last executing test programs:

8m8.174882098s ago: executing program 32 (id=115):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) (async)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x27) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
setsockopt$inet_udp_encap(r4, 0x11, 0x64, &(0x7f0000000100)=0x4, 0x4) (async)
close(r4)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003940)=ANY=[@ANYBLOB="20000000110001000000000002969a0ca400000007"], 0x20}}, 0x0) (async)
ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110c23003f) (async)
write$cgroup_devices(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="80fd", @ANYRES64=r4], 0xa)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) (async)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (async)
ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m15.838365929s ago: executing program 33 (id=1137):
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2, &(0x7f00000001c0)=0x107, 0x4)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c)
mount(&(0x7f00000000c0)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='proc\x00', 0x200000, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0)
splice(r2, 0x0, r1, 0x0, 0x406f413, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x161142, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x2043, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0xc00, 0x0)
ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000cc0)={'syz0\x00', {}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7e2d, 0x0, 0x0, 0x80, 0x40, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x3f9, 0x100, 0x0, 0x4, 0x0, 0x1, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x100000, 0xffffffff, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0xffffffff, 0x0, 0xffffffff, 0x0, 0x400, 0x0, 0x0, 0x0, 0x4, 0x1, 0xfffffffd, 0x8000, 0x6], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x8, 0x2007f, 0x0, 0x0, 0x6, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x400, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x2000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x6fff, 0x71, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x9, 0x0, 0x0, 0x0, 0xa6e1, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x6, 0x0, 0x3ff, 0x0, 0x9b0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0xd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x4, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10000001, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1000, 0x10000, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd, 0x400, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4]}, 0x45c)
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000180)=0x1, 0x4)
close_range(r3, 0xffffffffffffffff, 0x0)

5m21.461455408s ago: executing program 34 (id=2526):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x167342, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000080)={@mcast1, @local, 0x20, 0xe}})
r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f0000000140)={&(0x7f0000000180), 0x0, 0xffa2})
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00')
r3 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x0, 0x0, 0x220, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='io\x00')
read$FUSE(r5, &(0x7f0000000980)={0x2020}, 0x160e)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r6, 0x0, 0x33, &(0x7f0000000040)=0x7fffffff, 0x4)
sendmsg$netlink(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)=ANY=[@ANYRES64=r2], 0x1c}], 0x1, 0x0, 0x0, 0x8004}, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000001400)=""/4096, 0xfffffcd9}, {0x0, 0x2000}], 0x2)

4m52.947780262s ago: executing program 35 (id=2709):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @none, 0x4, 0x1}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0)
openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)

4m34.138320611s ago: executing program 3 (id=2890):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x0)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402500a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f01009f1b00000001000006241a00000a0905810300020007000904010000020d00000904010102020d0000090582170002000000090503"], 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000780)={0x44, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x20, 0x80, 0x1c, {0x3, 0x7, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1000, 0x5, 0x81, 0x4, 0x1}}, 0x0, 0x0, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x20083, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x5)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0xd0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000000000000000004000000000060000000000000001000040"])
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000280)={0x1, &(0x7f0000000100)=[{0x6, 0xfc, 0x0, 0x7fff0000}]})
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r7, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
r8 = getpid()
r9 = syz_pidfd_open(r8, 0x0)
r10 = epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r11=>0xffffffffffffffff, <r12=>0xffffffffffffffff})
sendmmsg$unix(r12, &(0x7f00000bd000), 0x318, 0x0)
r13 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r12, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r10, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r13, 0x1}], 0x1, 0x0, 0x0, 0x3)
close_range(r9, r11, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)

4m31.002515799s ago: executing program 3 (id=2900):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="3801000210000100fdfafffffddbdf25e0000002000000000000000000000000ac1414aa000000000000000000000000ffff0000000000000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc010000000000000000000000000001000000006c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000df0b000000000000ffffff7f030000000b00000027bd7000fc3f00000a0000004400000000000000480003006c"], 0x138}}, 0x0)
write(r0, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000940)={0x44, 0x0, &(0x7f00000002c0)=[@increfs={0x40046304, 0x3}, @decrefs={0x40046307, 0x1}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/202, 0x0, 0x2, 0xf}, @fda={0x66646185, 0x3, 0x0, 0x25}, @fd}}}], 0x0, 0x0, 0x0})

4m30.957492289s ago: executing program 3 (id=2902):
syz_usb_connect$rtl8150(0x5, 0x3f, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2c}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000040)=[{0x0}], 0x1, 0x2003, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0900000000000000000005000000180001801400220073797a5f"], 0x2c}}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000340)=ANY=[@ANYBLOB="010000000000000001"])
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000500)={0xe, 0x4, 0x2})
r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x240, 0x108, 0x37}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r4, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSBRK(r5, 0x5409, 0xfd)
syz_open_procfs(0x0, 0x0)
clock_gettime(0x766293fdc5a3d1bd, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x20000081, 0xffffffff})
r6 = syz_clone3(&(0x7f0000000440)={0x20000, &(0x7f0000000100), &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0, {0xa}, &(0x7f0000000380)=""/138, 0x8a, &(0x7f0000000540)=""/224, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0], 0x5, {r3}}, 0x58)
syz_clone3(&(0x7f0000000640)={0x160006000, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r7, r6, r8], 0x3, {r4}}, 0x58)

4m29.655632197s ago: executing program 3 (id=2908):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x3930c3, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000000280)='./file0/file0\x00', 0x0)
pipe(&(0x7f0000000d00)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f00000002c0)=@req3={0x6, 0x8001, 0xc, 0x4, 0x800007, 0x7, 0xd}, 0x1c)
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r7, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0)
r8 = socket(0x80000000000000a, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000040)={@private2, 0x60})
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
splice(r2, 0x0, r3, 0x0, 0x714f, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan0\x00'})
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x3f5f41, 0x84)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x14, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10"})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)

4m29.11920536s ago: executing program 4 (id=2911):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff})
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x8, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x17ef, 0x6009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x1f, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x406, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x9, 0x8, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x9, 0x9, 0x9}}]}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
sendfile(r1, r2, 0x0, 0x2af)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xdc, 0x0, &(0x7f0000000180)="86c9b57fd929ca3eeb09e508008952bcc01578265c373361a2ebb0352507e11668c8e70087eb3ae01adbc5ccc46e19825bcfa71dbe287d87336f79327e8ac98803a401f6e6c4b23f91a2f7c5f62460ed79ea36dd561ef4206bf5669195baaff9c2cdf21305d6e61948e86f462980283df1b6e8b516c906380a7c0fe0e3703f50210e87e0df657f6cde285540ce480068d17b311a2e06102d3e9cb96ebcda917c0a405630e7e0803238b1312b9ca5ed3d1000150afad20c139e97347e79a52353b94427db23196f9d125199d1e09739152e3283ccc779309d33c1ee6a"})

4m28.796411602s ago: executing program 3 (id=2912):
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/fscreate\x00', 0x2, 0x0)
fstatfs(r0, &(0x7f0000000300)=""/219)
mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000001500)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000180)=""/160, 0xa0, 0x1, &(0x7f0000000500)=""/4096, 0x1000}, &(0x7f0000001540)=0x40)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats'])
r2 = dup(0xffffffffffffffff)
sendmsg$OSF_MSG_REMOVE(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="6802000001050103000000000000000005000008540201000100000002000000060101009a911e0073797a30000000000000000000000000000000000000000000000000000000004dbd788d28c8d7ed28b6d9a74f8a58d7a2d9312b3a81839426a1fed3d3c14bff8ce6d1676bac948fcf95e07934828007ab6c75b1c62d06daa946f77b3ecd43a50900ff7f000000000400000062026c1002000000f9ffffff0080800001000000ffff00000300050000000000d00b000006000c0003000000000800000600750203000000000000000500030000000000090000004b0b0700010000000600000007008d740000000091ffffff7a08020002000000070000000800fbff00000000fffffffffaff03000300000007000000fdff080001000000f85100000c00020002000000945900000500080001000000060000000400020003000000b108000002000a00010000008a0500000500070002000000080000000101050002000000c60000000002050000000000000001000800c600030000000200000001040800020000000100010001f0030002000000390f0000020004000000000045eff1120100f5000100000001000000ecce020001000000fdffffff0500008000000000030000000f000700000000000400000008000900000000000ac500000400e00603000000040000002901008002000000050000000800010003000000020000006107060003000000b89ad83e0600430003000000060000000c00030003000000080000000900050002000000010000002f71080002000000030000000010000003000000010000000400070001000000d20000000500030002000000e082bb7d"], 0x268}, 0x1, 0x0, 0x0, 0x800}, 0x40000)

4m28.603388142s ago: executing program 3 (id=2913):
prctl$PR_GET_TAGGED_ADDR_CTRL(0x38)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x94, 0x0, 0x0, 0xffffff81}, {0x6}]}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e21, 0x2, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x98}, 0x1c)
bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000d00), 0x2, 0x0)
listen(r2, 0x200204)
r3 = socket$netlink(0x10, 0x3, 0x4)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000012380)="580000001500add427323b470c47b45602067fffffff81004e220700000000000000a8002000eaa57b00090080020efffeffe809020000ff0004f03a007357ac8ddc1fdd00000000000004ffffffe7ee0000000044c60000", 0x58}], 0x1)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, 0x0) (async)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, 0x0)

4m28.600247033s ago: executing program 36 (id=2913):
prctl$PR_GET_TAGGED_ADDR_CTRL(0x38)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x94, 0x0, 0x0, 0xffffff81}, {0x6}]}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e21, 0x2, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x98}, 0x1c)
bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000d00), 0x2, 0x0)
listen(r2, 0x200204)
r3 = socket$netlink(0x10, 0x3, 0x4)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000012380)="580000001500add427323b470c47b45602067fffffff81004e220700000000000000a8002000eaa57b00090080020efffeffe809020000ff0004f03a007357ac8ddc1fdd00000000000004ffffffe7ee0000000044c60000", 0x58}], 0x1)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, 0x0) (async)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, 0x0)

4m26.082185367s ago: executing program 4 (id=2939):
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000001ec0)='./binderfs/binder-control\x00', 0x0, 0x0)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, 0x0)
fgetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='trusted.overlay.opaque\x00', &(0x7f0000000040)=""/3, 0x3)

4m26.055502647s ago: executing program 4 (id=2940):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0xc82b15d6e26c0a83, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x11a6}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x60a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x20004010)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x420000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000200)={0x240, r4, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6b8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x43}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffc}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2bde}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfff}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3a}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA={0x14, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MEDIA={0x100, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1c75}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa0e9}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x32a0}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10}]}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfb7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc0000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}]}, 0x240}, 0x1, 0x0, 0x0, 0x8000004}, 0x24000004)
r5 = eventfd2(0x8c, 0x80000)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000004c0)={0xfffffffffffffff7, 0x8000000, 0x0, r5, 0x5})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000500))
r7 = ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000540)={0x0, 0x1, [{0xffffffffffffffff, 0x0, 0x10000, 0x2000}]})
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000580)={0x0, 0x1000}, 0x4)
ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f00000005c0)=0x1)
r8 = syz_open_dev$mouse(&(0x7f0000000600), 0xffff, 0x400001)
ioctl$KVM_REINJECT_CONTROL(r8, 0xae71, &(0x7f0000000640)={0x6e})
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r6, 0xc008aec1, &(0x7f0000000680)={0x2, 0x0, [{0xd, 0x9, 0x5, 0x7, 0x7, 0x4, 0x31}, {0xc0000000, 0x8, 0x0, 0x8, 0x9, 0x7, 0x2}]})
ioctl$FS_IOC_GETFLAGS(r6, 0x80086601, &(0x7f0000000700))
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r8, 0x4008af23, &(0x7f0000000740)={0x2, 0x400})
openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x20100, 0x0)
sendmsg$NL80211_CMD_DEL_PMK(r8, &(0x7f0000000840)={0xfffffffffffffffe, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4, 0x76}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc0}, 0x40000)
r9 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r9, 0xf507, 0x0)
ioctl$VHOST_GET_VRING_BASE(r9, 0xc008af12, &(0x7f00000008c0))
ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r8, 0x4068aea3, &(0x7f0000000900))
r10 = syz_open_pts(r8, 0x80)
ioctl$KDDELIO(r10, 0x4b35, 0xfffffffffffffff8)
r11 = syz_genetlink_get_family_id$ipvs(&(0x7f00000009c0), r8)
sendmsg$IPVS_CMD_GET_DAEMON(r5, &(0x7f0000000b80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000b40)={&(0x7f0000000a00)={0x118, r11, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x40}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xa35}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x31}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40000000}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3ff}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x10}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x40}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xc80}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x20040000}, 0x800)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r3, 0x4008941a, &(0x7f0000000bc0))

4m26.039069887s ago: executing program 4 (id=2941):
r0 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x40902, 0x0)
mmap(&(0x7f0000a21000/0x2000)=nil, 0x2000, 0x1000000, 0x80010, r0, 0xfe221000)
r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
write$binfmt_misc(r2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000001c0)='./file0\x00')
openat$dir(0xffffffffffffff9c, 0x0, 0x458002, 0xd2)
close(r2)
execveat$binfmt(0xffffffffffffff9c, r1, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f0000357000/0x3000)=nil, 0x3000, 0x2000, 0x7, &(0x7f0000000000/0x2000)=nil)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4000)
fallocate(r3, 0x10, 0x7fffffffffffffff, 0x1000)
r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100), 0x490000, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x7, &(0x7f0000000000)={0x1, 0x2, 0x200000000, 0xac})
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001100)='fdinfo/4\x00')
pread64(r7, &(0x7f0000002140)=""/17, 0x11, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000003900)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000003940)=ANY=[], 0x37e0}, 0x1, 0x0, 0x0, 0x881}, 0x20000005)
ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0x5)
mmap(&(0x7f0000018000/0x2000)=nil, 0x2000, 0xa8ca3411d3c26009, 0x13, r4, 0x22e7c000)

4m25.979383848s ago: executing program 4 (id=2942):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3}}, 0x80001}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000003c0)=@gcm_256={{0x304}, "b54b55c9b691706d", "b5421a989404d5c952ba74f879bed1a5bfadabb985e5681803932ccc7beb0f83", "cba83b41", "ef3c6c588e3360e2"}, 0x38)
sendfile(r0, r1, &(0x7f0000000100)=0x2, 0x6)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x200e0359)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f0000000040)=ANY=[@ANYBLOB="0000bf82dd390690848c2d471d2724138e432b4a22f69327"], 0x8)
recvfrom(r2, &(0x7f0000000080)=""/102, 0x66, 0x4001a001, 0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext'])

4m25.945323838s ago: executing program 4 (id=2945):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x34, &(0x7f0000f59ffc)=0x4, 0x4) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00') (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f00000000c0)='/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda')
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write(r1, &(0x7f00000002c0)="54e71d8b0b0c651037af93065b7df1d8cd6e047bba6036a9527a86a4ec5a1fee22da73a75b438ce872daa59d61574b43e25bfdb2accec7e01ca0ec558ea1f8561bce2cf9634d01", 0x47) (async)
openat$cgroup_subtree(r3, &(0x7f0000000200), 0x2, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7ffff000, 0xa) (async)
openat$cgroup_subtree(r3, &(0x7f00000001c0), 0x2, 0x0) (async)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000280)='/dev/ashmem\x00')

4m25.882371108s ago: executing program 37 (id=2945):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x34, &(0x7f0000f59ffc)=0x4, 0x4) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00') (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f00000000c0)='/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda')
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write(r1, &(0x7f00000002c0)="54e71d8b0b0c651037af93065b7df1d8cd6e047bba6036a9527a86a4ec5a1fee22da73a75b438ce872daa59d61574b43e25bfdb2accec7e01ca0ec558ea1f8561bce2cf9634d01", 0x47) (async)
openat$cgroup_subtree(r3, &(0x7f0000000200), 0x2, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7ffff000, 0xa) (async)
openat$cgroup_subtree(r3, &(0x7f00000001c0), 0x2, 0x0) (async)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000280)='/dev/ashmem\x00')

2m7.187019517s ago: executing program 9 (id=4668):
r0 = syz_clone3(&(0x7f0000000740)={0x40, &(0x7f0000000440), &(0x7f00000004c0), &(0x7f0000000540), {0xb}, &(0x7f0000000580)=""/75, 0x4b, &(0x7f0000000600)=""/217, &(0x7f0000000700)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
ptrace$getregset(0x4204, r0, 0x200, &(0x7f00000007c0)={&(0x7f00000018c0)=""/4096, 0x1000})
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x8f8c)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r4=>0x0})
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000002480)={@remote, r4}, 0x14)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0x5, &(0x7f0000000400)=0x6, 0x4)
ioctl$KVM_GET_MSRS_sys(r5, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0x48e, 0x0, 0x5}]})
r7 = accept$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r8=>0x0})
unshare(0x62040200)
r9 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_opts(r9, 0x0, 0x4, &(0x7f0000000080)="441f0803d938fd27fa00000005004ef564918000be0e1c2074ed27c1c6", 0x1d)
getsockopt$inet_opts(r9, 0x0, 0x4, 0x0, &(0x7f0000000280))
bind$packet(r7, &(0x7f00000001c0)={0x11, 0x19, r8, 0x1, 0x6, 0x6, @random="7b0127c560cc"}, 0x14)
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f00000002c0)={0x8000})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
r11 = creat(&(0x7f00000000c0)='./file0\x00', 0x10)
copy_file_range(r10, 0x0, r11, 0x0, 0x3, 0x0)

