_1: left promiscuous mode
[  393.408491][ T3243] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.430419][T15719] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  393.439130][ T3243] bridge_slave_0: left allmulticast mode
[  393.449355][ T3243] bridge_slave_0: left promiscuous mode
[  393.455330][T15719] usb 8-1: Product: syz
[  393.459623][T15719] usb 8-1: Manufacturer: syz
[  393.477327][ T3243] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.492567][T15719] cdc_wdm 8-1:1.0: skipping garbage
[  393.516488][T15719] cdc_wdm 8-1:1.0: skipping garbage
[  393.526379][T15719] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  393.532420][T15719] cdc_wdm 8-1:1.0: Unknown control protocol
[  393.665282][ T3243] veth1_macvtap: left promiscuous mode
[  393.670871][ T3243] veth0_vlan: left promiscuous mode
[  393.707430][T17046] __nla_validate_parse: 1 callbacks suppressed
[  393.707454][T17046] netlink: 182 bytes leftover after parsing attributes in process `syz.7.5702'.
[  393.739984][T17046] fuse: Bad value for 'group_id'
[  393.750021][T15722] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  393.754269][   T36] kauditd_printk_skb: 15 callbacks suppressed
[  393.754295][   T36] audit: type=1400 audit(16778333.078:10771): avc:  denied  { bind } for  pid=17078 comm="syz.1.5713" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  393.758163][T17046] fuse: Bad value for 'group_id'
[  393.774918][   T36] audit: type=1400 audit(16778333.078:10772): avc:  denied  { name_bind } for  pid=17078 comm="syz.1.5713" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  393.804179][T17081] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  393.819386][   T36] audit: type=1400 audit(16778333.078:10773): avc:  denied  { node_bind } for  pid=17078 comm="syz.1.5713" saddr=::ffff:0.0.0.0 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  393.874194][T17071] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.881514][T17071] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.890351][T17046] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[  393.890386][T17046] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  393.898473][T17046] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1330
[  393.908049][T17071] bridge_slave_0: entered allmulticast mode
[  393.925219][T17071] bridge_slave_0: entered promiscuous mode
[  393.932900][T17071] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.940292][T17071] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.948473][T17071] bridge_slave_1: entered allmulticast mode
[  393.955223][T17071] bridge_slave_1: entered promiscuous mode
[  393.963238][T15722] usb 9-1: device descriptor read/64, error -71
[  394.054418][T17071] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.061690][T17071] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.069327][T17071] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.076639][T17071] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.102049][ T3243] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.109594][ T3243] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.119967][ T3199] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.127097][ T3199] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.137533][ T3243] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.144714][ T3243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.173103][T17071] veth0_vlan: entered promiscuous mode
[  394.185600][T17071] veth1_macvtap: entered promiscuous mode
[  394.236850][T17094] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5714'.
[  394.240331][T15722] usb 9-1: device descriptor read/64, error -71
[  394.267945][T17096] netlink: 9 bytes leftover after parsing attributes in process `syz.4.5715'.
[  394.277650][T17096] gretap0: entered promiscuous mode
[  394.286180][   T36] audit: type=1400 audit(16778333.576:10774): avc:  denied  { unmount } for  pid=17095 comm="syz.4.5715" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  394.308158][   T36] audit: type=1400 audit(16778333.594:10775): avc:  denied  { remount } for  pid=17095 comm="syz.4.5715" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  394.331579][T17096] rust_binder: Error while translating object.
[  394.331618][T17096] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  394.338044][T17096] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:6
[  394.459051][T17098] rust_binder: Error while translating object.
[  394.468544][T17098] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  394.475401][T17098] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:8
[  394.500684][T17100] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  394.510090][T15722] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  394.511144][T17100] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  394.539995][   T36] audit: type=1400 audit(16778333.820:10776): avc:  denied  { read write } for  pid=17101 comm="syz.4.5718" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:syslogd_var_lib_t:s0"
[  394.656167][T15722] usb 9-1: device descriptor read/64, error -71
[  394.758427][T17116] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5723'.
[  394.839150][T17124] rust_binder: 18: no such ref 2
[  394.911831][T15722] usb 9-1: device descriptor read/64, error -71
[  395.029199][T15722] usb usb9-port1: attempt power cycle
[  395.098826][   T36] audit: type=1400 audit(16778334.336:10777): avc:  denied  { map } for  pid=17131 comm="syz.4.5730" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  395.193305][T17135] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5731'.