2m7.145037008s ago: executing program 9 (id=4669):
syz_io_uring_setup(0x4504, &(0x7f0000000240)={0x0, 0x0, 0x13290, 0x100002, 0xef}, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r0, 0x0, 0x40000000, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace(0x19, r1)
ptrace$ARCH_GET_GS(0x1e, r1, &(0x7f0000000080), 0x1004)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x3, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x40000100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x4c, 0x1d, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x200b, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
process_vm_writev(r1, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/133, 0x85}, {&(0x7f0000000980)=""/146, 0x92}, {&(0x7f0000000a40)=""/141, 0x8d}, {&(0x7f0000000180)=""/21, 0x15}, {&(0x7f0000000200)=""/33, 0x21}, {&(0x7f0000000b00)=""/221, 0xdd}, {&(0x7f0000000c00)=""/173, 0xad}], 0x7, &(0x7f00000008c0)=[{&(0x7f0000000cc0)=""/167, 0xa7}], 0x1, 0x0)
r4 = socket(0x10, 0x803, 0x0)
fsetxattr$security_selinux(r4, &(0x7f0000000100), &(0x7f00000001c0)='system_u:object_r:checkpolicy_exec_t:s0\x00', 0x28, 0x1)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
connect$tipc(r5, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x1, 0x1}}, 0x10)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x400001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @fd={0x66642a85, 0x0, r3}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

2m6.978007119s ago: executing program 9 (id=4670):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f00000002c0)='/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda') (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000000)=@generic={0x2, 0x1}) (async)
ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f00000000c0)=""/157)

2m6.927441629s ago: executing program 9 (id=4671):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
munlockall()
syz_clone(0x1204000, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0xffffc000)

2m6.804965919s ago: executing program 9 (id=4672):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x108, 0x453, 0x20, 0x70bd27, 0x25dfdbfc, "2eb90a7b8f4afe9447aa9051a01eed3108117c624af162b411c348dad411bf7760a225100f82a6606c431d3f096ec5fc5f674966e97a3b9b7be8562fc2368172d838d8d267e5a20a4932393c852e43f9695d124415a36102e30ca194111967af136107419fa37a286a7990fbdf7dd888f593ef8e089cabaeb3ddb22a2ed004a3a4667a255a1f82d474581c25b33a912522795940ea4895b9c6bda6346acb4a6e9ccf28da335eab5f18bdafc87ec76ddf5cadc20050b1d04669d0d6a4c0b57e60ed516df667c1830da2a7744c17a76ed4891132bdbe42a79cf3ee7a25e55a77c73b6e105bd4aad49295dc412814f1f82ba7e69c4a11", ["", "", ""]}, 0x108}, 0x1, 0x0, 0x0, 0x2000c885}, 0x80)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r1, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x68, r2, 0x20, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x5, @link='syz1\x00'}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000001)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x4c, 0xd, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r1)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000b40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000540)={0x5b4, r4, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfffff99f, 0x17}}}}, [@NL80211_ATTR_TX_RATES={0x178, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xeac2, 0x1, 0x6, 0xe, 0x5, 0x1000, 0x8, 0xfff]}}]}, @NL80211_BAND_6GHZ={0x40, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe, 0x3, 0x4, 0x0, 0x1, 0xb0, 0x7]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x1b, 0xb, 0x60, 0x6c, 0x13, 0x2, 0x36, 0x36, 0x16, 0x60]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x38, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xe, 0x1, [0x6, 0xc, 0x4, 0x60, 0x16, 0x9, 0x6, 0xc, 0xc, 0xc]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x32, 0x7, 0x1ee0, 0x2, 0xff, 0x12e, 0x1000]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_60GHZ={0x70, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2fb, 0x7, 0x9, 0x2, 0x10, 0x10, 0x6, 0x5]}}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x16, 0x1, 0x48, 0x12, 0x6c, 0x36, 0x16, 0x6c, 0x0, 0x6, 0x36, 0x0, 0x30, 0x24, 0x9, 0x4, 0x4, 0x12, 0x30, 0x3, 0x3, 0x60, 0xd]}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x2, 0x18, 0x30, 0x9, 0x12, 0x1b, 0x3, 0x5, 0x5, 0x1, 0x1b, 0x36, 0x18, 0x6c, 0x5, 0x30, 0x60, 0x18, 0x4, 0x16, 0x60, 0x36, 0x4, 0x16, 0x6, 0x12, 0x24, 0x1b, 0x36, 0x48, 0x5, 0xb]}]}, @NL80211_BAND_5GHZ={0x5c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x514f, 0x187f, 0x7, 0x9, 0x6, 0x1, 0xf]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x4, 0x7}, {0x0, 0x5}, {0x1, 0x4}, {0x3, 0xa}, {0x0, 0x9}, {0x4, 0x9}, {0x6}, {0x1, 0xa}, {0x3, 0x5}, {0x0, 0x2}, {0x2, 0x9}, {0x1, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x9, 0x6f, 0x7, 0xffff, 0x1e34, 0x0, 0x2]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_5GHZ={0x4}, @NL80211_BAND_60GHZ={0x14, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}]}, @NL80211_ATTR_TX_RATES={0xec, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x38, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x93, 0x4, 0xe3, 0xaff6, 0x5, 0x6f, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_6GHZ={0xb0, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x9, 0xff, 0x5, 0x1, 0x8, 0x9, 0x101]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x0, 0xfd, 0x45, 0xa73, 0x10, 0x869a, 0x8]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x45, 0x2, [{0x0, 0x3}, {0x6, 0x4}, {0x7, 0x9}, {0x0, 0x7}, {0x6, 0x8}, {0x7, 0x4}, {0x7, 0x6}, {0x3, 0xa}, {0x6, 0x2}, {0x4}, {0x5, 0x4}, {0x4, 0x7}, {0x4, 0x2}, {0x7, 0x8}, {0x5, 0x9}, {0x0, 0x5}, {0x6, 0x5}, {0x6, 0x9}, {0x7, 0x1}, {0x5, 0x5}, {0x0, 0x1}, {0x0, 0x2}, {0x0, 0x1}, {0x5, 0x7}, {0x7, 0x9}, {0x4, 0x1}, {0x0, 0x7}, {0x4, 0x3}, {0x1, 0x8}, {0x6, 0x9}, {0x1, 0x6}, {0x2, 0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x6, 0x8}, {0x3, 0x1}, {0x7, 0x6}, {0x5, 0x9}, {0x2, 0xa}, {0x2, 0x5}, {0x2, 0x6}, {0x4, 0x6}, {0x5, 0x4}, {0x7, 0x2}, {0x4, 0x9}, {0x0, 0x6}, {0x4, 0x6}, {0x4, 0xa}, {0x7, 0x3}, {0x3, 0x8}, {0x2, 0x8}, {0x6, 0x6}, {0x0, 0x2}, {0x2}, {0x0, 0xa}, {0x6, 0x2}, {0x1}, {0x1, 0x5}, {0x6}, {0x4, 0x3}, {0x5, 0x2}, {0x0, 0x6}, {0x6, 0x6}, {0x0, 0x7}, {0x0, 0x7}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x200, 0x6, 0x5, 0xc, 0x1, 0x1, 0x400, 0x6]}}, @NL80211_TXRATE_LEGACY={0x17, 0x1, [0x4, 0x16, 0x18, 0x6, 0xb, 0x36, 0xb, 0x5, 0x6, 0x18, 0x18, 0x1, 0x2, 0x6c, 0xb, 0x1520909b108e7513, 0x4, 0x60, 0x10]}]}]}, @NL80211_ATTR_TX_RATES={0x330, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_5GHZ={0x90, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0xb782, 0x400, 0xfffa, 0x0, 0x400, 0x4, 0x5cf8]}}, @NL80211_TXRATE_HT={0x26, 0x2, [{}, {0x4, 0x4}, {0x5, 0x7}, {0x3}, {0x7, 0x3}, {0x1, 0xa}, {0x6, 0x6}, {0x2, 0x4}, {0x6, 0x3}, {0x0, 0xa}, {0x4, 0x9}, {0x5, 0x7}, {0x4, 0x4}, {0x3, 0x3}, {}, {0x3, 0x2}, {0x1, 0x5}, {0x5, 0xa}, {0x4, 0x3}, {0x5, 0x5}, {0x3, 0x4}, {0x7, 0x5}, {0x1, 0x5}, {0x7, 0x4}, {0x1}, {0x6, 0x9}, {0x5, 0x9}, {0x4, 0x2}, {0x3, 0x7}, {0x4, 0x8}, {0x7, 0xa}, {0x0, 0x5}, {0x3, 0x5}, {0x6, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8ea, 0x1, 0x2, 0x6, 0x7, 0x9, 0xff, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x9e, 0xf1b, 0x2, 0x6, 0x36a0, 0x6, 0xb]}}]}, @NL80211_BAND_6GHZ={0xb0, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x4a3, 0x3b, 0x7cce, 0x6d1c, 0x4, 0x5, 0x5, 0xf]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x9, 0x3, 0xada, 0x0, 0x7f, 0x3, 0x9f9]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8001, 0x68, 0x7, 0x5, 0x9, 0xb3, 0x4, 0x3]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x4, 0xb, 0xd60d, 0x9, 0x3, 0x7, 0x4]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x1c, 0x2, [{0x0, 0x8}, {0x1, 0x9}, {0x1, 0x1}, {0x5, 0x8}, {0x2, 0x4}, {0x1, 0xa}, {0x6, 0x5}, {0x0, 0x7}, {0x4, 0x6}, {0x3, 0x4}, {0x4, 0x7}, {0x1, 0x6}, {0x0, 0x3}, {0x2, 0x5}, {0x3, 0x5}, {0x5, 0x1}, {0x0, 0x2}, {0x5, 0x8}, {0x5}, {0x0, 0x1}, {0x5, 0x9}, {0x1, 0x8}, {0x6, 0x5}, {0x2, 0xa}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x0, 0xe00, 0xb0, 0x1, 0x101, 0xd, 0x761]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x4, 0xb, 0xe4f, 0x4, 0x8, 0xffff, 0x81]}}]}, @NL80211_BAND_60GHZ={0x50, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x9]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x69f0, 0x680, 0x6, 0x7, 0x3, 0x9, 0xf, 0xfffe]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x36, 0x2, 0x36, 0x36, 0x18, 0x17]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x9, 0xbf61, 0xf265, 0x1, 0x4, 0xe, 0x2]}}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x33, 0x2, [{0x0, 0x6}, {0x5, 0x7}, {0x1, 0x4}, {0x7, 0x6}, {0x6, 0x3}, {0x7, 0x2}, {0x7, 0x2}, {0x5, 0x2}, {0x5, 0x6}, {0x1, 0xa}, {0x7, 0x8}, {0x2, 0xa}, {0x5, 0x4}, {0x5, 0x8}, {0x3, 0x8}, {0x5, 0x4}, {0x7, 0x1}, {0x6, 0x3}, {0x7, 0xa}, {0x3, 0xa}, {0x4, 0x3}, {0x4, 0x2}, {0x3, 0x6}, {0x3, 0x5}, {0x6, 0x6}, {0x0, 0x4}, {0x7, 0x4}, {0x5, 0x1}, {0x5, 0x9}, {0x1, 0x1}, {0x7, 0x1}, {0x5}, {0x5, 0x5}, {0x6, 0xa}, {0x4}, {0x0, 0x3}, {0x1, 0x3}, {0x0, 0x2}, {0x4, 0x3}, {0x3, 0x3}, {0x4, 0x8}, {0x0, 0x2}, {0x4, 0x3}, {0x7, 0x6}, {0x6, 0x1}, {0x1, 0x4}, {0x1, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xecb, 0xffff, 0x1, 0x7f, 0x0, 0x1fb8, 0x1, 0x81]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x6, 0x5, 0x7, 0x0, 0x81, 0x81, 0x80]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x12, 0x2, 0x6, 0x24, 0x1b, 0x9, 0x1b, 0xc, 0x4, 0x18, 0x1b, 0xb, 0x6425f4674f9b1d32, 0x30, 0x9, 0x36, 0x0, 0x18, 0x6c, 0x24]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0x24, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x10, 0x2, [{0x6, 0xa}, {0x6, 0x8}, {0x5}, {0x5, 0x6}, {0x1, 0x1}, {0x6, 0x2}, {0x4, 0x7}, {0x0, 0x3}, {0x6, 0x2}, {0x4, 0x1}, {0x4, 0x6}, {0x5, 0x1}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x6c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x746, 0x1, 0x9, 0x1, 0x8, 0x0, 0x1, 0x1ff]}}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0xb, 0x6, 0x12, 0x12, 0x5, 0x30, 0x3, 0x48, 0x26464531cb39a074]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe14, 0x3, 0x200, 0x7, 0x6, 0x8, 0x3, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xb, 0x6a, 0x16, 0x9, 0x24, 0x16, 0x1, 0x4, 0x1b, 0xdb7c857d4a4cb3a9, 0x9, 0x36, 0x1, 0x0, 0x16, 0x3, 0x9, 0x1, 0x30, 0xb, 0x24, 0x9, 0x1, 0x5, 0x62, 0x33, 0x1b]}]}, @NL80211_BAND_6GHZ={0x4c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x22, 0x2, [{0x3, 0x3}, {0x5}, {0x7, 0xa}, {0x0, 0x6}, {0x4, 0x7}, {0x1, 0x2}, {0x7, 0x3}, {0x4}, {0x1, 0x1}, {0x5, 0x8}, {0x0, 0x1}, {0x0, 0x8}, {0x4, 0xa}, {0x5, 0x2}, {0x0, 0x1}, {0x2, 0x4}, {0x3, 0x6}, {0x6}, {0x5, 0x3}, {0x4}, {0x1}, {0x0, 0x2}, {0x3, 0x6}, {0x6}, {0x0, 0x3}, {0x0, 0x4}, {0x0, 0x9}, {0x0, 0x4}, {0x1, 0x5}, {0x6}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x9b47, 0x9, 0xffff, 0x7, 0xffff, 0x3, 0xff]}}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_6GHZ={0x20, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0xff81, 0x80, 0xb, 0x8, 0x2, 0x3, 0x4]}}, @NL80211_TXRATE_HE_LTF={0x5}]}]}]}, 0x5b4}, 0x1, 0x0, 0x0, 0xc080}, 0x8004)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000b80), 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000bc0), 0x44a0c0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x7)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x24}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x34, 0x2, 0x3, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFQA_CFG_MASK={0x8}, @NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x23}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2b}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x90)
sendmsg$NL80211_CMD_JOIN_OCB(r6, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x58, r4, 0x800, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6fa6, 0x7}}}}, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x15}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1d}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x8080}, 0x4000000)
r7 = signalfd(0xffffffffffffffff, &(0x7f0000000e40)={[0x1]}, 0x8)
ioctl$ASHMEM_PURGE_ALL_CACHES(r7, 0x770a, 0x0)
read$FUSE(r5, &(0x7f0000000e80)={0x2020, 0x0, <r8=>0x0, <r9=>0x0}, 0x2020)
getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000002ec0)={{{@in6=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0, <r11=>0x0}}, {{@in=@private}, 0x0, @in=@dev}}, &(0x7f0000002fc0)=0xe8)
newfstatat(0xffffffffffffff9c, &(0x7f0000003000)='./file0\x00', &(0x7f0000003040)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0}, 0x6000)
write$FUSE_ATTR(r7, &(0x7f00000030c0)={0x78, 0xfffffffffffffffe, r8, {0x1, 0x3, 0x0, {0x2, 0x3, 0x5, 0x4, 0x4, 0x2, 0x81, 0x7, 0x7f, 0x8000, 0x6c14, r11, r12, 0x81, 0x8}}}, 0x78)
r13 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000003140), 0x600000, 0x0)
ioctl$ASHMEM_SET_NAME(r13, 0x41007701, &(0x7f0000003180)='!#^(\x00')
readv(r6, &(0x7f00000046c0)=[{&(0x7f00000031c0)=""/93, 0x5d}, {&(0x7f0000003240)=""/147, 0x93}, {&(0x7f0000003300)=""/212, 0xd4}, {&(0x7f0000003400)=""/210, 0xd2}, {&(0x7f0000003500)=""/147, 0x93}, {&(0x7f00000035c0)=""/70, 0x46}, {&(0x7f0000003640)=""/75, 0x4b}, {&(0x7f00000036c0)=""/4096, 0x1000}], 0x8)
fchown(r7, r9, r12)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000004780)={'wlan0\x00', <r14=>0x0})
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r7, &(0x7f0000004bc0)={&(0x7f0000004740)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000004b80)={&(0x7f00000047c0)={0x3b4, r4, 0x10, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r14}, @val={0xc, 0x99, {0x4, 0x80}}}}, [@NL80211_ATTR_PEER_MEASUREMENTS={0x38c, 0x111, 0x0, 0x1, {0x388, 0x5, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}]}]}, {0x58, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0xc, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x3c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x187}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x323}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}]}, {0x280, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x8c, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x88, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1e}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x2}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xf4c}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0xe1}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x6}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x8}]}]}]}, @NL80211_PMSR_PEER_ATTR_REQ={0xf8, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0xd0, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x38, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0xf}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x8}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xfffe}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xd}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3ecfc83aa82fa407}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}]}]}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x4}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0x3c, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x38, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}]}]}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x4c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1685}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x9a}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x24, 0x2, 0x0, 0x1, [@NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_CHAN={0x24, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2b6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xf}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}]}, {0x80, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0x1c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x34, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x19a}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x8, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_REQ={0xc, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_REQ={0xc, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}]}]}}]}, 0x3b4}, 0x1, 0x0, 0x0, 0x8000}, 0x20044085)
recvmmsg(r0, &(0x7f0000006c80)=[{{&(0x7f0000004c00)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000005080)=[{&(0x7f0000004c80)=""/118, 0x76}, {&(0x7f0000004d00)}, {&(0x7f0000004d40)=""/112, 0x70}, {&(0x7f0000004dc0)=""/254, 0xfe}, {&(0x7f0000004ec0)=""/25, 0x19}, {&(0x7f0000004f00)=""/148, 0x94}, {&(0x7f0000004fc0)=""/136, 0x88}], 0x7, &(0x7f0000005100)=""/89, 0x59}, 0x80}, {{0x0, 0x0, &(0x7f00000053c0)=[{&(0x7f0000005180)=""/226, 0xe2}, {&(0x7f0000005280)=""/70, 0x46}, {&(0x7f0000005300)=""/121, 0x79}, {&(0x7f0000005380)=""/52, 0x34}], 0x4, &(0x7f0000005400)=""/243, 0xf3}, 0xfcc}, {{&(0x7f0000005500)=@nl=@proc, 0x80, &(0x7f0000006b00)=[{&(0x7f0000005580)=""/137, 0x89}, {&(0x7f0000005640)=""/4096, 0x1000}, {&(0x7f0000006640)=""/68, 0x44}, {&(0x7f00000066c0)=""/104, 0x68}, {&(0x7f0000006740)=""/168, 0xa8}, {&(0x7f0000006800)=""/9, 0x9}, {&(0x7f0000006840)=""/195, 0xc3}, {&(0x7f0000006940)=""/144, 0x90}, {&(0x7f0000006a00)=""/195, 0xc3}], 0x9, &(0x7f0000006bc0)=""/171, 0xab}, 0x3}], 0x3, 0x40000000, &(0x7f0000006d40))
readlink(&(0x7f0000006d80)='./file0\x00', &(0x7f0000006dc0)=""/21, 0x15)
r15 = syz_genetlink_get_family_id$ethtool(&(0x7f0000006e40), r7)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r7, &(0x7f0000007380)={&(0x7f0000006e00)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000007340)={&(0x7f00000070c0)={0x250, r15, 0x2, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x9c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x250}, 0x1, 0x0, 0x0, 0x801}, 0xd0)

2m5.959740744s ago: executing program 9 (id=4679):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0) (async)
socket(0x28, 0x5, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) (async)
sendmmsg$inet(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000540)="7ddb889a", 0xfffffcda}], 0x1}}], 0x1, 0x20000054) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) (async)
io_setup(0xf0, 0x0) (async)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, 0x0, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0)

2m4.738041091s ago: executing program 7 (id=4692):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r2=>0x0})
getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000000140)={'tunl0\x00', <r4=>0x0, 0x20, 0x7800, 0x81, 0xfffffe01, {{0xe, 0x4, 0x1, 0x9, 0x38, 0x65, 0x0, 0x8, 0x29, 0x0, @broadcast, @private=0xa010102, {[@cipso={0x86, 0x21, 0x2, [{0x7, 0x9, "f36fce4a385b30"}, {0x5, 0x7, "a830507c57"}, {0x6, 0xb, "8c8ed2ee6fed49ec27"}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000200)={'syztnl0\x00', <r5=>0x0, 0x2f, 0x7, 0x3, 0x9, 0x30, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, 0x730, 0x8, 0xffff, 0x1000000}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f00000002c0)={'ip6_vti0\x00', <r6=>0x0, 0x2f, 0x6, 0xff, 0x8d3faa7, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, @loopback, 0x8000, 0x10, 0xdfbd, 0x8001}})
sendmsg$ETHTOOL_MSG_RINGS_GET(r0, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xec, r1, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x7c, r1, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_GET(r0, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x58, r1, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x810}, 0x24000000)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000007c0), r7)
sendmsg$NLBL_MGMT_C_LISTALL(r8, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x30, r9, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_DOMAIN={0x14, 0x1, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0x60040811)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r8)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000940)={'wpan1\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000980)={'wpan4\x00', <r12=>0x0})
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x21001002}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x38, r10, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000000}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004c016}, 0x4)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000a80), r7)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r13, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x38, r10, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0xb}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004100}, 0x20040010)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000bc0)={'wpan0\x00'})
r14 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBSENT(r14, 0x4b48, &(0x7f0000000c00)={0x7, "34e2660db4ddbf1996af70347d04f8c228ef355d164db1817f32015e3d2d8634fcd34d4d3d79e07b1d7430b3c9051729060f3d09397ebb3e128c660fe5d8cc6a3d5fa93bd637654461df2cb18f24c603e29e7112be4e041b746647203b536085f173efb40af65471c9554fca325a7ccd6a7c9de1efd8f8d2632a80b7b38c9e9f890956f1d00d07a7d486b2e7f63c7034d1d4d6b8aa1e1ed08cee1687c0294aabce8a3085a5cbf59bfcb2c7f03ee417a94f658aa61ee52b4ae9732586420a827ad06c7645505c636510e97f5c7216c37c9ec9f2c5303de7031c620f7846cb2aefa34b94d627b4452d36fcdbe39bee4b993f90809bff3210c914a7143c8934c8fbcda7d808f75bdc6a0b8a782de0a82a2d3e41bd9ef238e1853ac8b9122a6bde4a9fdee94636e4139f9dfcb76bf9392e9783df20538e3a6037c480ef5b5718b18a641da36bbcb6933b4d60b070fe62e6fbfa3224b8e92d948d640ee541c32016229f0b1df8be87d149d9eb15613178428e75f0e2e3017dffebfa28614db479a22558880eda72d87df9d167bc034fb3bb262fb1f827bee9b85d4a64b38e6226195cd3bd2d1d5f1794cf97d71c598e1269ff0ce6854ae137f1f93514db15438c26b4ced9d84e5040eb7beb7f29e8160273df8f379afea1d68979e9bba585dda4b0b83561fbc884d55d3b921cbb0f0b24b8c42495b00356ed7ccb3cb8d23a7a5cfab9"})
r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e80), r0)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000000fc0)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000f80)={&(0x7f0000000ec0)={0x94, r15, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1, 0x68}}}}, [@NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0x6}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x5}, @NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0x24}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x3}]}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONNECTED_TO_GATE={0x5}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x7a}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xd93e, 0x28}}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0xa}, @NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x7f}]}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x1b2e}, @NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0xb0}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000000}, 0x40080)
r16 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001040), r0)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000001140)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001100)={&(0x7f0000001080)={0x70, r16, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0x100, 0x0, 0x7, 0x4, 0x2]}, @SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x80}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @loopback}}]}, 0x70}}, 0x880)
r17 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001180), 0x200, 0x0)
ioctl$TIOCCONS(r17, 0x541d)

2m4.691062802s ago: executing program 7 (id=4694):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1006, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f0000000040))
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x8}, 0x8)
close_range(r0, 0xffffffffffffffff, 0x0)

2m4.677078742s ago: executing program 7 (id=4696):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x165142, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async)
mlock2(&(0x7f0000247000/0x1000)=nil, 0x1000, 0x0)
munlockall()
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
r1 = socket(0x1e, 0x5, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r1)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000600)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_null}]}) (async)
chdir(&(0x7f0000000100)='./bus\x00')
rename(&(0x7f0000000580)='./file0\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x19) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
write(r0, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0xfffffcf1)

2m4.534669993s ago: executing program 7 (id=4698):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x7c, 0xac}, 0x0)
setreuid(0xee00, 0x0)
setreuid(0x0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180)=@req={0x3fc, 0x3, 0x0, 0x7}, 0x8)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = dup3(r1, r0, 0x0)
r3 = memfd_secret(0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x13, r3, 0x8000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r3, 0x8000000)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/sem\x00', 0x0, 0x0)
ioctl$LOOP_CLR_FD(r5, 0x4c01)
mmap$KVM_VCPU(&(0x7f00000a9000/0x3000)=nil, r4, 0x1000000, 0x110, r2, 0x0)
recvmmsg$unix(r2, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000005140)=""/4111, 0x100f}], 0x1}}], 0x1, 0x58ca2280, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
userfaultfd(0x801)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
pipe(&(0x7f00000000c0))
timerfd_create(0x8, 0x80800)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)

2m3.731125337s ago: executing program 7 (id=4703):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x3}, 0x10) (async)
sendmsg$tipc(r0, &(0x7f0000000540)={&(0x7f0000000200)=@name={0x1e, 0x2, 0x0, {{0x0, 0x20}}}, 0x10, 0x0}, 0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x400740, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x8000, 0x51)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) (async)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000240)) (async)
link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00')
ioctl$HIDIOCGRAWNAME(r2, 0x80404804, &(0x7f0000000140))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000018c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='tD\x00\x00', @ANYRES16=r5, @ANYBLOB="a9732dbd7000fedbdf25130000001c00028008000100030000000800020003000000020001000e000000440006804000040067636d2861657329000000000000000000000000000000000000000000000000180000009fa76a0236e5adf4199e00"/110], 0x74}, 0x1, 0x0, 0x0, 0x40000004}, 0x200588c0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r4) (async)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) (async)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) (async)
syz_kvm_setup_cpu$x86(r7, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x72, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (async)
mount$incfs(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) (async)
connect$unix(0xffffffffffffffff, 0x0, 0x0) (async)
r8 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000880)=ANY=[@ANYBLOB="6d616e676c650000000000000000000000000000000000000000000000000000b4000000937271abcd19b7a2aefc861989d8dcfba51ee904c1999419568af193d89277f8d7637ff933b7b68f1392f486088f623ba8a6d0d8a8d3d20d6408d6bd5c5c4c18c16350ec047b7b94ecbd38889e6cf8bb55c16dd66f2e585064268a60535dd6d6fc25c064573640a16c617793e3d0a6286f7bad0d12dca0a5c585547006f6d2dca97ab8239372652a88d05ab5d2e06ca8a54b47965533b76adc2ff05023f2cb0d01afc24cbdfbfa53020d23b840f6a74154e121c801ec8a819b9da8e2258aa66dd26c1bb46d0761a2c9b01fa7eb5fb3553fc66077d5eceddd1aeae51ab8688f7bdd4aabb88766ef7439462853574c121c8d8894d6dfcb976209f73bfb2a32d52608552a58cfbf00e60e14a208470249461e3db7b7ecd966d0e6b6359d9adb382530e546e250c2551e62da9a64a727d05568e009174f92df7958ec423e02e9d74a8fa9ac0ec1437395421d2258115118fa7f7d204b1b2add33896ee96d06d9b1d80fb4737f5ed23d0f1329bc985b2e21c730657a01873b51e0ae848b61a69f451d0ada10773c9a902dcefb5a42237518f6251210213ee7291d2e79ff7ffa5fdf425f48a5"], 0x0) (async)
ioctl$ASHMEM_SET_SIZE(r8, 0x40087703, 0xfffffff3) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x12, r8, 0x0)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3000, 0x3, &(0x7f0000f61000/0x3000)=nil)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000300)=ANY=[@ANYBLOB="636f6e74657874ccf0d4f05b379200705a37225a518d94baf820f50000000000000000072e93c354189528194c6ffce1879b9ed2e62e1321a3f15e03cb10d8d6b65bd5ca3b74fa1a0637c8b20ef6574b41581b2448d050d35e2a", @ANYRESOCT=r3, @ANYRES8=r7])

2m3.718032497s ago: executing program 7 (id=4704):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000540)={'team0\x00', &(0x7f0000000240)=@ethtool_per_queue_op={0x4b, 0x23, [0x8, 0x1, 0x2, 0xc, 0x9, 0xf94, 0x80000f1, 0x37, 0xc698, 0x80000001, 0x6, 0x6, 0x1, 0x6b, 0x7f, 0x2, 0x80000003, 0x2, 0x20000002, 0x0, 0x0, 0x7, 0x10000, 0x2, 0x6, 0x1675, 0x1, 0xff, 0x4, 0x0, 0x4, 0x7fff, 0x4, 0x6, 0x5, 0x1, 0x80000001, 0xc0000, 0x9c, 0x4, 0x3ff, 0x7, 0x3, 0xfffffffc, 0x200, 0x5, 0x4, 0x5, 0x80, 0x0, 0x1, 0xc, 0x8, 0x1, 0x43, 0x7, 0x8, 0x5, 0xba, 0x0, 0x9733, 0x6, 0x80000001, 0x8, 0x3, 0x7, 0x809, 0x8, 0x8, 0x4, 0x101, 0x7, 0x6e, 0x0, 0x6, 0x8, 0x8, 0x7, 0x165, 0x9, 0x6, 0x4, 0x9, 0x8, 0x40, 0x6, 0x5, 0x1, 0x0, 0x3, 0x2, 0x2, 0x40001, 0xa, 0xffffffff, 0x471, 0x4, 0x0, 0x7, 0x6, 0x6, 0x0, 0x1ff, 0x6, 0xb, 0x8, 0x7, 0x4, 0xffff, 0x6, 0x1, 0xf202, 0xfffffffd, 0x5, 0x7, 0x0, 0x2, 0x2, 0x0, 0x7, 0x5, 0x8000, 0x80000001, 0xa, 0xffff, 0xa1, 0x6, 0x9]}}) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600064000000000060005"], 0xe4}}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
sendfile(r2, r2, 0x0, 0x24002de8) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (rerun: 64)
setsockopt$sock_int(r3, 0x1, 0x23, &(0x7f0000000240)=0x3, 0x4)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 32)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000095000040"])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

1m50.811436842s ago: executing program 38 (id=4679):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0) (async)
socket(0x28, 0x5, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) (async)
sendmmsg$inet(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000540)="7ddb889a", 0xfffffcda}], 0x1}}], 0x1, 0x20000054) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) (async)
io_setup(0xf0, 0x0) (async)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, 0x0, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0)

1m48.501505725s ago: executing program 39 (id=4704):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000540)={'team0\x00', &(0x7f0000000240)=@ethtool_per_queue_op={0x4b, 0x23, [0x8, 0x1, 0x2, 0xc, 0x9, 0xf94, 0x80000f1, 0x37, 0xc698, 0x80000001, 0x6, 0x6, 0x1, 0x6b, 0x7f, 0x2, 0x80000003, 0x2, 0x20000002, 0x0, 0x0, 0x7, 0x10000, 0x2, 0x6, 0x1675, 0x1, 0xff, 0x4, 0x0, 0x4, 0x7fff, 0x4, 0x6, 0x5, 0x1, 0x80000001, 0xc0000, 0x9c, 0x4, 0x3ff, 0x7, 0x3, 0xfffffffc, 0x200, 0x5, 0x4, 0x5, 0x80, 0x0, 0x1, 0xc, 0x8, 0x1, 0x43, 0x7, 0x8, 0x5, 0xba, 0x0, 0x9733, 0x6, 0x80000001, 0x8, 0x3, 0x7, 0x809, 0x8, 0x8, 0x4, 0x101, 0x7, 0x6e, 0x0, 0x6, 0x8, 0x8, 0x7, 0x165, 0x9, 0x6, 0x4, 0x9, 0x8, 0x40, 0x6, 0x5, 0x1, 0x0, 0x3, 0x2, 0x2, 0x40001, 0xa, 0xffffffff, 0x471, 0x4, 0x0, 0x7, 0x6, 0x6, 0x0, 0x1ff, 0x6, 0xb, 0x8, 0x7, 0x4, 0xffff, 0x6, 0x1, 0xf202, 0xfffffffd, 0x5, 0x7, 0x0, 0x2, 0x2, 0x0, 0x7, 0x5, 0x8000, 0x80000001, 0xa, 0xffff, 0xa1, 0x6, 0x9]}}) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600064000000000060005"], 0xe4}}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
sendfile(r2, r2, 0x0, 0x24002de8) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (rerun: 64)
setsockopt$sock_int(r3, 0x1, 0x23, &(0x7f0000000240)=0x3, 0x4)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 32)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000095000040"])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

1m4.447403869s ago: executing program 0 (id=5328):
r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10)
r1 = openat$binfmt_format(0xffffff9c, &(0x7f0000003040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@multicast2, 0x0, 0x56, 0x4e23, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x2, 0xfffffffffffffff6, 0x2000000, 0x1, 0x8}, {0x7, 0x0, 0x4}, 0x932, 0x0, 0x1, 0x0, 0x3}, {{@in=@remote, 0x4d4, 0x6c}, 0xa, @in=@loopback, 0x2, 0x4, 0x0, 0x0, 0xfffffffc, 0x8, 0x4}}, 0xe8)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="780000001a0001002abd7000000000000a"], 0x78}], 0x1, 0x0, 0x0, 0x20400}, 0x0)
write$binfmt_format(r1, &(0x7f0000000040)='-1\x00', 0x3)
r3 = getuid()
r4 = socket(0x11, 0x3, 0x0)
bind$packet(r4, 0x0, 0x0)
quotactl_fd$Q_QUOTAOFF(r0, 0xffffffff80000300, r3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002a00)={0x1c, 0x76, 0x31f, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x4, 0xd}]}, 0x1c}, {&(0x7f0000000080)={0x10, 0x37, 0x300, 0x70bd25, 0x25dfdbff}, 0x10}, {&(0x7f00000001c0)={0xa4, 0x23, 0x8, 0x70bd2b, 0x25dfdbfd, "", [@nested={0x20, 0x10f, 0x0, 0x1, [@typed={0x8, 0x9f, 0x0, 0x0, @ipv4=@multicast1}, @nested={0x4, 0x88}, @nested={0x4, 0xa2}, @nested={0x4, 0xad}, @nested={0x4, 0x90}, @nested={0x4, 0xa3}]}, @generic="439640c8d3eb20645737d72818690ffdeaf191ccedd0b9315edbced8684f8d7b5ea30ebea3702293b9c400677e116913990120e8945ca21d22320e2a77a892077066b5bcaad84ed3f6bcc83ce823d08cf09d134738fec727ed7aedb52386f1117ba99a728448bc1089665a11d657f38d6a51"]}, 0xa4}, {&(0x7f0000000280)={0x1c, 0x40, 0x400, 0x70bd26, 0x25dfdbff, "", [@typed={0xc, 0x12c, 0x0, 0x0, @u64=0x8}]}, 0x1c}], 0x4, 0x0, 0x0, 0x4004000}, 0x0)
sendmsg(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400003900120002002800000219002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0)
r7 = getpid()
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup(r8)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000100)={'vlan1\x00', @broadcast})
r10 = syz_pidfd_open(r7, 0x0)
r11 = pidfd_getfd(r10, r10, 0x0)
setns(r11, 0x66020000)
mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0)
syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x100)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000240), 0x0, &(0x7f0000000900)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})