[  395.213128][T17135] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  395.231751][T17135] rust_binder: Write failure EINVAL in pid:25
[  395.272996][   T36] audit: type=1400 audit(16778334.495:10778): avc:  denied  { lock } for  pid=17136 comm="syz.4.5732" path="/dev/binderfs/binder1" dev="binder" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  395.305215][T17137] fuse: Unknown parameter 'E.�#���-�0000001000000000040000'
[  395.313342][T17138] fuse: Unknown parameter 'E.�#���-�0000001000000000040000'
[  395.393712][T17140] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5733'.
[  395.414230][T15722] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  395.436641][   T36] audit: type=1400 audit(16778334.655:10779): avc:  denied  { write } for  pid=17141 comm="syz.4.5734" path="socket:[65667]" dev="sockfs" ino=65667 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  395.476684][T15722] usb 9-1: device descriptor read/8, error -71
[  395.487467][   T36] audit: type=1400 audit(16778334.655:10780): avc:  denied  { ioctl } for  pid=17141 comm="syz.4.5734" path="socket:[64487]" dev="sockfs" ino=64487 ioctlcmd=0x5460 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  395.511445][T17154] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=17154 comm=syz.1.5739
[  395.543855][T17159] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5740'.
[  395.616370][T15722] usb 9-1: device descriptor read/8, error -71
[  395.881797][T15722] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  395.904863][T15722] usb 9-1: device descriptor read/8, error -71
[  395.960001][   T31] usb 8-1: USB disconnect, device number 55
[  396.031075][T17164] fuse: Invalid rootmode
[  396.046719][T15722] usb 9-1: device descriptor read/8, error -71
[  396.061378][T17171] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5743'.
[  396.088644][T17173] overlay: Unknown parameter 'userxattr:/'
[  396.180589][T15722] usb usb9-port1: unable to enumerate USB device
[  396.198391][T17182] netlink: 'syz.1.5747': attribute type 6 has an invalid length.
[  396.206476][T17182] IPv6: NLM_F_CREATE should be specified when creating new route
[  396.343782][T17186] netlink: 'syz.1.5748': attribute type 4 has an invalid length.
[  396.351906][T17186] netlink: 'syz.1.5748': attribute type 2 has an invalid length.
[  396.424764][T17200] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  396.433275][T17200] rust_binder: Write failure EINVAL in pid:45
[  396.446731][T17207] overlayfs: failed to clone upperpath
[  396.466827][T17209] rust_binder: 50: no such ref 2
[  396.559573][T17231] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  396.559610][T17231] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:54
[  396.600890][T17233] 9pnet_fd: Insufficient options for proto=fd
[  396.635185][T17235] netlink: 'syz.4.5765': attribute type 27 has an invalid length.
[  396.781814][T17243] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  396.792035][T17243] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  397.054158][T15722] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  397.214022][T15722] usb 5-1: Using ep0 maxpacket: 8
[  397.226645][T15722] usb 5-1: config 0 has an invalid interface number: 109 but max is 0
[  397.246052][T15722] usb 5-1: config 0 has no interface number 0
[  397.252432][T15722] usb 5-1: New USB device found, idVendor=04dd, idProduct=8006, bcdDevice=ee.0c
[  397.270786][T15722] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.290424][T15722] usb 5-1: config 0 descriptor??
[  397.310251][  T605] usb 8-1: new high-speed USB device number 56 using dummy_hcd
[  397.333549][T17267] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5777'.
[  397.492290][  T605] usb 8-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  397.523462][  T605] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  397.528577][T15722] usb 5-1: string descriptor 0 read error: -71
[  397.556359][T15722] usb 5-1: unsupported MDLM descriptors
[  397.567263][  T605] usb 8-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  397.579199][T15722] usb 5-1: USB disconnect, device number 2
[  397.587118][  T605] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.595365][  T605] usb 8-1: Product: syz
[  397.608411][  T605] usb 8-1: Manufacturer: syz
[  397.615840][  T605] usb 8-1: SerialNumber: syz
[  397.633964][  T605] rtl8150 8-1:1.0: couldn't find required endpoints
[  397.651084][  T605] rtl8150 8-1:1.0: probe with driver rtl8150 failed with error -5
[  397.842077][T17275] /dev/rnullb0: Can't lookup blockdev
[  397.852783][T17252] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  397.852890][T17252] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  397.872145][T17270] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=30 sclass=netlink_tcpdiag_socket pid=17270 comm=syz.8.5778
[  397.894277][T17252] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  397.897835][T17252] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5771'.
[  397.935375][T17252] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 152, size: 238)
[  397.935408][T17252] rust_binder: Error while translating object.
[  397.967821][T17252] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  397.978574][T17252] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1352
[  397.998066][T17269] binder: Unknown parameter 'context����[7�'
[  398.082576][T17282] binder: Bad value for 'defcontext'
[  398.162977][T17286] binder: Bad value for 'defcontext'
[  398.227103][T17292] /dev/rnullb0: Can't open blockdev
[  398.322680][  T530] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  398.482972][  T530] usb 9-1: Using ep0 maxpacket: 8
[  398.492797][  T530] usb 9-1: config 0 has an invalid interface number: 31 but max is 0
[  398.501084][  T530] usb 9-1: config 0 has no interface number 0
[  398.515916][  T530] usb 9-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  398.531991][T15719] usb 8-1: USB disconnect, device number 56
[  398.540823][  T530] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.561654][  T530] usb 9-1: Product: syz
[  398.566150][  T530] usb 9-1: Manufacturer: syz
[  398.582135][  T530] usb 9-1: SerialNumber: syz
[  398.590647][  T530] usb 9-1: config 0 descriptor??
[  398.695612][   T31] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  398.829945][  T530] usb 9-1: Found UVC 0.04 device syz (046d:08c3)
[  398.845076][  T530] uvcvideo 9-1:0.31: Entity type for entity Output 6 was not initialized!
[  398.856698][  T530] usb 9-1: USB disconnect, device number 16
[  398.866034][   T31] usb 5-1: unable to get BOS descriptor or descriptor too short
[  398.876959][   T31] usb 5-1: not running at top speed; connect to a high speed hub
[  398.885605][   T31] usb 5-1: config 1 interface 0 has no altsetting 0
[  398.899619][   T31] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  398.919421][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.927689][   T31] usb 5-1: Product: syz
[  398.935814][   T31] usb 5-1: Manufacturer: syz
[  398.951385][   T31] usb 5-1: SerialNumber: syz
[  399.030896][T17317] /dev/rnullb0: Can't lookup blockdev
[  399.093476][   T36] kauditd_printk_skb: 9 callbacks suppressed
[  399.093497][   T36] audit: type=1400 audit(33555783.085:10790): avc:  denied  { ioctl } for  pid=17319 comm="syz.1.5794" path="/" dev="configfs" ino=184 ioctlcmd=0x5412 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  399.148014][T17322] __nla_validate_parse: 1 callbacks suppressed
[  399.148040][T17322] netlink: 124 bytes leftover after parsing attributes in process `syz.1.5795'.
[  399.176987][   T36] audit: type=1400 audit(33555783.170:10791): avc:  denied  { mounton } for  pid=17296 comm="syz.4.5787" path="/30/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  399.644284][  T530] usb 9-1: new low-speed USB device number 17 using dummy_hcd
[  399.745115][   T31] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  399.749857][   T36] audit: type=1400 audit(33555783.695:10792): avc:  denied  { unmount } for  pid=17071 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  399.755657][   T31] usb 5-1: USB disconnect, device number 3
[  399.805503][  T530] usb 9-1: unable to get BOS descriptor or descriptor too short
[  399.819411][  T530] usb 9-1: config 1 has an invalid descriptor of length 10, skipping remainder of the config
[  399.829924][  T530] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 is Bulk; changing to Interrupt
[  399.839875][  T530] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  399.886248][T17340] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4274882444 (136796238208 ns) > initial count (11109752672 ns). Using initial count to start timer.
[  401.014654][T17387] rust_binder: Error while translating object.
[  401.014672][   T36] audit: type=1400 audit(33555784.887:10793): avc:  denied  { transfer } for  pid=17386 comm="syz.4.5817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  401.014705][T17387] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  401.040302][T17387] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:97
[  401.217343][T17398] 9pnet_fd: Insufficient options for proto=fd
[  401.221171][T17396] netlink: 'syz.4.5821': attribute type 39 has an invalid length.
[  401.260677][T17400] rust_binder: Write failure EINVAL in pid:110
[  401.379628][   T36] audit: type=1400 audit(33555785.224:10794): avc:  denied  { create } for  pid=17404 comm="syz.7.5824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  401.426185][T17411] can0: slcan on ptm0.
[  401.437719][   T36] audit: type=1400 audit(33555785.281:10795): avc:  denied  { read } for  pid=149 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  401.500832][   T36] audit: type=1400 audit(33555785.281:10796): avc:  denied  { search } for  pid=149 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  401.535259][T17410] can0 (unregistered): slcan off ptm0.