1m4.339216209s ago: executing program 0 (id=5329):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000440))
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000003c0), 0x40, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffa)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x12b000, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r3, 0x40043311, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0xe5, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd3, 0x2, 0x1, 0x4, 0x30, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "89b8f5399d"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x0, 0xfff9, 0x6, 0x98}, {0x6, 0x24, 0x1a, 0xfffa, 0x2}, [@mbim={0xc, 0x24, 0x1b, 0x200, 0x7, 0x1, 0x1, 0x400}, @mbim={0xc, 0x24, 0x1b, 0x7d90, 0xdccf, 0x4b, 0x6, 0x8, 0x2}, @acm={0x4, 0x24, 0x2, 0x2}, @mdlm_detail={0x51, 0x24, 0x13, 0x7, "549ca03dce254c4eafa4a92202a5c780e8cdfccee75702000df09b62539a7422e5ff263bee278451be08400d1fe883942efea157e2f1f6ac545608e899769d77f12329e291f3364589ace708c4"}, @obex={0x5, 0x24, 0x15, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9, 0x1, 0x10}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x7, 0x7f}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x5, 0xd6, 0x1}}}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x300, 0x8, 0x5, 0x40, 0xff, 0x3}, 0x43, &(0x7f0000000140)=ANY=[@ANYBLOB="050f4300041410040a51965fe629025668d5ae3aa7d30320ef14100409c9050004000000000000cebe4dcad9f40f100b14681d97c00f2a7c83aa5c1907100202580900"], 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x42f}}, {0xf4, &(0x7f0000000200)=ANY=[@ANYBLOB="f403292c06247c7c6156990f86f15b7d9cff1423df2f5bd4e4af3740a7e42b7cdaf781b7b2f30f0e2dcada248de29f503d3460100f610032cd32542ae632aa09e623c07d40c25def0c37c5b31641bea5f7238d27ebf74ac87faefce0cc54540b072bf8f74a4663f8ac30e4e7cf0ccb3af71c3da5d2a9e4e7fae7471f49a3e6e36883d82c362821fe8ce07fb82654bf599412e9579e18cca405a151f4380f3359fb0978ef005d13df8dc12cfb5c8bfc3c0739e960644781ff202ee89e1f3bf342367407a4ddf9b322446754cf2e6bc0263970b64a9a887546610cc5421180e6f01a70e126e256cd5e87cc01647f25c978ec3ede55"]}]})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000ac0)='\x00\x00\x03\x01\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x02\x00g\x00\x00\x00\x80\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-\xac\x99\xb8\xd2<Z l\xdfDh\xa1\x99Bj<\r\x87\xa3`\x97\xb9b\x85\xe7\xf9:\xdew\x9d\xcc\xb6\x7f\xd1?$\x8b\x02\x00\x00\x00h\x1b\x01\x00\x00\x00\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc4\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0HdO\xb9\xa2\x1d\x13\x8fCha\xb3\x95wl},\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80Z\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9\x13f=\xbd\x03\xe8\xbex:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13\xba\x00|g]7\xdc\xe9=\"\xe4\x90[<Y4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6\x8f\x85fGGV&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146\'Z\x83H\xabF\x18<\x86h\x01=\x03\\\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&@\x00\x00\x00rT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\xd7c\t(\xf2\x93\x8d\\\x91\xef\xab(Jck\xdf\xa3 \x16\x9bH=\x01\x7f\x02\x1dF3\x7f\xd15\xa8\xd2\x94\xa7\xe9\xbd\xdc\x16\xe1Z\x9c\xe3\xeb9\x8f\xfdC\x0e\xd3]\xb5\xfdB\\\xd2\xfe\xf6H\x8ai}kDM\xbd\xfcJ{T{@i/\xb7x\xc5z\xfds\x85\xef\x1f\xf0t\xf5\xaf\xb21F\x01\xe0\x86\xde\x88\xb8\x8f \xfc\xcd\xba\xea\x16\xc1J\xb7\xe3\x04m\x0e\xaf\xd6\x88\xd6XX\xba\x8a\xdb\xeda\x83.H\xe3\x86\x03\t\xcb\xdc\x80\xee\x0ec\x12\x8a\x92\x11\xb6\xcc#\x10\xec\xfd\xbb\xd3\\\xc8\x88\x04,\'\x14\xbf\x84\x16\xb3\x8f,6\xc6D\xae\xa1\xf9\xe7@\xac\xaa\x104\x8b\x8eQ8\x11\xa7|\x87\xe2\xccrj%\xc4r&\r\a\xa7\xda\xf5\'V\x89\xe6\xa4\x05\xde\xf5\xaa@\xec\xe2\xf6\xb5x\xa1w\n\xda\xf2\xd67\xc6%\x0f[sF\xb6\xaeS>\xe9^\xd4\xf03\xe9.\xc4\xd5\xe0\r\xa1Q\xa8\xf2\xa2`zs\'k\xd4pV\xab&%\xf8\x8a\x80\x9d\"\xf3\xcc\xd2i\xc8\xd8\xc6\xbeD\xda\x86?\xf9\x13\xe5L`R\xe8Vq\xa3\nD\x9f\xe4M\xe6\xab\xdd!=%\x06z$\x99\';O\xfc\xf0u\x83\v<H\x8cmD\x8e\x9e\x18\xf7\xac\xa5\x17\x89\xc6\x88\x86\xe9\x15\x87WV\xfbF\xb1\x1fo\x85t\xf1\r\x8a\x9c\xe8\xac^\x19cp\xcceJ\xa6\x0e_\aE\bZ\x9f\xfa\xdf$\xad\xf0\xa5E\xeb\xd6\x80\xb7 \rd\xcc\x92\b\x01\x1bG\xb4su\x90\xcfs\x18LQ\x81^\x17\x80\xca\xdc\xe2\xb3\x01\x85\xa4r\x87G\xb8\x92\xdaJt\xa2g\xb7Azy+\x8f\xee\xb9\xa9\xa6\x04\xd1a\xca1~\x03\xbc\x87\xd1\xbaY\xf3\x8ai\xff[\xde\xde\xc6\xb1\xb9T{\xe2>\x83\a8\xfe<\x9e\xa8\xfe\xca`D\x91\x81!QT$\x05T\x85\xd6\xe9!\xb9wfL\x12\xa8\xb0\xb0\x86\xc2\xa1\xf7\x05i\xf5\xf0\r\xe7h\xdaD\xcb\xd4\x87\x84\xe5\xc7r;.\xf0\xed\x17\x83Nn\xb7\x0f!u}J)\xa1\xa1\x16\xc5`Z,\xa3\xcf\xfdy\aH\x06\x14l\x92x\xdbB=\xcc\xcdfpi\xe5\x04=HQ\xeaE-v\x02\x0eY\x8e\xbf\xec\x16\xc4G\xea\x8bS\x8e\xd5f\xdcj\xe1\x86\xf9s\x90\xe5\xf9\x89\xc0\xf3\xcd;r4j]\x9b\xdf\xf5\xe9\x82\xe1\xdb\x11\xb3\b\xa2Y\xdb\\\xc1H\xc3\xcf\xb1W\xe9(\xee\x18\xca\xda\xf5p,\x16\xbc\x17\xfe\xd8\n\xe1\xa1&=+)\xf9Vd\x11\xf6hX\xbe\x85O=\xe2\x9f~I\xa1\"\xa9\xd9\x19\xa2\\\xb8>f\xe2Jh+u\x90\x13\x94\x12\xc8X\xd7\xb4\xf1JS0FN\xa0\xda\xb6ez`\x9a\xea\xcf^\xa5\x17{\v\xe8n\xe9 \xc0/D\t\x7f\xd8\xad\xf2e\xff\x8b\x16p\x0f\xe4\x1a/\xe1\x96\xd2\xae\x94\x0e5\xb0b+\xac\x14\xaa\xb0\xb7\xa5.\x15\x8a\xca\xb5~=D-\x90\xc1\xbf\x05\xb9\xd5\x86\xeb\xd2#\xda\xc132\'\xfc!%\x94\x1f\xbfL)\xc2c\xa8\xef\x152\x8d\xef\xde\xbe\xab\xf5g\x80\x02G>\xf5\x04a-\xff\x06X+\xc1\xd3\xb1\xcdn\x15p\xdf\xd8.\x89\x95{\xb6+:`\x9c\xcf2\x01\x1d1\xf7\xe6\x7f\x1f\xf5\xb0\xb9\t2\x14\x81\x99\xb8@7y\xb4\xce\xf1]\a\x03y\xc5F\xfa\xae\xd1O\x7f7\xa7\xc1\xb2.~B\xe8@G\xd1\xd9R~\x1b\xf7\xa8\x86\xa7\xc1\b\x9ej\x01\xf4\xb7\xd2\x0e\xc2\x15S\x19\xd7\xd4\xe6\xaf!\xf8_\x8aEOp@>4\xd7\xcf\x11\xe0\x00\b}QmE\xdd\xa69!Q\x9e\xb9\'\x97\x9b\xe7\xa4?Ed\x9c\x7fE\xba5\x90\xc07\x96S\x9d\xe1\x84\xfa\x1a\xd6\x9a\x15\xd1o \xc0\xd28\x01\xa7\x99\x85q\xbd\x80\x00\x00\x00\x00\x00\x00\x00H\x0f\xbbT\xd5\xb3\xf4\xcd<\x8a\x01\x19\xd0|B\f0\xf8i\xd3\x1bJke\t\x8b7Q\x1dQ&\x96H\x05\xec\x80\xf0\xab\x8f\x94{\x9d+\xefs\x1c\xfck\xf7q\x10\xf6\x16\xbc\xe7\x93\x0f\x7f\xcd\xa7b\xbe\x88\xcc\xb6^\x93\xa9P\xf3\xa3\xe4Az=\xe0+Q\x9e\xb5\x11\xb3\xc1\xa8P0+\xc9\xa1\xdbU~J$\xa4\x03\x11\x1aa~\x9du\x8f\x8d\xbcI\x85k\xa0\xae\xf6\xa0\x94r\xfb\xe3\xaa\xd4\xf0\x99\x06\xe1i\x1f\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\\\xb2/R\xedI2e5\x88(\xc0+^\xe7G\x17\x03^\xd7\x12\x91\x86b\t\xd0R\x01\xda$Y\x85\x02&\x95FC\xc8\xd9')
ioctl$ASHMEM_PURGE_ALL_CACHES(r2, 0x770a, 0x0)
r4 = dup2(r1, r0)
close_range(r4, 0xffffffffffffffff, 0x0)

1m3.826162382s ago: executing program 0 (id=5336):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000) (async)
setns(r1, 0x24020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x2, 0x21, 0xfb393ba7e313083a}, 0x18) (async)
r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x2, 0x21, 0xfb393ba7e313083a}, 0x18)
r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x100)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, 0x0, 0x800)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r4, 0x40187013, &(0x7f0000000040)={0x1, 0x0, {0x0, 0xfffffffb, 0xffffffff, 0x12, 0x5, 0xfffffffc}}) (async)
ioctl$RTC_WKALM_SET(r4, 0x40187013, &(0x7f0000000040)={0x1, 0x0, {0x0, 0xfffffffb, 0xffffffff, 0x12, 0x5, 0xfffffffc}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0))
renameat2(r2, &(0x7f00000000c0)='./file0\x00', r3, &(0x7f0000000140)='./file0\x00', 0x7)

1m3.817516492s ago: executing program 0 (id=5337):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
mmap(&(0x7f0000018000/0x2000)=nil, 0x2000, 0xa8ca3411d3c26009, 0x13, r0, 0x22e7c000)

1m3.767452903s ago: executing program 0 (id=5338):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) (async)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) (async)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) (async)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000e05000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, 0x0}], 0x1, 0x6f, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000000000000860400"]) (async)
writev(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) (async)
r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x20340, 0x0) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async)
ioctl$ASHMEM_GET_PIN_STATUS(r7, 0x7709, 0x0)