[  401.557901][   T36] audit: type=1400 audit(33555785.281:10797): avc:  denied  { read } for  pid=149 comm="dhcpcd" name="n17" dev="tmpfs" ino=6277 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  401.593388][   T36] audit: type=1400 audit(33555785.281:10798): avc:  denied  { open } for  pid=149 comm="dhcpcd" path="/run/udev/data/n17" dev="tmpfs" ino=6277 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  401.621509][   T36] audit: type=1400 audit(33555785.281:10799): avc:  denied  { getattr } for  pid=149 comm="dhcpcd" path="/run/udev/data/n17" dev="tmpfs" ino=6277 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  401.906246][T17470] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5840'.
[  402.325042][T17501] overlayfs: failed to clone upperpath
[  402.494187][T17517] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5856'.
[  402.515577][T17520] rust_binder: Got transaction with invalid offset.
[  402.515626][T17520] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  402.532775][T17520] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:124
[  402.602841][  T530] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  402.652034][  T530] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.690244][  T530] usb 9-1: can't set config #1, error -71
[  402.716868][  T530] usb 9-1: USB disconnect, device number 17
[  402.723195][T17544] rust_binder: Failed copying remainder into alloc: EFAULT
[  402.723224][T17544] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  402.739631][T17544] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  402.764448][T17544] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:130
[  403.040392][T17564] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5872'.
[  403.140276][  T605] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  403.300176][  T605] usb 5-1: Using ep0 maxpacket: 8
[  403.311877][  T605] usb 5-1: unable to get BOS descriptor or descriptor too short
[  403.321117][  T605] usb 5-1: config 4 has an invalid interface number: 147 but max is 0
[  403.329655][  T605] usb 5-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  403.338881][  T605] usb 5-1: config 4 has no interface number 0
[  403.350117][  T605] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  403.360217][  T605] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.368660][  T605] usb 5-1: Product: syz
[  403.373102][  T605] usb 5-1: Manufacturer: syz
[  403.378193][  T605] usb 5-1: SerialNumber: syz
[  403.604103][T17556] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5870'.
[  403.619320][  T605] usb 5-1: Found UVC 0.02 device syz (04f2:b746)
[  403.626247][  T605] usb 5-1: No valid video chain found.
[  403.635294][  T605] usb 5-1: USB disconnect, device number 4
[  403.786255][T17610] overlayfs: failed to clone lowerpath
[  403.793648][T17610] overlayfs: failed to clone lowerpath
[  404.167791][T17625] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  404.176220][T17625] rust_binder: Write failure EINVAL in pid:136
[  404.399453][T17638] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  404.456086][T17641] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=17641 comm=syz.4.5901
[  404.483354][T17642] rust_binder: 152: no such ref 1
[  404.488560][T17642] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152
[  404.488750][T17641] rust_binder: 152: no such ref 1
[  404.503460][T17641] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152
[  404.645250][   T36] kauditd_printk_skb: 20 callbacks suppressed
[  404.645374][   T36] audit: type=1400 audit(33555788.302:10820): avc:  denied  { shutdown } for  pid=17655 comm="syz.7.5908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  404.797296][T17664] netlink: 'syz.1.5911': attribute type 27 has an invalid length.
[  404.865834][T17670] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  404.866368][T17670] rust_binder: Error in use_page_slow: ESRCH
[  404.874285][T17664] sit0: left promiscuous mode
[  404.896062][T17670] rust_binder: use_range failure ESRCH
[  404.896095][T17670] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  404.928255][T17670] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  404.939506][T17664] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.952354][T17670] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:160
[  405.145317][T17692] netlink: 'syz.1.5917': attribute type 12 has an invalid length.
[  405.196744][   T36] audit: type=1326 audit(33555788.808:10821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17695 comm="syz.4.5919" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c9b38efc9 code=0x0
[  405.287413][T17694] kvm: pic: non byte read
[  405.292277][T17694] kvm: pic: level sensitive irq not supported
[  405.292333][T17694] kvm: pic: non byte read
[  405.337889][T17694] kvm: pic: level sensitive irq not supported
[  405.337948][T17694] kvm: pic: non byte read
[  405.349429][T17694] kvm: pic: level sensitive irq not supported
[  405.349502][T17694] kvm: pic: non byte read
[  405.371425][T17694] kvm: pic: level sensitive irq not supported
[  405.371503][T17694] kvm: pic: non byte read
[  405.384268][T17694] kvm: pic: level sensitive irq not supported
[  405.384334][T17694] kvm: pic: non byte read
[  405.406303][T17694] kvm: pic: level sensitive irq not supported
[  405.406371][T17694] kvm: pic: non byte read
[  405.418604][T17694] kvm: pic: level sensitive irq not supported
[  405.418668][T17694] kvm: pic: non byte read
[  405.449284][T17694] kvm: pic: level sensitive irq not supported
[  405.449350][T17694] kvm: pic: non byte read
[  405.499569][   T36] audit: type=1400 audit(33555789.099:10822): avc:  denied  { mounton } for  pid=17712 comm="syz.1.5923" path="/" dev="configfs" ino=184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  405.499631][T17713] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  405.522038][T17714] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  405.677256][T17714] 
@0�: renamed from bond_slave_1
[  405.800279][   T36] audit: type=1400 audit(33555789.381:10823): avc:  denied  { read } for  pid=17727 comm="syz.8.5928" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  405.825365][   T36] audit: type=1400 audit(33555789.381:10824): avc:  denied  { open } for  pid=17727 comm="syz.8.5928" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  405.881376][   T36] audit: type=1326 audit(33555789.456:10825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17729 comm="syz.8.5929" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0ba98efc9 code=0x0
[  406.433835][ T1068] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  406.572404][ T1068] usb 5-1: device descriptor read/64, error -71
[  406.828203][ T1068] usb 5-1: device descriptor read/64, error -71
[  407.084031][ T1068] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  407.121315][T17747] netlink: 'syz.8.5934': attribute type 3 has an invalid length.
[  407.196158][ T3199] bridge_slave_1: left allmulticast mode
[  407.202239][ T3199] bridge_slave_1: left promiscuous mode
[  407.208520][ T3199] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.216735][ T3199] bridge_slave_0: left allmulticast mode
[  407.222691][ T3199] bridge_slave_0: left promiscuous mode
[  407.222690][ T1068] usb 5-1: device descriptor read/64, error -71
[  407.236777][ T3199] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.370929][T17751] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.378114][T17751] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.385752][T17751] bridge_slave_0: entered allmulticast mode
[  407.392108][T17751] bridge_slave_0: entered promiscuous mode
[  407.398640][ T3199] tipc: Left network mode
[  407.398950][T17751] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.410201][T17751] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.417617][T17751] bridge_slave_1: entered allmulticast mode
[  407.424113][T17751] bridge_slave_1: entered promiscuous mode
[  407.431300][ T3199] veth1_macvtap: left promiscuous mode
[  407.438039][ T3199] veth0_vlan: left promiscuous mode
[  407.478404][ T1068] usb 5-1: device descriptor read/64, error -71
[  407.551307][T17751] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.558726][T17751] bridge0: port 2(bridge_slave_1) entered forwarding state
[  407.566332][T17751] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.573394][T17751] bridge0: port 1(bridge_slave_0) entered forwarding state
[  407.595701][ T1068] usb usb5-port1: attempt power cycle
[  407.602779][ T3237] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.611012][ T3237] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.621086][ T3211] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.628289][ T3211] bridge0: port 1(bridge_slave_0) entered forwarding state
[  407.638119][ T3211] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.645249][ T3211] bridge0: port 2(bridge_slave_1) entered forwarding state
[  407.674248][T17751] veth0_vlan: entered promiscuous mode
[  407.687590][T17751] veth1_macvtap: entered promiscuous mode
[  407.968730][ T1068] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  407.979404][T17685] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  407.991106][ T1068] usb 5-1: device descriptor read/8, error -71
[  408.129866][ T1068] usb 5-1: device descriptor read/8, error -71
[  408.139487][T17685] usb 9-1: Using ep0 maxpacket: 32
[  408.146950][T17685] usb 9-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config
[  408.157841][T17685] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  408.169182][T17685] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  408.178732][T17685] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.187580][T17685] usb 9-1: Product: 拮セɞ㈇獦伄섺⅀夹ﮮꩮ嗢쐉잀䮹蔺ᖹ뼥幽쀬㉑蟽銾䤴䰡֢祵꘰«膨䟣绘愺鳭瑧㧷货陌ꄓ쀱랪޸逰ﻉ᷷먧䪒綑㉌紓ꅹ⽊袇姃䰣穠䴫햜⒆꘷脊泽逫Ɐ빨恾隦八仰ዪ煭펠ᾄE道殌蟋哾븋풖컄鲉翫誐뢁橇衔䬋㒎愉呼䡉⡝卷챸㊽峂➤
[  408.193002][T17765] sit0: entered promiscuous mode
[  408.221102][T17685] usb 9-1: Manufacturer: 鈍ᡑ럦ヲ嬂燀ᚈ溒䜉骧쨨ƺ喷ࠄꩂ䠰᪋根ٵꖙ⋲ﻚ떲覂趍뷋ￌ℩㎙漀䡗攷䜫ṍ⭵떛瑓쫍鿨轸滨캒ꉐ渙㞉砞晅ং䥜薊槹끔᰾鞫
[  408.226703][T17765] netlink: 'syz.7.5937': attribute type 1 has an invalid length.