1m3.756939152s ago: executing program 0 (id=5339):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000003c0), 0x40, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) (async)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000ac0)='\x00\x00\x03\x01\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x02\x00g\x00\x00\x00\x80\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-\xac\x99\xb8\xd2<Z l\xdfDh\xa1\x99Bj<\r\x87\xa3`\x97\xb9b\x85\xe7\xf9:\xdew\x9d\xcc\xb6\x7f\xd1?$\x8b\x02\x00\x00\x00h\x1b\x01\x00\x00\x00\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc4\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0HdO\xb9\xa2\x1d\x13\x8fCha\xb3\x95wl},\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80Z\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9\x13f=\xbd\x03\xe8\xbex:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13\xba\x00|g]7\xdc\xe9=\"\xe4\x90[<Y4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6\x8f\x85fGGV&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146\'Z\x83H\xabF\x18<\x86h\x01=\x03\\\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&@\x00\x00\x00rT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\xd7c\t(\xf2\x93\x8d\\\x91\xef\xab(Jck\xdf\xa3 \x16\x9bH=\x01\x7f\x02\x1dF3\x7f\xd15\xa8\xd2\x94\xa7\xe9\xbd\xdc\x16\xe1Z\x9c\xe3\xeb9\x8f\xfdC\x0e\xd3]\xb5\xfdB\\\xd2\xfe\xf6H\x8ai}kDM\xbd\xfcJ{T{@i/\xb7x\xc5z\xfds\x85\xef\x1f\xf0t\xf5\xaf\xb21F\x01\xe0\x86\xde\x88\xb8\x8f \xfc\xcd\xba\xea\x16\xc1J\xb7\xe3\x04m\x0e\xaf\xd6\x88\xd6XX\xba\x8a\xdb\xeda\x83.H\xe3\x86\x03\t\xcb\xdc\x80\xee\x0ec\x12\x8a\x92\x11\xb6\xcc#\x10\xec\xfd\xbb\xd3\\\xc8\x88\x04,\'\x14\xbf\x84\x16\xb3\x8f,6\xc6D\xae\xa1\xf9\xe7@\xac\xaa\x104\x8b\x8eQ8\x11\xa7|\x87\xe2\xccrj%\xc4r&\r\a\xa7\xda\xf5\'V\x89\xe6\xa4\x05\xde\xf5\xaa@\xec\xe2\xf6\xb5x\xa1w\n\xda\xf2\xd67\xc6%\x0f[sF\xb6\xaeS>\xe9^\xd4\xf03\xe9.\xc4\xd5\xe0\r\xa1Q\xa8\xf2\xa2`zs\'k\xd4pV\xab&%\xf8\x8a\x80\x9d\"\xf3\xcc\xd2i\xc8\xd8\xc6\xbeD\xda\x86?\xf9\x13\xe5L`R\xe8Vq\xa3\nD\x9f\xe4M\xe6\xab\xdd!=%\x06z$\x99\';O\xfc\xf0u\x83\v<H\x8cmD\x8e\x9e\x18\xf7\xac\xa5\x17\x89\xc6\x88\x86\xe9\x15\x87WV\xfbF\xb1\x1fo\x85t\xf1\r\x8a\x9c\xe8\xac^\x19cp\xcceJ\xa6\x0e_\aE\bZ\x9f\xfa\xdf$\xad\xf0\xa5E\xeb\xd6\x80\xb7 \rd\xcc\x92\b\x01\x1bG\xb4su\x90\xcfs\x18LQ\x81^\x17\x80\xca\xdc\xe2\xb3\x01\x85\xa4r\x87G\xb8\x92\xdaJt\xa2g\xb7Azy+\x8f\xee\xb9\xa9\xa6\x04\xd1a\xca1~\x03\xbc\x87\xd1\xbaY\xf3\x8ai\xff[\xde\xde\xc6\xb1\xb9T{\xe2>\x83\a8\xfe<\x9e\xa8\xfe\xca`D\x91\x81!QT$\x05T\x85\xd6\xe9!\xb9wfL\x12\xa8\xb0\xb0\x86\xc2\xa1\xf7\x05i\xf5\xf0\r\xe7h\xdaD\xcb\xd4\x87\x84\xe5\xc7r;.\xf0\xed\x17\x83Nn\xb7\x0f!u}J)\xa1\xa1\x16\xc5`Z,\xa3\xcf\xfdy\aH\x06\x14l\x92x\xdbB=\xcc\xcdfpi\xe5\x04=HQ\xeaE-v\x02\x0eY\x8e\xbf\xec\x16\xc4G\xea\x8bS\x8e\xd5f\xdcj\xe1\x86\xf9s\x90\xe5\xf9\x89\xc0\xf3\xcd;r4j]\x9b\xdf\xf5\xe9\x82\xe1\xdb\x11\xb3\b\xa2Y\xdb\\\xc1H\xc3\xcf\xb1W\xe9(\xee\x18\xca\xda\xf5p,\x16\xbc\x17\xfe\xd8\n\xe1\xa1&=+)\xf9Vd\x11\xf6hX\xbe\x85O=\xe2\x9f~I\xa1\"\xa9\xd9\x19\xa2\\\xb8>f\xe2Jh+u\x90\x13\x94\x12\xc8X\xd7\xb4\xf1JS0FN\xa0\xda\xb6ez`\x9a\xea\xcf^\xa5\x17{\v\xe8n\xe9 \xc0/D\t\x7f\xd8\xad\xf2e\xff\x8b\x16p\x0f\xe4\x1a/\xe1\x96\xd2\xae\x94\x0e5\xb0b+\xac\x14\xaa\xb0\xb7\xa5.\x15\x8a\xca\xb5~=D-\x90\xc1\xbf\x05\xb9\xd5\x86\xeb\xd2#\xda\xc132\'\xfc!%\x94\x1f\xbfL)\xc2c\xa8\xef\x152\x8d\xef\xde\xbe\xab\xf5g\x80\x02G>\xf5\x04a-\xff\x06X+\xc1\xd3\xb1\xcdn\x15p\xdf\xd8.\x89\x95{\xb6+:`\x9c\xcf2\x01\x1d1\xf7\xe6\x7f\x1f\xf5\xb0\xb9\t2\x14\x81\x99\xb8@7y\xb4\xce\xf1]\a\x03y\xc5F\xfa\xae\xd1O\x7f7\xa7\xc1\xb2.~B\xe8@G\xd1\xd9R~\x1b\xf7\xa8\x86\xa7\xc1\b\x9ej\x01\xf4\xb7\xd2\x0e\xc2\x15S\x19\xd7\xd4\xe6\xaf!\xf8_\x8aEOp@>4\xd7\xcf\x11\xe0\x00\b}QmE\xdd\xa69!Q\x9e\xb9\'\x97\x9b\xe7\xa4?Ed\x9c\x7fE\xba5\x90\xc07\x96S\x9d\xe1\x84\xfa\x1a\xd6\x9a\x15\xd1o \xc0\xd28\x01\xa7\x99\x85q\xbd\x80\x00\x00\x00\x00\x00\x00\x00H\x0f\xbbT\xd5\xb3\xf4\xcd<\x8a\x01\x19\xd0|B\f0\xf8i\xd3\x1bJke\t\x8b7Q\x1dQ&\x96H\x05\xec\x80\xf0\xab\x8f\x94{\x9d+\xefs\x1c\xfck\xf7q\x10\xf6\x16\xbc\xe7\x93\x0f\x7f\xcd\xa7b\xbe\x88\xcc\xb6^\x93\xa9P\xf3\xa3\xe4Az=\xe0+Q\x9e\xb5\x11\xb3\xc1\xa8P0+\xc9\xa1\xdbU~J$\xa4\x03\x11\x1aa~\x9du\x8f\x8d\xbcI\x85k\xa0\xae\xf6\xa0\x94r\xfb\xe3\xaa\xd4\xf0\x99\x06\xe1i\x1f\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\\\xb2/R\xedI2e5\x88(\xc0+^\xe7G\x17\x03^\xd7\x12\x91\x86b\t\xd0R\x01\xda$Y\x85\x02&\x95FC\xc8\xd9') (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x5) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0x2) (async)
read$FUSE(r1, &(0x7f0000006300)={0x2020}, 0x2020)
r2 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x57e, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0xfe, 0x5, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x10, 0x8, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0xfd, 0x0, 0x7}}]}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\vU'], 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000052b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005468a9fe52386e52000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000da0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000f7ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bb33ea699a80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r3, 0x4068aea3, &(0x7f0000000340)={0xdb, 0x0, 0x5}) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000040)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00') (async)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000400)={0x0, 0x6, 0x2, 0xd59}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) (rerun: 64)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x30, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x30}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) (async, rerun: 64)
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000001200)='\x00\x00\x01\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x9f\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00o\b\xbdd\xcb\xa0\xc4P-E_Q\xa2\x98\xf5\xdb\x17\xe2-\x890\xf7\xaf\x1eL\x0f\xe3\xb2\xb8X\xdb\x849\xc6\xaaG#\x1bg\x05F\x85\x9e\x18 \x11\xbeG\x85\xb2\xf5\xa1S\xfd\x82\xfe\x94\x02\xd6\xd4\x1a4zbn\x17\\\xfc\xb4\x02\xfbN\xe8\x10>\xa2\x87\xa0\xb3\x90E\x94\xb7B\xffl\xca\xc62\x1ar\x92#kz\xa6fP\xc5\xe8\xcd\xf1\x18l\xa0\xbf\xdb\x18b\vRo\x1f^\x18\bR\xf7O\b\xb4\xd3;0\xc1h/\xaf\x0e\x88\xcc\xea\x94Ur\'!q\x03\xb0\xcf\t\xbe\xc4\x197Q]H?\v\xe0\xd3/\xa6\xf7j&\xd5\xdf\x90\x1e\xd3_H\'\xd1\xa2Z\xf4B1\x1f\xfc\xb7\x9bJ\xf5\x81\tT6zS-\x8c2%\xc1|\x9e\xfaj>\xfa\x01x\xc3\xd1;\xd5\xeb\xfcM\xb7\x938\xcb\x90We\xc8\xd6\x83\xad\xeb`c\x93\x15\x82F\n*\xbe\xe1\xe2\x82\xd6\xa6\x96\xee\x83\x164K\xe2\xc0\x174\xeeT)?\x00:S\xac\x13\x86\xcc6\x16\x06\x00q\xdc\x14\xb5c\xeb\xca4j\x8f\xb2|\x05\x92%{z\xfc\x00\x00\x00\x00\x00') (rerun: 64)

1m3.728798203s ago: executing program 40 (id=5339):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000003c0), 0x40, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) (async)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000ac0)='\x00\x00\x03\x01\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x02\x00g\x00\x00\x00\x80\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-\xac\x99\xb8\xd2<Z l\xdfDh\xa1\x99Bj<\r\x87\xa3`\x97\xb9b\x85\xe7\xf9:\xdew\x9d\xcc\xb6\x7f\xd1?$\x8b\x02\x00\x00\x00h\x1b\x01\x00\x00\x00\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc4\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0HdO\xb9\xa2\x1d\x13\x8fCha\xb3\x95wl},\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80Z\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9\x13f=\xbd\x03\xe8\xbex:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13\xba\x00|g]7\xdc\xe9=\"\xe4\x90[<Y4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6\x8f\x85fGGV&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146\'Z\x83H\xabF\x18<\x86h\x01=\x03\\\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&@\x00\x00\x00rT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\xd7c\t(\xf2\x93\x8d\\\x91\xef\xab(Jck\xdf\xa3 \x16\x9bH=\x01\x7f\x02\x1dF3\x7f\xd15\xa8\xd2\x94\xa7\xe9\xbd\xdc\x16\xe1Z\x9c\xe3\xeb9\x8f\xfdC\x0e\xd3]\xb5\xfdB\\\xd2\xfe\xf6H\x8ai}kDM\xbd\xfcJ{T{@i/\xb7x\xc5z\xfds\x85\xef\x1f\xf0t\xf5\xaf\xb21F\x01\xe0\x86\xde\x88\xb8\x8f \xfc\xcd\xba\xea\x16\xc1J\xb7\xe3\x04m\x0e\xaf\xd6\x88\xd6XX\xba\x8a\xdb\xeda\x83.H\xe3\x86\x03\t\xcb\xdc\x80\xee\x0ec\x12\x8a\x92\x11\xb6\xcc#\x10\xec\xfd\xbb\xd3\\\xc8\x88\x04,\'\x14\xbf\x84\x16\xb3\x8f,6\xc6D\xae\xa1\xf9\xe7@\xac\xaa\x104\x8b\x8eQ8\x11\xa7|\x87\xe2\xccrj%\xc4r&\r\a\xa7\xda\xf5\'V\x89\xe6\xa4\x05\xde\xf5\xaa@\xec\xe2\xf6\xb5x\xa1w\n\xda\xf2\xd67\xc6%\x0f[sF\xb6\xaeS>\xe9^\xd4\xf03\xe9.\xc4\xd5\xe0\r\xa1Q\xa8\xf2\xa2`zs\'k\xd4pV\xab&%\xf8\x8a\x80\x9d\"\xf3\xcc\xd2i\xc8\xd8\xc6\xbeD\xda\x86?\xf9\x13\xe5L`R\xe8Vq\xa3\nD\x9f\xe4M\xe6\xab\xdd!=%\x06z$\x99\';O\xfc\xf0u\x83\v<H\x8cmD\x8e\x9e\x18\xf7\xac\xa5\x17\x89\xc6\x88\x86\xe9\x15\x87WV\xfbF\xb1\x1fo\x85t\xf1\r\x8a\x9c\xe8\xac^\x19cp\xcceJ\xa6\x0e_\aE\bZ\x9f\xfa\xdf$\xad\xf0\xa5E\xeb\xd6\x80\xb7 \rd\xcc\x92\b\x01\x1bG\xb4su\x90\xcfs\x18LQ\x81^\x17\x80\xca\xdc\xe2\xb3\x01\x85\xa4r\x87G\xb8\x92\xdaJt\xa2g\xb7Azy+\x8f\xee\xb9\xa9\xa6\x04\xd1a\xca1~\x03\xbc\x87\xd1\xbaY\xf3\x8ai\xff[\xde\xde\xc6\xb1\xb9T{\xe2>\x83\a8\xfe<\x9e\xa8\xfe\xca`D\x91\x81!QT$\x05T\x85\xd6\xe9!\xb9wfL\x12\xa8\xb0\xb0\x86\xc2\xa1\xf7\x05i\xf5\xf0\r\xe7h\xdaD\xcb\xd4\x87\x84\xe5\xc7r;.\xf0\xed\x17\x83Nn\xb7\x0f!u}J)\xa1\xa1\x16\xc5`Z,\xa3\xcf\xfdy\aH\x06\x14l\x92x\xdbB=\xcc\xcdfpi\xe5\x04=HQ\xeaE-v\x02\x0eY\x8e\xbf\xec\x16\xc4G\xea\x8bS\x8e\xd5f\xdcj\xe1\x86\xf9s\x90\xe5\xf9\x89\xc0\xf3\xcd;r4j]\x9b\xdf\xf5\xe9\x82\xe1\xdb\x11\xb3\b\xa2Y\xdb\\\xc1H\xc3\xcf\xb1W\xe9(\xee\x18\xca\xda\xf5p,\x16\xbc\x17\xfe\xd8\n\xe1\xa1&=+)\xf9Vd\x11\xf6hX\xbe\x85O=\xe2\x9f~I\xa1\"\xa9\xd9\x19\xa2\\\xb8>f\xe2Jh+u\x90\x13\x94\x12\xc8X\xd7\xb4\xf1JS0FN\xa0\xda\xb6ez`\x9a\xea\xcf^\xa5\x17{\v\xe8n\xe9 \xc0/D\t\x7f\xd8\xad\xf2e\xff\x8b\x16p\x0f\xe4\x1a/\xe1\x96\xd2\xae\x94\x0e5\xb0b+\xac\x14\xaa\xb0\xb7\xa5.\x15\x8a\xca\xb5~=D-\x90\xc1\xbf\x05\xb9\xd5\x86\xeb\xd2#\xda\xc132\'\xfc!%\x94\x1f\xbfL)\xc2c\xa8\xef\x152\x8d\xef\xde\xbe\xab\xf5g\x80\x02G>\xf5\x04a-\xff\x06X+\xc1\xd3\xb1\xcdn\x15p\xdf\xd8.\x89\x95{\xb6+:`\x9c\xcf2\x01\x1d1\xf7\xe6\x7f\x1f\xf5\xb0\xb9\t2\x14\x81\x99\xb8@7y\xb4\xce\xf1]\a\x03y\xc5F\xfa\xae\xd1O\x7f7\xa7\xc1\xb2.~B\xe8@G\xd1\xd9R~\x1b\xf7\xa8\x86\xa7\xc1\b\x9ej\x01\xf4\xb7\xd2\x0e\xc2\x15S\x19\xd7\xd4\xe6\xaf!\xf8_\x8aEOp@>4\xd7\xcf\x11\xe0\x00\b}QmE\xdd\xa69!Q\x9e\xb9\'\x97\x9b\xe7\xa4?Ed\x9c\x7fE\xba5\x90\xc07\x96S\x9d\xe1\x84\xfa\x1a\xd6\x9a\x15\xd1o \xc0\xd28\x01\xa7\x99\x85q\xbd\x80\x00\x00\x00\x00\x00\x00\x00H\x0f\xbbT\xd5\xb3\xf4\xcd<\x8a\x01\x19\xd0|B\f0\xf8i\xd3\x1bJke\t\x8b7Q\x1dQ&\x96H\x05\xec\x80\xf0\xab\x8f\x94{\x9d+\xefs\x1c\xfck\xf7q\x10\xf6\x16\xbc\xe7\x93\x0f\x7f\xcd\xa7b\xbe\x88\xcc\xb6^\x93\xa9P\xf3\xa3\xe4Az=\xe0+Q\x9e\xb5\x11\xb3\xc1\xa8P0+\xc9\xa1\xdbU~J$\xa4\x03\x11\x1aa~\x9du\x8f\x8d\xbcI\x85k\xa0\xae\xf6\xa0\x94r\xfb\xe3\xaa\xd4\xf0\x99\x06\xe1i\x1f\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\\\xb2/R\xedI2e5\x88(\xc0+^\xe7G\x17\x03^\xd7\x12\x91\x86b\t\xd0R\x01\xda$Y\x85\x02&\x95FC\xc8\xd9') (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x5) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0x2) (async)
read$FUSE(r1, &(0x7f0000006300)={0x2020}, 0x2020)
r2 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x57e, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0xfe, 0x5, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x10, 0x8, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0xfd, 0x0, 0x7}}]}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\vU'], 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000052b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005468a9fe52386e52000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000da0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000f7ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bb33ea699a80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r3, 0x4068aea3, &(0x7f0000000340)={0xdb, 0x0, 0x5}) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000040)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00') (async)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000400)={0x0, 0x6, 0x2, 0xd59}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) (rerun: 64)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x30, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x30}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) (async, rerun: 64)
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000001200)='\x00\x00\x01\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x9f\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00o\b\xbdd\xcb\xa0\xc4P-E_Q\xa2\x98\xf5\xdb\x17\xe2-\x890\xf7\xaf\x1eL\x0f\xe3\xb2\xb8X\xdb\x849\xc6\xaaG#\x1bg\x05F\x85\x9e\x18 \x11\xbeG\x85\xb2\xf5\xa1S\xfd\x82\xfe\x94\x02\xd6\xd4\x1a4zbn\x17\\\xfc\xb4\x02\xfbN\xe8\x10>\xa2\x87\xa0\xb3\x90E\x94\xb7B\xffl\xca\xc62\x1ar\x92#kz\xa6fP\xc5\xe8\xcd\xf1\x18l\xa0\xbf\xdb\x18b\vRo\x1f^\x18\bR\xf7O\b\xb4\xd3;0\xc1h/\xaf\x0e\x88\xcc\xea\x94Ur\'!q\x03\xb0\xcf\t\xbe\xc4\x197Q]H?\v\xe0\xd3/\xa6\xf7j&\xd5\xdf\x90\x1e\xd3_H\'\xd1\xa2Z\xf4B1\x1f\xfc\xb7\x9bJ\xf5\x81\tT6zS-\x8c2%\xc1|\x9e\xfaj>\xfa\x01x\xc3\xd1;\xd5\xeb\xfcM\xb7\x938\xcb\x90We\xc8\xd6\x83\xad\xeb`c\x93\x15\x82F\n*\xbe\xe1\xe2\x82\xd6\xa6\x96\xee\x83\x164K\xe2\xc0\x174\xeeT)?\x00:S\xac\x13\x86\xcc6\x16\x06\x00q\xdc\x14\xb5c\xeb\xca4j\x8f\xb2|\x05\x92%{z\xfc\x00\x00\x00\x00\x00') (rerun: 64)

50.726117778s ago: executing program 5 (id=5583):
setsockopt$TIPC_MCAST_REPLICAST(0xffffffffffffffff, 0x10f, 0x86)