[  408.253784][T17685] usb 9-1: SerialNumber: 、
[  408.254286][T17765] netlink: 1 bytes leftover after parsing attributes in process `syz.7.5937'.
[  408.384366][ T1068] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  408.407040][ T1068] usb 5-1: device descriptor read/8, error -71
[  408.545837][ T1068] usb 5-1: device descriptor read/8, error -71
[  408.661595][ T1068] usb usb5-port1: unable to enumerate USB device
[  408.687950][T17685] usb 9-1: 0:2 : does not exist
[  409.290397][T17763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  409.300000][T17763] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.651777][   T36] audit: type=1400 audit(33555793.931:10826): avc:  denied  { unmount } for  pid=17071 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  410.682929][   T36] audit: type=1326 audit(33555793.959:10827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.706737][   T36] audit: type=1326 audit(33555793.959:10828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.730276][   T36] audit: type=1326 audit(33555793.959:10829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.754185][   T36] audit: type=1326 audit(33555793.959:10830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.777778][   T36] audit: type=1326 audit(33555793.959:10831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.801253][   T36] audit: type=1326 audit(33555793.959:10832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.824612][   T36] audit: type=1326 audit(33555793.959:10833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.848133][   T36] audit: type=1326 audit(33555793.959:10834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.871637][   T36] audit: type=1326 audit(33555793.959:10835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17895 comm="syz.4.5980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9b38efc9 code=0x50000
[  410.936355][ T1068] usb 9-1: USB disconnect, device number 18
[  411.024723][T17906] 9pnet_fd: Insufficient options for proto=fd
[  411.432744][ T1068] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  411.604967][ T1068] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  411.618306][ T1068] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  411.646149][ T1068] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  411.655367][ T1068] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  411.668423][ T1068] usb 9-1: SerialNumber: syz
[  411.889987][T17914] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.890086][T17914] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  411.902193][ T1068] usb 9-1: 0:2 : does not exist
[  411.933520][T17958] netlink: 92 bytes leftover after parsing attributes in process `syz.7.6001'.
[  411.944983][ T1068] usb 9-1: USB disconnect, device number 19
[  412.296221][T17972] netlink: 'syz.1.6006': attribute type 27 has an invalid length.
[  412.563109][T17992] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6013'.
[  412.587891][T17992] netlink: 92 bytes leftover after parsing attributes in process `syz.7.6013'.
[  412.597517][T17992] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6013'.
[  412.615880][T17992] netlink: 20 bytes leftover after parsing attributes in process `syz.7.6013'.
[  412.754883][T18000] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:33
[  413.662024][T18021] rust_binder: Fixups oob 178 180 369 186
[  413.671632][T18021] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EINVAL }
[  413.677427][T18021] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  413.692408][T18021] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:39
[  414.926251][T18071] rust_binder: Error while translating object.
[  414.935447][T18071] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  414.941951][T18071] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:230
[  415.051097][T18081] rust_binder: inc_ref_done called when no active inc_refs
[  415.135855][T18086] rust_binder: Write failure EINVAL in pid:240
[  415.149959][T18086] netlink: 'syz.4.6050': attribute type 5 has an invalid length.
[  415.164387][T18086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6050'.
[  415.204439][T18093] netlink: 'syz.8.6052': attribute type 1 has an invalid length.
[  415.213808][T18093] binder: Unknown parameter 'defcontext01777777777777777777777'
[  415.246955][T18101] rust_binder: 64: no such ref 1
[  415.253467][T18089] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6051'.
[  415.325306][T18106] netlink: 96 bytes leftover after parsing attributes in process `syz.8.6055'.
[  415.452016][T18114] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:72
[  415.512274][T18116] can: request_module (can-proto-6) failed.
[  415.528053][T18116] 9pnet: Could not find request transport: xen
[  415.621799][   T37] INFO: task syz.2.4081:12269 blocked for more than 122 seconds.
[  415.629855][   T37]       Not tainted syzkaller #0
[  415.634971][   T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  415.643722][   T37] task:syz.2.4081      state:D stack:0     pid:12269 tgid:12269 ppid:11059  flags:0x00004006
[  415.653980][   T37] Call Trace:
[  415.657376][   T37]  <TASK>
[  415.660414][   T37]  __schedule+0x1322/0x1df0
[  415.664983][   T37]  ? __sched_text_start+0x10/0x10
[  415.670052][   T37]  ? _raw_spin_lock_irqsave+0xaf/0x150
[  415.675654][   T37]  ? _raw_spin_unlock+0x45/0x60
[  415.680538][   T37]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  415.686509][   T37]  schedule+0xc6/0x240
[  415.690618][   T37]  __fuse_simple_request+0xdb1/0x1980
[  415.696019][   T37]  ? __cfi___fuse_simple_request+0x10/0x10
[  415.702008][   T37]  ? __cfi_autoremove_wake_function+0x10/0x10
[  415.708132][   T37]  ? __kasan_check_write+0x18/0x20
[  415.713288][   T37]  ? _raw_spin_lock+0x8c/0x120
[  415.718088][   T37]  ? __cfi__raw_spin_lock+0x10/0x10
[  415.723420][   T37]  ? __cfi_autoremove_wake_function+0x10/0x10
[  415.729607][   T37]  ? fuse_lock_owner_id+0x154/0x190
[  415.735357][   T37]  fuse_flush+0x909/0x1d50
[  415.739824][   T37]  ? arch_stack_walk+0x10b/0x170
[  415.744864][   T37]  ? __cfi_fuse_flush+0x10/0x10
[  415.749855][   T37]  ? stack_trace_save+0x9d/0xe0
[  415.754901][   T37]  ? stack_depot_save_flags+0x38/0x800
[  415.760414][   T37]  ? x64_sys_call+0x1686/0x2ee0
[  415.765297][   T37]  ? do_syscall_64+0x58/0xf0
[  415.769927][   T37]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  415.776090][   T37]  ? __kasan_check_write+0x18/0x20
[  415.781507][   T37]  ? task_work_add+0x258/0x3f0
[  415.786386][   T37]  ? __cfi_task_work_add+0x10/0x10
[  415.791524][   T37]  ? __kasan_check_write+0x18/0x20
[  415.796961][   T37]  ? _raw_spin_lock+0x8c/0x120
[  415.801757][   T37]  ? __cfi__raw_spin_lock+0x10/0x10
[  415.807132][   T37]  ? __cfi_fuse_flush+0x10/0x10
[  415.812113][   T37]  filp_close+0xc0/0x160
[  415.816522][   T37]  __close_range+0x50e/0x6c0
[  415.821232][   T37]  ? __cfi___close_range+0x10/0x10
[  415.826541][   T37]  ? __kasan_check_write+0x18/0x20
[  415.831790][   T37]  ? fpregs_restore_userregs+0x11d/0x260
[  415.837653][   T37]  __x64_sys_close_range+0x7e/0x90
[  415.842877][   T37]  x64_sys_call+0x1686/0x2ee0
[  415.847603][   T37]  do_syscall_64+0x58/0xf0
[  415.852100][   T37]  ? clear_bhb_loop+0x50/0xa0
[  415.856829][   T37]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  415.862758][   T37] RIP: 0033:0x7fd344b8efc9
[  415.867244][   T37] RSP: 002b:00007ffeca933988 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  415.875681][   T37] RAX: ffffffffffffffda RBX: 00007fd344de7da0 RCX: 00007fd344b8efc9
[  415.883790][   T37] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  415.891889][   T37] RBP: 00007fd344de7da0 R08: 000000000000013c R09: 00000010ca933c7f
[  415.900009][   T37] R10: 00007fd344de7cb0 R11: 0000000000000246 R12: 000000000003f57f
[  415.908090][   T37] R13: 00007fd344de6090 R14: ffffffffffffffff R15: 00007ffeca933aa0
[  415.916101][   T37]  </TASK>
[  415.928408][   T37] NMI backtrace for cpu 0
[  415.928426][   T37] CPU: 0 UID: 0 PID: 37 Comm: khungtaskd Not tainted syzkaller #0 ab9e215a8d79cd87c3adea34e0b2794648952c95
[  415.928455][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  415.928469][   T37] Call Trace:
[  415.928477][   T37]  <TASK>
[  415.928487][   T37]  __dump_stack+0x21/0x30
[  415.928522][   T37]  dump_stack_lvl+0x10c/0x190
[  415.928553][   T37]  ? __cfi_dump_stack_lvl+0x10/0x10
[  415.928585][   T37]  dump_stack+0x19/0x20
[  415.928613][   T37]  nmi_cpu_backtrace+0x2bf/0x2d0
[  415.928641][   T37]  ? rcu_read_unlock_special+0xab/0x410
[  415.928669][   T37]  ? __cfi_nmi_cpu_backtrace+0x10/0x10
[  415.928697][   T37]  ? sched_show_task+0x379/0x560
[  415.928726][   T37]  ? __rcu_read_unlock+0xc0/0xc0
[  415.928753][   T37]  ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10
[  415.928790][   T37]  ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10
[  415.928818][   T37]  nmi_trigger_cpumask_backtrace+0x142/0x2c0
[  415.928848][   T37]  arch_trigger_cpumask_backtrace+0x14/0x20
[  415.928878][   T37]  watchdog+0xd8f/0xed0
[  415.928909][   T37]  ? __cfi_watchdog+0x10/0x10
[  415.928940][   T37]  ? __kasan_check_read+0x15/0x20
[  415.928976][   T37]  ? __kthread_parkme+0x138/0x180
[  415.928999][   T37]  ? schedule+0xc6/0x240
[  415.929029][   T37]  kthread+0x2ca/0x370
[  415.929052][   T37]  ? __cfi_watchdog+0x10/0x10
[  415.929081][   T37]  ? __cfi_kthread+0x10/0x10
[  415.929104][   T37]  ret_from_fork+0x67/0xa0
[  415.929135][   T37]  ? __cfi_kthread+0x10/0x10
[  415.929158][   T37]  ret_from_fork_asm+0x1a/0x30
[  415.929193][   T37]  </TASK>
[  415.929202][   T37] Sending NMI from CPU 0 to CPUs 1:
[  416.091099][    C1] NMI backtrace for cpu 1
[  416.091117][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 ab9e215a8d79cd87c3adea34e0b2794648952c95
[  416.091140][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  416.091156][    C1] RIP: 0010:tick_nohz_idle_stop_tick+0x562/0x9f0
[  416.091184][    C1] Code: 4c 89 2b 4c 89 ef be 01 00 00 00 e8 f8 eb ff ff eb 18 e8 31 5c 0c 00 49 8d 7e 18 4c 89 ee 31 d2 b9 0a 00 00 00 e8 2e 02 fc ff <49> 8d be b8 00 00 00 48 89 f8 48 c1 e8 03 42 80 3c 38 00 74 05 e8
[  416.091200][    C1] RSP: 0018:ffffc900001a7d40 EFLAGS: 00000093
[  416.091216][    C1] RAX: ffffffff8179a139 RBX: 7fffffffffffffff RCX: ffff888103668000
[  416.091231][    C1] RDX: 0000000000000000 RSI: 7fffffffffffffff RDI: 7fffffffffffffff
[  416.091243][    C1] RBP: ffffc900001a7e30 R08: 0000000000000003 R09: 0000000000000004
[  416.091255][    C1] R10: dffffc0000000000 R11: fffff52000034f60 R12: 1ffff1103ede5a9e
[  416.091269][    C1] R13: 7fffffffffffffff R14: ffff8881f6f2d4f0 R15: dffffc0000000000
[  416.091282][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  416.091297][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  416.091310][    C1] CR2: 00007f2c9c1f8990 CR3: 000000013fc80000 CR4: 00000000003526b0
[  416.091325][    C1] Call Trace:
[  416.091332][    C1]  <TASK>
[  416.091343][    C1]  ? __cfi_tick_nohz_idle_stop_tick+0x10/0x10
[  416.091364][    C1]  ? check_tsc_unstable+0xd/0x20
[  416.091386][    C1]  ? tsc_verify_tsc_adjust+0x20b/0x2e0
[  416.091410][    C1]  ? arch_cpu_idle_enter+0xd/0x20
[  416.091435][    C1]  do_idle+0x19b/0x470
[  416.091453][    C1]  ? idle_inject_timer_fn+0x80/0x80
[  416.091472][    C1]  cpu_startup_entry+0x48/0x70
[  416.091491][    C1]  start_secondary+0x12e/0x140
[  416.091512][    C1]  common_startup_64+0x13b/0x157
[  416.091538][    C1]  </TASK>