50.708938728s ago: executing program 5 (id=5584):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a240100f9ff0201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701040000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000300)={0x20, 0x16, 0x1, '%'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x82, 0x1, '!'}, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="20e702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = socket(0x2, 0x3, 0xfe)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x8f2)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, 0x7, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xd31}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
r4 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in=@multicast1, @in=@dev={0xac, 0x14, 0x14, 0x3e}, 0x0, 0x56, 0x3, 0x100, 0x2, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x4, 0xfffffffffffffff6, 0x2000000, 0x1}, {0x10001, 0x0, 0x4}, 0x3, 0x0, 0x1, 0x1, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x0, 0x3c}, 0xa, @in=@loopback, 0x3507, 0x4, 0x0, 0x0, 0xdfffffff, 0x8, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xff}}}, 0x1c)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r8, 0x8040ae9f, &(0x7f0000000000))
accept4(0xffffffffffffffff, &(0x7f0000000040)=@sco={0x1f, @fixed}, &(0x7f00000000c0)=0x80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff", 0x16}], 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmmsg$inet(r1, &(0x7f0000000640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000001140)="281eff0800fdce249b04000000484b135c556eabe5a3f2724200a50e8002a6e5", 0x20}], 0x1}}, {{&(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001880)=ANY=[@ANYBLOB="1c00007f819ab4030000000000000000", @ANYBLOB="12cf5a78783368a1c5bfe00d7e05217ac2d12369d21bfa5237f4697bf58be6ce78ba5f075170cd97d5dc848a0f118e4013d6692c918cd3f4b04044a49709309894d356082d440bfdff29ae738cbeb24927c3f0743dc893ec683010b0d3fd8d8ba4a342ab29503e746c0e8909fed748f1f6d23d9c40b6907a1311c14e5c0cdcbb74a0b1e9769d63c3005c272b1474ca354c0ff92efa50b8c30365e47118c34747cecf12d4942f161986e01469ea2d4f0bac1f23dca512a00cbe80967ad404aada5c3bd224cff920f2dde069b22706edcaf6fb232a68417616605dfe1cc11fd4e08440e89ba05301efd9e39703309f079d632008b53a4dc573d04b9ccf0361df5ca31c166c9d04b52323daa1fc0c19a213c6bdf5e7b47ad7a6e94569f51049d96045955228fc4fc660e5d67f7d8d8f65668ae68693f16d6130552b70e69cf91ade270321c0bde30d111809968875a6246d533b481c20a70deaa681d5576da7788fc512ee7f8088e98ac5511b158320f89ebccc6d788d4b32df14e2f9f0e326ae6c41e9887c4243f7d3be729dc7bd108853e60c75920610817a2c6bc3c1b75018f45b3b1e80524bcb028b2c618171597609e17fb4e921d949c33d3712ef6ab115cdf030628d78df614e9d483f4b265914fc09859c413cd0ee368fc23eb6c95066e9a70d657ca4e6404bab68199cef8544b80b6ab838115ad6a51e06a331173129328d54fdb70880f8a141de77931c538b510014c9a97acf64b1dc377d7c52a721e0fcf74061d89934d1f8127a5077716942bfdb22653d74cf470e57d4eb90df0644467e2055a84f3519eda71fda55381fcfc0101a6a009473bbbd3abbe9b17cc7363cadb3c1508948d2a9868f545d8e223a61e97bc09b7bda207e2ecc11a069ef71591cd3bfe95ae308bb986c08027166c243ab161a091637a813031735d1eea91d263c14a3d7120e81a4dbdf4f7f6a9a40b74baf5b49e53734329bdc357ffee51aac232ade39604eb5d2c64111c7b3a30c9f2ecca2430959745f5e979b580314889cbb6f13df9f93ee93b6ed522b9385b3f8a03c60cd5caa44b190da325f37cc12881d3f4c6827745c86326f8e5e663dd551b131a2c9a98db621d7594b98c72de78dd23998a39bc2429246eaa483407118db2021a9a34eaf952ef62e3b704b52ee82a877c2b83f64a82ba65b058b977d69644e345ba26dc206658976233b3494c3ecd67cb76eb6b896955e37c80253908ef33295673c272f3218137c9f9d36ee67d0b411771061dbc0f7fdac5aa106d07957dfafc52c4b8a38332c7f09011d508dc5646bd3fd162750b2a98c8cdbf55bfc586f59354be4fcb40279334cf7f8fa5f52a6cb30e4326ffc854db16056779ca1e61a9cb7296c3f6298cbb72437761fe5f627aa0fe63bdc18e7fc2655ace156fb94124d76246019c05a5678a5a34487e0ee17218eac995e357013114b8cd640ad913c076126b1ebb1949822da4074332d06b33ea9812af72aff61237fa5acc3376d2a14756891d25104d0fdb3f4e9291925419cc590e39a5bfd48931dc0b5045d583ae1881c8ee582afced77337b5ca0bbd61063ddb9b0f04e5dc1d9377c78694d7b680f687d26894ce13db8a6f24348c8534946e0070f927449264f3110778ae43f2194eecdfa9ea18cbe93c39a74a17f878345815626478df5306d44121ec109ddfce6c6770d2e58a6d933d08a22b98aa0c30a9be93b7a63b91cd90db19335b48cd6666abbf53ed2b515f52ca45e9f5bdbad985120d74fbfb04d4b9969d3862900c41b3251de4f01cfe31f74355fe7d37a9b6248832e1be9b39a6f70f3d843f2c9d736a73e4cd90d14d49914a71f1edd0bc1a40c27467bd77d5aaea8ee381d35cd35681b2db9f568996fd7b83b93460f2dd3df315fc806507f22329477a9d22b961a269223b284cebd87bf3558dc78c7b978649b090eb6bb51e5c36d9748a1bbcee03cfe6695131dc3e28b55aa4af1367104e23924914fadbb8b85ecae13c10ada7de37bcb006281d72ced53e63f6fb57bbb5d18e5087d49074d175d3b710ae652dd3d7c5d869c90156764209d5e4d9e71a973d2320066844c235959198311fca3f736cd1edc6d0bab7306bc7ca81030f5a4576c887804bebd7ac00589bbf41d56d8006d09d45a7277a0dd6d6e62bfec7fcdf3fca4d6e969aa88a0cec9e5257ec91de010985e6e337cf869ef0099dd7e5f7cd589de2e152de83ad9f09e712d8076c7443ac02d7ff892ffae160adc977fa06e33cbd8ff38653afeba95cdab4c9733f5462542fbcdabb8098c76dce5a8b39dbef4e0280719860fd2407c9953a59c882f9acfb9b428004d7f99daa0da291cffa9885fadd935192ffbecd611edc1c3d7c85b7b5649b19cbd86cac48f4fa6151496d6f1b570b0370b1908f8a43c04e353844d26073d236a368e7082a9dc2ce0f6c6aaf72d5dc4fa61eeaed098f6abc8f68111f108bb5d57b1f4ca4b9c625b6545ead74ddcb140a631eab42734078c5f528a9315671719817d414e6a7a2b2b8b909c59569351525fa2d4f4ff7c3f7c8de966947af9c32f8042de693af1837fc631c3a9c95c02c2275056062b82365e5a44c5e7917f1d00ca43dd578e5f2dcd092e1f2865120fdd2035de9907f991059833cba085aa17f0f8484a72fff5b57ec722964dc9435ed58146277a805f20d8729ad456332d01142e6a98e6e79ba820b16e2c2bb216259b955aec287802be0fe65267c4b6099331ce88f7b4287967fcefa7b709bb335c9a30bef02b327e517b3c3f4b38faa43a4f7dceba4e51c52cf3be6bc82f4624bde8855ff9ec17db5b97ebd133b5018c406b98dcfd44592b8a2d2cdde8ca3682586908e337d1785f6d6d25e32966a25e3f3327d31f3e9a5693bd080aafa3781de45020de84ae89db85018e68de18b6dd3ff167c716f5825dc9ddfe375d38c67b60577bb39c2772be037013cd7890c895b91e6d9a671272c3a267440eac32600983cbbe4503d2d13a533b23d13e8c22396c8244d1133c077aa97d756637c8456c8371ab70e9194ce51b2437d512a6d627b1925279b0168b2a2c9f27ff605e3461322efc6944897558c928a788a266fbdf861e2e9508f22354aa3db05486339da541f86ccd438d81c3c60f20e4eddc4ca700f8523a4b66f828170518eb342b6101bdc04f400f36e7b57ac97bddf697e90a4cbe25f4f9c48ce204689785599362eab1599b84c9c35636ed5e04e53954107043e5169fae0c50c8057281ccba1b1c231e764e30ec17e2d66b87108c57c5aaa5415e86af4f174855f866084513d53604a22a635665f79e78f992c47f495e4171c8b809607de7c3e51978b60ea4b66d89e65f40484e8e567a5ff1c9de91c199872315390f836e5cfc55dedbb03a952f839bcc3529d602b836f73766ebfaa2b2189c13b479da141ac054e165fb8edbf2e8e9d8e2b88fdba8b17876e3edd701dd51620c62d9b0c2e89325c256b6a117790bacb653fd2e10fbc45a42718bf51beda5a63a30b730338337328d31b722b72f9b7c824e79b4cbb62900999fed4167586215ec2ad826e6c28fe63c27a809a8be0e95e219022d71d74ae1eacaff4a0f9cf62c8fe28348e24cce23dcf5bbeee4976d0a74a406bae07ab23341b1cd05b4cf56628c34f87f3ddd0fca19e2d8bb9dfa688dc6be809b56e293fdd4374c0a255186703b07509abf1318a61670bd397fd099dac1ab4141f64721424f6bef655714acbd0e225f86e8e4fa27580c698209ef7de753e3cdae1d39d20de437a9c8e1625f74f3835c1f58608214e57ec424b11e226007c750a15cd22e4078bede9c5771bbf7477349caf2af4b18cc859020470b511d205166bc820d3bde49a39542d350e58df1977739258b9541dfa8a9443a78712741bb29d08d189e6b6a62445df8ded13dcf0bfe903fe5d2c83889003b85c89a9112456f61ac4f9bb88db4ca1ef578442cb487220450d68178a24f4132e7b4eefe994d2610caa602cd44c1d3983b8b98655caeff6da31891b74c2ce5e876b68d26b1dc443f66f357c945f7e97094984726b3cba8551848e70c956990df6d0012e00bcfc123f0f60076ab0baa0149e0248ef151495da2be4ca3c41c260a817a2312fb3f0e7769bf407147e4543f2cbf20cc6df322d4e673324806295b7f0ef61489d859f943add16a24e954b8126632e6da797845486531fba706776394f9d1580b379fc1d8217cff4cd2ab1751b9de3e66562fe4d5098e631aaa09ee2a6266ecb1c31b6d79f16c72dca8bb935c06430484ebcb954dfb5d7d8fd165e12050d1b8ba20778bca38e15e59ac26600208d73aa6f3ec06324a4f656e1f4465e187f124fa80b1a532f01520c3ea2e345d109d6b193f508d5993f1d89fff0be48ab7d6f81aa3d653bb23dc193b57297e5d40e8dc69518a032b01f6d983e0edf1822ea32e393fc5e92a3c633ad1c794b3a07c532c92c29f08a360bf19ed6c66ea9ea8b6fa9933080c39d854e18e558121dac9e7ecbf57f3be4c4479895a6410aff239954cf77afe9e89c78a61067f522370d085764f8128f4a866c6777095969e37f3001da885caba3b8f86844b02e5ecbaa9969e563d9726babd1ba457494c2d213127b5824a13ddf21edb8c475253c2df8cc1dbe0351f2ab5ea8381684b7ce0547a28b31c5c4c6cf220299de64eaff238920cd9002d6a427e79740a2adf3c46b71d59e45af86a98883f861daf11a48749327d8f1681f7eadace9567006c93726ed581b4acd459310a72325d42f23369ed699904b71692668390f69441b45764f425db79eebec0fbaf7a9daf5748bafcf70a62dfe2b051ca49f0bddbdd1108c79b555b51b5efe8afc359737c6ebf400f261a311c47482265bf527a1c2dbb4b79a891470e9e8b9c33154fac42cf524d91349a80bbf0c32353a6c2ae87066000218070f365720f525cf59e773d228c4fa7d828178f0f09cf185ce9dc3a485728e07e34dcb999954c0e8069fd9cec4bad8b59d061f423857ce8c46541239260add2d1d5914bb43a3e52d89744a86abd038f468751032c849184d2241bd0946da244fc19fa1810afef4263eb78b0ecc5e69df0854bc04a7aed3fa2069290b7a8ffcef9a01f2f5221ff71ec4741720fcc0fef78b1ea16a07869972c67efc22ea8e363bacf2243253e926caf74ff50306814696dcb50727ddab4f335eedffbceabae9c84f82f6d50946594ca5f2171c60b4565e828b07481066d4243b522037b6a93dac6fd125bc02d9bdd899b6ba563573998ca816db050288ec7350c192033ad43dfcfe7b8b9ebb6bc4d800a0d805e9b23b0ade39d96280107f5bda4b854a99976de409f12a0c2071608e0b1cb6a8fd98903aa66118c018d53985309f357f10ceb9fc4ef1d696f121406b04ed65792e4841ea3574be0dced3ed6c9af1ec54df15b3b725694f988e74edd1458b856e38a5a5cfe92a85055a7c6a9ff8f9fc00a28e317cf283ace1a5e58ef4e8d92d9e31b7bcf5bbb8bff64615cb55c6fc8a9cd7cac54599174f662ecd55bc75605d600deab2c05c7a832709f7110d6137f1a2f7caedb76c7bfab7ad8734d32cc0c8f0d6322f7def27745ff488f30536fb621ee697db43b69ed6d48da3777c4861274f5aec481345ff1d97262842f7e802fad59cabc2dbe960b4c7f21142e31d2bb7068eeaa3aea22b7ab7a4d80f63e4de5da916762bf05f935537610b0cb5f21211703e9989cf881bb69e8e47cd55b5addf915cb532194f164b007adc078d7ff4cb2aa3e9e202a459b1e2c8275bad95ed5dcc7a31", @ANYBLOB="ac1414aae000000200000000280000000000000000000000070000009404010000440caaf000005f0f0000040094040100000000"], 0x48}}], 0x2, 0x4800)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r9, 0x0, 0x0)

48.390859891s ago: executing program 5 (id=5635):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x5}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd})
faccessat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1, 0x0)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x88fd537e5c114b6e, 0x12, r5, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0xa13ca8e5839881a5, 0x14})
sendmmsg$inet6(r4, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
r7 = dup3(r1, r0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x204000, 0x0)
fcntl$getflags(r8, 0x403)
recvmmsg$unix(r7, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000005140)=""/4111, 0x100f}], 0x1}}], 0x1, 0x58ca2280, 0x0)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40902, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r9, 0x5f7b1000)

47.481216606s ago: executing program 5 (id=5657):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x103, 0x3})
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000240)={"d22b0e58182a4b349ce3c176db95a951", 0x0, <r2=>0x0, {0x1, 0x1}, {0xde69, 0xfffff000}, 0x6b340e3c, [0x80000001, 0x4, 0xaa, 0xf4, 0x8530, 0x8f3, 0x8e4, 0xd, 0xffff, 0x400, 0x0, 0x2, 0x7, 0x6, 0x0, 0x8]})
ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f0000000340)=r2)
r3 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x28, 0x0, &(0x7f0000000200)=[@request_death={0x400c630e, 0x2}, @acquire_done={0x40106309, 0x2}, @register_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000000)=[@free_buffer={0x40086303, r3}, @enter_looper], 0x7d, 0x0, &(0x7f0000000180)="d78d42a210d5f81e58b06e5155b65aef42b85cf32f8887ec4627f083d5cddde74cf735578c764eeda22b429c043bf3af60bc7c116f5d3aacbfd5a28423d16306132e9c0af987e181d32c33799be28578510731f5bab260affc087b1d9c8fb1ee31a270461997dc4a863ab4b2185db450f1a680473a849c4a64c0b612a8"})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom0\x00', 0x0, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r6, &(0x7f0000006b40)={0x2020}, 0x2020)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1800, 0x0)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x1f4)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r8, 0x0, 0x0)
r9 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r9, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
ioctl$UFFDIO_ZEROPAGE(r9, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f00004a5000/0x1000)=nil, 0x1000}})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c80)={0x1c0, 0x0, &(0x7f0000000a00)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x4, 0x1, 0x35}, @fda={0x66646185, 0x5, 0x2, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000380)=""/36, 0x24, 0x1, 0x38}}, &(0x7f00000003c0)={0x0, 0x20, 0x40}}}, @decrefs={0x40046307, 0x1}, @release={0x40046306, 0x1}, @decrefs={0x40046307, 0x3}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000500)={@ptr={0x70742a85, 0x0, &(0x7f00000004c0)=""/28, 0x1c, 0x1, 0x3b}, @flat=@handle={0x73682a85, 0x1}, @flat=@binder={0x73622a85, 0x100}}, &(0x7f0000000580)={0x0, 0x28, 0x40}}, 0x40}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x32, 0x0, 0x0, 0x50, 0x18, &(0x7f00000005c0)={@fda={0x66646185, 0x7, 0x1, 0x40}, @fd={0x66642a85, 0x0, r8}, @flat=@handle={0x73682a85, 0x1, 0x3}}, &(0x7f0000000640)={0x0, 0x20, 0x38}}}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000680)={@fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r9}, @flat=@weak_binder={0x77622a85, 0x100, 0x2}}, &(0x7f0000000700)={0x0, 0x18, 0x30}}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000880)={@ptr={0x70742a85, 0x1, &(0x7f0000000740)=""/244, 0xf4, 0x1, 0x32}, @ptr={0x70742a85, 0x1, &(0x7f0000000840)=""/37, 0x25, 0x0, 0x1f}, @fda={0x66646185, 0x3, 0x0, 0x18}}, &(0x7f0000000900)={0x0, 0x28, 0x50}}}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000940)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_binder={0x77622a85, 0x1000, 0x3}, @fd={0x66642a85, 0x0, r7}}, &(0x7f00000009c0)={0x0, 0x18, 0x30}}}], 0x83, 0x0, &(0x7f0000000bc0)="e45295565a6107bf4425e54ac7dce6df481d36cfcaa7b9dbef2a7604b91c9881ca88b27b6d7910ee23367518ffb5841fee4b813c6352b48315b31e970bf152d375ed6638be4d3ae299c23b3e479c6ec03e76120170ae403a6cdb3ef7cc0f3be1fa6125a0db02ef4af8946b4fe56764b089fa8a20733816939fe5857aadf5530547c13c"})

47.452032857s ago: executing program 5 (id=5658):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
pipe(&(0x7f0000000d00)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r6, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0)
r7 = socket(0x80000000000000a, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000040)={@private2, 0x60})
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
splice(r1, 0x0, r2, 0x0, 0x714f, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000200)={'wlan0\x00'})
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x3f5f41, 0x84)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x14, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10"})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r10 = dup(r9)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r10}, 0x2c, {[{@access_client}], [], 0x6b}})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r13, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000000000080000040"])

47.335450427s ago: executing program 5 (id=5659):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={0x38, 0x1d, 0x1, 0x0, 0x0, {0x8a, 0x0, 0x6e80}, [@nested={0x24, 0x7, 0x0, 0x1, [@nested={0x20, 0xd2, 0x0, 0x1, [@typed={0x14, 0x85, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @typed={0x8, 0x7f, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x50810}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x40000000000000, 0xe}, @flat=@binder={0x73622a85, 0x200, 0x4000002}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x52, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df52fc"})
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000080))

47.283944788s ago: executing program 41 (id=5659):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={0x38, 0x1d, 0x1, 0x0, 0x0, {0x8a, 0x0, 0x6e80}, [@nested={0x24, 0x7, 0x0, 0x1, [@nested={0x20, 0xd2, 0x0, 0x1, [@typed={0x14, 0x85, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @typed={0x8, 0x7f, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x50810}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x40000000000000, 0xe}, @flat=@binder={0x73622a85, 0x200, 0x4000002}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x52, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df52fc"})
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000080))

1.480930691s ago: executing program 1 (id=6441):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x1000, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x1000, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x882)
ioctl$EVIOCSABS20(r1, 0x40044591, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.478075861s ago: executing program 1 (id=6444):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600), 0x43, 0x0, &(0x7f0000000740)="ff9388205610ea990eaaba1fb8f28d721321e0ee676b6be7e753dfed4627798d969499de1f768fb7f709a95a8827959fc3a7c7d5b2375ce7636e7fa23142d3c6fb86e6"})

1.477427431s ago: executing program 8 (id=6445):
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000300)=ANY=[@ANYBLOB="73746174733d676c6f62616c2c73746174733d676c6f62616c2c6c617a7974696d652c00e948845b239e6682aaae76fd62d8"])
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'team_slave_1\x00', &(0x7f0000000340)=@ethtool_per_queue_op={0x4b, 0xe, [0x8, 0x7, 0x6, 0x3, 0x8, 0x5, 0x6, 0x7, 0x8, 0xa, 0x5, 0x34, 0xffffffff, 0x400, 0xb1, 0xffffffff, 0x100, 0x6963, 0x4, 0xad0f, 0x101, 0xfffffffe, 0xffff, 0x0, 0x2974, 0x3, 0x1, 0x8, 0x1, 0x7, 0x0, 0x3, 0xf9c, 0xfffffff7, 0xfffffff8, 0x2, 0x8, 0x80000000, 0x4, 0x8, 0x40, 0x2, 0x25a, 0xffffffff, 0x8, 0x2, 0xfffffffb, 0x2, 0x7, 0x0, 0x40, 0x8, 0x8, 0x5, 0x2, 0xaf8, 0x3, 0x4, 0xd, 0x1, 0x11d3, 0x1, 0x5, 0x7f, 0x1, 0xd874, 0x9, 0x1, 0x9, 0x100, 0x8, 0xc2d3, 0x8, 0x3, 0x1, 0x9, 0xebe, 0x8, 0x6, 0x8, 0x0, 0x4c5f, 0x7d4, 0x6, 0xb00, 0x3, 0x5, 0x7, 0x10000, 0x9, 0xf25, 0x5, 0x9, 0x101, 0xff80, 0xba, 0xffffffff, 0xa87a, 0x3c9, 0xc, 0x5, 0x9, 0x8, 0x4, 0x5, 0x1, 0x6, 0xeb, 0x8001, 0xffff7fff, 0x7f, 0x17b8, 0x10, 0x7, 0x5, 0x40, 0x8, 0x56, 0x3d1, 0x0, 0x6, 0x7fffffff, 0x1, 0x6, 0x9, 0x8001, 0x5, 0x7], "b2bc0ec2e2aa4f25d6eac94071c503098421d94007"}})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x0, 0x3, 0x55, 0x6, 0x7, 0x0, 0x3, 0x0, 0x2, 0x8, 0x4, 0xffffffffffffffff}, {0x10001, 0xffff, 0xb, 0x0, 0x0, 0xd5, 0xfd, 0x7, 0x7, 0x3b, 0x40, 0x1, 0x2}, {0x1, 0x7, 0x7, 0x9c, 0xa, 0x8, 0xff, 0x4, 0x9, 0x4, 0xf5, 0x32, 0x5}], 0xc})
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000300)=ANY=[@ANYBLOB="73746174733d676c6f62616c2c73746174733d676c6f62616c2c6c617a7974696d652c00e948845b239e6682aaae76fd62d8"]) (async)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00') (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'team_slave_1\x00', &(0x7f0000000340)=@ethtool_per_queue_op={0x4b, 0xe, [0x8, 0x7, 0x6, 0x3, 0x8, 0x5, 0x6, 0x7, 0x8, 0xa, 0x5, 0x34, 0xffffffff, 0x400, 0xb1, 0xffffffff, 0x100, 0x6963, 0x4, 0xad0f, 0x101, 0xfffffffe, 0xffff, 0x0, 0x2974, 0x3, 0x1, 0x8, 0x1, 0x7, 0x0, 0x3, 0xf9c, 0xfffffff7, 0xfffffff8, 0x2, 0x8, 0x80000000, 0x4, 0x8, 0x40, 0x2, 0x25a, 0xffffffff, 0x8, 0x2, 0xfffffffb, 0x2, 0x7, 0x0, 0x40, 0x8, 0x8, 0x5, 0x2, 0xaf8, 0x3, 0x4, 0xd, 0x1, 0x11d3, 0x1, 0x5, 0x7f, 0x1, 0xd874, 0x9, 0x1, 0x9, 0x100, 0x8, 0xc2d3, 0x8, 0x3, 0x1, 0x9, 0xebe, 0x8, 0x6, 0x8, 0x0, 0x4c5f, 0x7d4, 0x6, 0xb00, 0x3, 0x5, 0x7, 0x10000, 0x9, 0xf25, 0x5, 0x9, 0x101, 0xff80, 0xba, 0xffffffff, 0xa87a, 0x3c9, 0xc, 0x5, 0x9, 0x8, 0x4, 0x5, 0x1, 0x6, 0xeb, 0x8001, 0xffff7fff, 0x7f, 0x17b8, 0x10, 0x7, 0x5, 0x40, 0x8, 0x56, 0x3d1, 0x0, 0x6, 0x7fffffff, 0x1, 0x6, 0x9, 0x8001, 0x5, 0x7], "b2bc0ec2e2aa4f25d6eac94071c503098421d94007"}}) (async)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x0, 0x3, 0x55, 0x6, 0x7, 0x0, 0x3, 0x0, 0x2, 0x8, 0x4, 0xffffffffffffffff}, {0x10001, 0xffff, 0xb, 0x0, 0x0, 0xd5, 0xfd, 0x7, 0x7, 0x3b, 0x40, 0x1, 0x2}, {0x1, 0x7, 0x7, 0x9c, 0xa, 0x8, 0xff, 0x4, 0x9, 0x4, 0xf5, 0x32, 0x5}], 0xc}) (async)

1.476614811s ago: executing program 1 (id=6446):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x108)
syz_open_pts(r1, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r6)
ptrace$peeksig(0x4209, r6, &(0x7f0000000140)={0x0, 0x0, 0x6}, &(0x7f0000000680)=[{}, {}, {}, {}, {}, {}])
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006340)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, r7, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x191941, 0x28)
write$tcp_congestion(r8, &(0x7f0000000440)='veno\x00', 0x5)
dup2(r8, r2)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
chmod(&(0x7f0000000180)='./file0\x00', 0x23f)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)

1.476244122s ago: executing program 8 (id=6447):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/kheaders.tar.xz', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "2e5237601a87f08faccc1418fbc3da00", [0xfffffffffffffce8, 0xa]}})
io_setup(0x1, &(0x7f00000016c0)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001640)=[&(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x1, 0x104, r0, &(0x7f0000000280)='a', 0x1, 0x5}])

1.420446302s ago: executing program 8 (id=6449):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x100)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000380)={0x0, 0x1, 0x200, 0x3, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x59d4c1, 0xa2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x200b})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000940)={0x10, 0x0, &(0x7f00000002c0)=[@increfs={0x40046304, 0x3}, @decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\f\x00\x00'], 0x0, 0x0, 0x0}, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

1.127491984s ago: executing program 2 (id=6452):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
fadvise64(r0, 0x1fe, 0x7ffc, 0x3)
r1 = syz_clone(0x48411, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
wait4(r1, 0x0, 0x40000000, 0x0)
ptrace$ARCH_SHSTK_DISABLE(0x1e, r1, 0x0, 0x5002)

949.910625ms ago: executing program 2 (id=6455):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) (async)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000080)=0x9, 0x4) (async)
recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0xfffffffb}, {{0x0, 0x0, &(0x7f0000000680), 0x0, &(0x7f00000006c0)=""/160, 0xa0}, 0x3}], 0x3, 0x40002006, 0x0) (async)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d73792274656d5f75dd47d0b9"])
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065f7ff0010bf0008003970323030002e75"], 0x15) (async)
r2 = dup(r1) (async)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000080)=0x7, 0x4)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xfff9, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50) (async, rerun: 64)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) (rerun: 64)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="02000000200000000000000004000000000000001000ff00000000002000000000000000b0acf9d8eb675146b719a096ac36f5388d35a669f635c5e4ea3036c32b63a3a27fe39727ede7b84c27f154de0dd1a02e29944d1a8138fa5ccc7b84356fe03a654a5016ac6f50d540a35289b0b4e32c32fb2549ad45908730b261be762e56ba08d28c07f5d0c7126f6478442a3e179d0592b1017e03c92d523670ddc3ee7b1e1ecb181c0033b92ae85434d76d323c4e9e6f3da7"], 0x24, 0x0) (async)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) (async, rerun: 64)
syz_fuse_handle_req(r4, &(0x7f00000021c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000052b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005468a9fe52386e52000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000da0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000f7ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bb33ea699a80e3f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (rerun: 64)

936.490315ms ago: executing program 2 (id=6456):
r0 = socket$netlink(0x10, 0x3, 0x6)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000600)={0x14, r1, 0x200, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x22040094)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)={0x5})
socket$netlink(0x10, 0x3, 0x6) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000500), 0xffffffffffffffff) (async)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000600)={0x14, r1, 0x200, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x22040094) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)={0x5}) (async)

879.436065ms ago: executing program 2 (id=6457):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/126, 0xfffffffffffffffd, 0x1, 0x26}, @fda={0x66646185, 0x2, 0x0, 0x25}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000440)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000300)={0x50, 0xfffffffffffffffe, r2, {0x7, 0x2b, 0x1, 0x200004, 0x5, 0x0, 0x1, 0x3, 0x0, 0x0, 0x40, 0xd8}}, 0x50)
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000040))

879.161025ms ago: executing program 2 (id=6458):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
setresgid(0xffffffffffffffff, 0xee01, 0x0)
r0 = open(0x0, 0x80140, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x88, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0x8}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x6}, 0x1c)
gettid()
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, 0x0, 0x0)
listen(r2, 0x7ff)
getdents(r0, &(0x7f0000000340)=""/145, 0x91)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0)
setsockopt$sock_int(r1, 0x1, 0x9, &(0x7f0000000140)=0x3, 0x4)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x2]}})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x5)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x9, &(0x7f0000000240)=0x1, 0x4)
r7 = socket$netlink(0x10, 0x3, 0x4)
writev(r7, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c100000000000224e0000", 0x58}], 0x1)
setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x2}, 0x4)

878.960155ms ago: executing program 8 (id=6459):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x80000)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000380)={'team_slave_0\x00', &(0x7f0000000040)=@ethtool_wolinfo={0x5, 0x7, 0x7, "20e97b06beda"}})
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
mount(0x0, &(0x7f00000002c0)='.\x00', 0x0, 0x3f9ac67, 0x0)
r4 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x123c060, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x6, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0x98, 0xf7, 0x56, 0xff, 0xf94, 0x1, 0xd3ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7, 0x2, 0x40, 0x0, [{{0x9, 0x4, 0x95, 0x7, 0x0, 0x10, 0xc4, 0xf5, 0xf9}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x310, 0x18, 0x5, 0xc7, 0xfecfd2d3b1105113, 0xfc}, 0xf9, &(0x7f00000001c0)={0x5, 0xf, 0xf9, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0xa1, 0x6, 0x10, 0x8, 0x6}, @generic={0xe9, 0x10, 0x2, "a5b47a290f6850a1e39b822b64dd880ef8f13b59a33b7fe1c59ec6d1926089cb53baba8f0609a57eecfb73ccca31ebccb3b8dbb43df7b37d9444cfd8204cda591024d69b60b6c3410abed98f614ad9e087517b2c2624246e1a89c614c8053fe2f675cacc6aab9b62ae007477f64c5e5353eeda69d69baefdeaf90ed86def3bb5f64ba5d3dab399e105b4de3f895aeef28b9dd1e2a2cb23aaa7344c2322dfe2555a2636141c0c4f73cc450a556eec5289ebd226e5495f9ce8fa6c679aea46d13ffbf0d9033cf52ac7c0b44a15ef086a4447cc35c7e1fd65f33cc65c8396562b63057f6bd4b7c7"}]}, 0x3, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc11}}, {0x86, &(0x7f00000003c0)=@string={0x86, 0x3, "87bfece044b46d28444258bc3ce91f836212f53be9aca8a4788c73d91c788260eb550827bccc33bda7a0119e0a782dd1e2534fbc2d9d4bca46922a2319893d39257d9f8c14038d03a5419873e976bc299d49d810e2ec588d5e59e46061bea1665423932c9d17319a6ae4b4b0ab9b3d0031e01f6d888b16396f1e0f4d67a4f32ad0d48dc5"}}, {0xf, &(0x7f0000000340)=@string={0xf, 0x3, "b768ae57cb24cc83b6bc4cceef"}}]})
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x36, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x40c0}, 0x0)
shutdown(r0, 0x1)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x200000, 0x0)

659.870876ms ago: executing program 1 (id=6460):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000000}, 0x810)
r2 = socket(0x10, 0x3, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004040}, 0x4000000) (async)
sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004040}, 0x4000000)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$tipc(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) (async)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r7, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x7, 0x109e96, 0xffffffffffffffff, 0x400000, 0xd, 0x0, 0x2, 0xfffffffffffffffd, 0x48d6, 0x10000, 0x6, 0x6, 0x1], 0xd5d5c004, 0x8340})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000080)=@x86={0x80, 0x4, 0x5, 0x0, 0x9, 0x5, 0x40, 0x7, 0x6, 0x4, 0xf9, 0x8, 0x0, 0x0, 0x5, 0x2, 0x84, 0x3, 0x4, '\x00', 0x4, 0x9})
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) (async)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r9=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) (async)
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r4, &(0x7f00000001c0)={0x2c, 0xc, r9}, 0x10)
socket$packet(0x11, 0x2, 0x300) (async)
r10 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r10, 0x107, 0x7, 0x0, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x4cb0)
sendmsg$tipc(r0, &(0x7f00000000c0)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x1, {{0x1}, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x20000090)

636.144476ms ago: executing program 1 (id=6461):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x37, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0xffffffff, 0x2, 0x2, 0x3, 0x1, 0x1, 0x7ff, 0x6, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x4, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00041, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0xfffff50f, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x9, 0x5, 0xb, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0xfb2, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x7f, 0x9d26, 0x0, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x200005, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0x17, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0xa, 0x80000001, 0x7777, 0x1, 0x6, 0x100, 0xd8cb, 0x7fffffff, 0x5, 0xc, 0x32d, 0x1000, 0x1ff, 0x2000003, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0x7, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x13ffd, 0x1, 0xbe24]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x28082)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000080)=[0x0, 0x6])
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6fbe2afd, 0x0, 0x4, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r9, 0x6, 0x6, &(0x7f0000000200)=0x40001, 0x4)
sendto$inet6(r9, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
shutdown(r9, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r9, 0x6, 0x23, &(0x7f0000000180)={&(0x7f00004c4000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/189, 0xbd, 0x0, 0x0, 0xffffffffffffff6e}, &(0x7f00000000c0)=0x40)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0xe0)

583.449407ms ago: executing program 1 (id=6462):
r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x100000000, 0x482802)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x3}, {0x60, 0x20}, {0x6}]})
socket$tipc(0x1e, 0x2, 0x0)
readv(r0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/133, 0x85}], 0x1)
syz_usb_connect(0x5, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x24, 0xb0, 0x9e, 0x20, 0x54d5, 0x953f, 0x8282, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xd, 0x7, 0x2, 0x8, 0x2, 0x0, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x48801, 0x0)
ioctl$BLKRRPART(r1, 0x125f, 0x0)

361.592978ms ago: executing program 8 (id=6468):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x20080, 0x80, 0x10}, 0x18)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2, 0x3032, r1, 0x2000)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4}, 0xe) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0xb, 0x31, 0xffffffffffffffff, 0x0) (async)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000100)=0x1, 0x4) (async)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (async)
setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f00000001c0), 0x4) (async)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', 0x0}) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000002c0)={<r4=>r3, 0x4, 0x6, 0x6570})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
fstat(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
setreuid(r6, r6)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) (async)
r7 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0xb, 0x0, 0x8e, 0x0, 0x0, 0x2000000}}) (async)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) (async)
r9 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
setsockopt$inet_tcp_int(r9, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) (async)
connect$inet(r8, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) (async)
sendto$inet(r8, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) (async)
close_range(r0, r8, 0x0)
syz_open_procfs(0x0, 0x0)

290.350188ms ago: executing program 8 (id=6471):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f00000000c0)={0x3, 0x2, 0x90, &(0x7f0000000000)=""/144})
r1 = syz_open_dev$hiddev(&(0x7f0000000100), 0x81, 0x181000)
ioctl$HIDIOCGPHYS(r1, 0x80404812, &(0x7f0000000140))
ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000180))
r2 = syz_open_dev$hiddev(&(0x7f00000001c0), 0x0, 0x81)
ioctl$HIDIOCGREPORT(r2, 0x400c4807, &(0x7f0000000200)={0x2, 0x3, 0x880})
r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f00000002c0)=r4)
waitid$P_PIDFD(0x3, r3, 0x0, 0x8, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x20)
lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x28a401, &(0x7f0000000480)={[{@nfs_export_on}, {@redirect_dir_follow}, {@nfs_export_off}, {@verity_on}, {@nfs_export_off}, {@redirect_dir_follow}, {@verity_off}], [{@smackfsdef={'smackfsdef', 0x3d, '!+@'}}, {@dont_hash}, {@uid_lt={'uid<', r5}}, {@hash}]})
mount$binderfs(&(0x7f0000000540), &(0x7f0000000580)='./binderfs2\x00', &(0x7f00000005c0), 0x880000, &(0x7f0000000600)={[{@max={'max', 0x3d, 0x3}}], [{@audit}, {@pcr={'pcr', 0x3d, 0x5}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x62, 0x64, 0x37, 0x61, 0x64, 0x37, 0x35], 0x2d, [0x38, 0x63, 0x63], 0x2d, [0x32, 0x34, 0x30, 0x35], 0x2d, [0x63, 0x33, 0x36, 0x39], 0x2d, [0x65, 0x62, 0x62, 0x64, 0x62, 0x35, 0x39, 0x32]}}}]})
listxattr(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0), 0x0)
sendmsg$AUDIT_SIGNAL_INFO(r3, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x80000039}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x10, 0x3f2, 0x10, 0x70bd2c, 0x25dfdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x8040}, 0x880)
ioctl$HIDIOCGFIELDINFO(r2, 0xc038480a, &(0x7f0000000800)={0x1, 0xffffffff, 0x1ff, 0x8, 0x1, 0x8000, 0x7, 0xffffff4d, 0x9, 0x8, 0x2c9, 0x1, 0x80, 0x4})
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000840)=0x1, 0x4)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x38, 0x7, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000)
setns(r3, 0x10000000)
r7 = syz_usb_connect$rtl8150(0x1, 0x3f, &(0x7f0000000980)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io(r7, &(0x7f0000000c00)={0x2c, &(0x7f00000009c0)={0x40, 0x31, 0xad, {0xad, 0x1, "8ed0a7f64d543cabb8d7dec5e9c19045fa6d07505f2af55455ac8f1d7734abd169ccff572a7cff22e4c827dd32d0cf938ebb79912f637eb964f0f306fe4b3cefd73c686b5851fa3ecf89d4998882b3f37dd23d53b2a961b79845ff2cf198246e3731c0dc3db1a8f1b42537df01a0ce4533970e6c8e756cee3adfe40e4a7f424f418e555b57c6b157d528477fe1700c859a1bc41d4cc6a5a99106ad7a2b18cdf9611f49d70079b953d2e53f"}}, &(0x7f0000000a80)={0x0, 0x3, 0xac, @string={0xac, 0x3, "41aef8b4eb96e4ca330c9962673b52e4afbbe1c7bae411c339d9685c8384dc2567c20711bc3b08f85ed53e23790833586a6e86d31ace37697f49d18fb8700c328e2c500e46cf36d774b85fa6a7f880bc3c910cfe348efb49b4198f694c5157d2948c4f72e55155b558469fc5e7f4ac0910df49f061995e0e10f863da0f4a4f30bd6cf74f05badb1ea4b3e7a9aef50103e2b9da2db1412434d64aa2fa142d72a13c56d49af81b440ec2e0"}}, &(0x7f0000000b40)={0x0, 0xf, 0x23, {0x5, 0xf, 0x23, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0xc, 0x0, 0x5d}, @ptm_cap={0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x1d, 0x2, 0x2, 0xf000, 0x3a87, [0xffc0, 0x30]}]}}, &(0x7f0000000b80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x80, 0x0, 0x36, "251756b7", "bb292de7"}}, &(0x7f0000000bc0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x0, 0x0, 0xe, 0x8, 0x0, 0x6}}}, &(0x7f00000010c0)={0x84, &(0x7f0000000c40)={0x40, 0x31, 0x7e, "9296d1a0b8d269b9525afa62ed58c6099697da39188d60de31f40d6e3ba6199187b79b86916c6aa1f6847bf43f4822433a4d376092fe3c2ea4a310a5f4c5d3e5f7651a0091087caee8030ac76d5c9bd68c57c71511ac47582bfc8f85956e8e83769a56d6a8a466fcb00171e34c21ee34c6fde5a1a5c606ef6467feab9130"}, &(0x7f0000000d00)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000d40)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000d80)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000000dc0)={0x20, 0x0, 0x8, {0x60, 0x10, [0xf000]}}, &(0x7f0000000e00)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000e40)={0x40, 0x9, 0x1, 0xe}, &(0x7f0000000e80)={0x40, 0xb, 0x2, '|<'}, &(0x7f0000000ec0)={0x40, 0xf, 0x2, 0xff}, &(0x7f0000000f00)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000f40)={0x40, 0x17, 0x6, @random="440fbd26c346"}, &(0x7f0000000f80)={0x40, 0x19, 0x2, "0911"}, &(0x7f0000000fc0)={0x40, 0x1a, 0x2, 0x5}, &(0x7f0000001000)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000001040)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000001080)={0x40, 0x21, 0x1, 0x4}})
r8 = pidfd_getfd(r3, 0xffffffffffffffff, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r8, 0x0, 0x43, &(0x7f0000001180)={'ah\x00'}, &(0x7f00000011c0)=0x1e)
fchown(r1, r5, r6)
ioctl$EVIOCSCLOCKID(r8, 0x400445a0, &(0x7f0000001200)=0xb6)
ioctl$EXT4_IOC_SWAP_BOOT(r8, 0x6611)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r8, 0xc02054a5, &(0x7f0000001240)={0x3, <r9=>r4, 'id1\x00'})
ioctl$HIDIOCINITREPORT(r9, 0x4805, 0x0)

198.889469ms ago: executing program 6 (id=6473):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x1b) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240))
socketpair$tipc(0x1e, 0x5, 0x0, 0x0) (async)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="39630a784d5bb88d4e83f929b71159136914a265b703d41fd07de8c23dd22e02d034b7b6d5ce5794e72be690a2a2a552cf5159d974a56b6388af676d7bf219d1c3c0c3308eeaccebc8d05948ee21838f73689c401e58f5e7529a589b837517982d0c7b1d9cff214771bf90802c598e6b02fcfac471e019006046f43c933dc34e04d06f9db7c020e39d6ccabfb141685bc65dce4e0efee8261f12a754d4f80b0b4d0e0be201d9a1f1631cba37d0250943ebfcc9c7d3997483a8948381872daff37b171e34e08173ec38e3cc68e3f2731efe501e7065446c51d189adbc6deed4b7", 0xe0}, {&(0x7f00000003c0)="d3480117702ad6a417f23f505ddf333be345e8b6b6f2614e17d1bed468aa5e77a2d229ef749886b4a17fa308c8805f6d34c29bb3478e8716ba9e93420b09c166305e89d546c4a812776d697f455667023ff04a4e666f228769d1da969f976edd73c7e3324a02f078ef30712f58cef37e8db4dcbf612ef9df91dfb3c9d9d2515f725576bc9eb8a18359b3eaecb8f12017fd2ed2355adabd8c76b14459d1f8344e2615ae8f8006bf307f49c330c6ac8df0f310b7c054c73a7ad6dd58bda8eea29d22c68fd9d48177bc7fd2d78896909d8764a6fe9f23bf134422b439f994bd10b15e8d6a3a78f0", 0xe6}, {&(0x7f00000004c0)="a55bc22674f85e4287333cf17d7cf7909c841ba2c5d0b21a8583b793fa75e0395ccd8b0357c49af354af5ce8e17889083c69cbbb7a86e83576cf797ab404f5646d46f7d624d0c799890986803875cc5d0a90ca55f7fb8d5090c5a5be412c98b39ea6fb1a65dccb3a69c213ae6c3c5be0ed17ebcc3e056f2c8ce39c5d70096d09d424849cf570c68e", 0x88}, {&(0x7f0000000580)="e0fc9b7285e61b5168bcd86bcce96d690de5282297a239c632ee75b7167629968d1ba164c12be2edbceda9d7eccb86671c86c14e2f1856962822520ec2cc811217306e2cac716295f38770bd7fdddca38924208369f861e731108ae3bc7bbb762c6ed91340f4e970b5a30bbb2463c84610e35093707c43a5fc90b7d5223ea66a9bbee50e94c568aac6f6e3961603a717da5d473ca9d205dfe1ff941fc1196ea9d6a6a1c9b53268d9d91162a69bcdf6a1c0", 0xb1}], 0x4, &(0x7f0000003740)=[{0x38, 0x102, 0x8, "0e38857c921d3a72ed4204a81bfcf5be6304deaf4f7eafc9a5166bf294fc177748"}, {0x48, 0x118, 0x6c8b, "3e8511534e1f3d75cb007ae9b51543998fbfbe203fc7a98c2ffb6c1398b854164967b13cf128efe4d2c82a0d2e679db4f894fc"}, {0x28, 0x117, 0x5, "9f4c705a352d18d12bab274324efe8c8361aecd63f"}, {0x1038, 0x0, 0x100, "fecb1408a95d5c1da1bb63e705fe725c9d3ed18304b1631dc13aba8370fd383238592fcef133c72be0a261d6ba09e9f6982221ce70c645b5d5149e31dfdeead1cd27705aef645758f52f5754e7d6a6cec3fbde14d81d190190adcd849db7e550f3422b4d63209c8dbaff697699c74d996c1a60d448be649427db69c669a1db25096343f30fc02ad75544ae6b4c858cdb57ed723b5b957a336b2074995830f1764c9011ec282946d32d75b52e073f05c4996814b60f1990b7eaf9ef52e8b05f848ebd4d93b4238e86be80b0ffc2069ca13ed54ebf330e4782f345dbcd557a9df30c5bf6252daf806726feaaacbf900fd7b3fadc96900e05e816786649931c75abd3775cdfad16ff448e4beb9e5d8e2b7757dfc8af7a2e44786f0a773c52d2e7dfc5aa24f9a59c549ce3f429303a867362c9c574d032b35fa9189d900bada7d4705eb5a8e21da0de9b4bfe36f040a2aa6be3e558df869bd6baede9b7c71167b483714c20ff9741167ae8c2be57675932a0c71fb10560a31585fd70a37531bd2a15e07dfdb068b93ba739246b219b8bdf828fa4222801a48593821c3b9101628833f3314ab978046880134c2009b8194a5f1f2236b2b6dd5baeac068718d4a20cfb655a6cb0666947d664a1b132a0a37f4ad7afcc851830b6abc0316df3046a219997fd39539de35ec631bcebf138470f9a0a84a3e60e3251f2c4906bf65dd4cc8f0af180edeade2d435ee278e1324931b84462371bffecdea8d1be4657b2f646808da1477aeb6b57345c41d2a14981398494be3f21db66c738e2b4e87fd64f26bfd223faa2e903de0ad15bc280f375deef5c34f5b60d3daa8d91799536b61548a937f7ed013ce3b9787651d0bdc583c351c242cf24b1fa5ed7b5a3452e549f8c6bfaf7eea33828cef5285e465d7e1bb3c338014b6e77ad6e10bbd7554bff865cada900ff128d59fc7bc3d9702268a8304b2ed24522d79105f82ee0d0bdc09d693da24b6f9ad3526a16ae167d20df223c7815c62eb56fcafd6fb1ce681ad47bc989ae1ba3db4643080bf06f9cb97890467886093894e91817c9e6a55643222abe5b2b1b70cb0f54067e687abe7235629866f71fa88f077a96183d4d34619192cdbf7592f5eb3e8e739d2982be085e4e978456dc607a8833ed4b79370e271ce67446df8be36cd15bceee378c61a80fe527d9baafba8bb0eeecf48238a4569c6920b167b914a2cd0d8139d87c18f3c5e28da08900a76830815b2982ee8d238fac6389fce73c75c0059742ccdfd380b5c80255306ec8215697d1e693b86af405538c1279e0e4690e5549ba0ef2c795eda9f2409202df86ae6414e9647aa0818a1c2ca1984ed1dd64ed0ceebaed383817f33e315d5350d03de8d86787518baede0a371cf51376976eaa7236941def04a6b3fd582ed044a47fcbd68b272b009e1c01c339aad1c3b09851992a1607af0e5c6c89dd7d61ce27a96b03b385f0929315425efec064cf0ef84f50fab9ee80d40511dca56f41180e1cf53934cf9675c27280e72f818f30fe5ee6f91f076429476f2b817fca8271f29f224e927fa383be7cdb7432cb3a9da46ade324ad7fb19d79fcd2165139ed4148fabb652f71ed4caea0b621b42d07a92d488b5b76a548fd6a4c831f7483b0818dc883e79f6b45ea9d0db87d4792b11b12534a1a34255385d69e342e8466e96f2a6b9e3db33a4297dab3653293780041c6967dc8a3b343765054d6eefe4687383d8c2c5c291001c8dd7a45e38284bf688f80cde00c6cdaf0aca92cd701d4181ed44ddbb2d0de968ef8b0361a7592de3d2fe7c479a64974d68474d4df20ceff49b429e4ac70be7c56facc6aa2b29edfba2791482b1c9021171b651ba74c4ef193fd9f6bf01c822095450ce9a8bc1121d5e5125002aa36c50ee53b8f96e39ba241a1675b0e0c55ea84b712d86ac9b3b4e8146a5a1b60c3e15b92115426c5173c9a51e01f66f980b5caa696c8d97f7098913a20249dfd5b62733188190b9f8a34a02c6c2d32fef797babbd190e11832ba8d974aa767506575d6d8ff7b4418434b7c2a0122924dbe7abd4c78a95aaa25a1163ff28f2bb584c98ee6039d6dc29dee8349ec4905e78c858c61269d66ad720de33886f0591a26580d155d9f98ea7f16d4c20caf371b930c1b45d56a4465002aa90438e98c920d57f55987d43f3a939b491361366ab140419d78574eee641decc58894f8c04b4431fdc62ebf8077f79bd398a527b090255b1ef7bee6db0883b8688ea4b2c531fb826af084d26c85b05b79d2a28b02855a30b6df017f2a33ffc6bbd6bafa0c6e7746d05b8fb0b030e6962f7ec495826a69fd22afb7f1302d02082c2f46ffbb05e18e061bb4612fdd90f17a608db3618764b7899b300b1114829a1a9e9bfe1db9418c0ebd73f99d894f41d47fcc23df6198a16d9490429807b21d821a0d35c0020f4be4aa2e8efa848776ea00fb67beada2c1682f9c25419aca371bcbd537cfbb2089efc8e44601ea5df38bbbcc7e9fc46000e50acddae73b9b8a29281c16d35c6f28e2b97a03feab5e7f45149276acc6e49532b8beca67a74ad561df9139da1e04b6a1f25f364d34fb461a41b4f111d04d0d1f780c12321537502b645685342d7b15f7b81495e8bf20928cb65a5783a3d87a7b1b369f580f63ed8b61971c214c0a30c52ba3d09fe933398ae5bb677acadace31acb622734f10a0bdc0b6efb2229b811887cb6f4d7f1ea605bb8b371c4d2676d302f56d1d40ff76e69cb0905d985c639cc52ac6eeacc6d43b81f999fa6393c6332195deb3414e27664ec9d794a342e4437ee8b707af345c6f7239742f50c7c9f28b73080e7b2d28a10a3599550a001602f04897b4dbcf6a6377e90836b742eb45b169d55e44a4eb9ac66333df053a36e9e48611e33a7707b43a4aae6491d71c755b52c4ae145c64bf4793ce3c2180638b36462c8d0595ce2f4e28a71166939127d88fc5d3bf32ee8e91420e0b48285a226d17a50cb12c0c2228139da0d739966bcd22590af8e9d9a6c59fe6f990fbddd402ef65c9eb9aad00ec97f1dd719da7a92c7a8234add5f8c22fde7ba2cf0cd894605c469a6aeae43962e8778fd77daa78d76ea677c1277724aa6e507907cf917757e561f2ddac79498927b315b7d90342ae34550aee7372aaf68bf60871aa6411b2d2461fa9e76da63ae45c420ea065940b7028e419b7507bb671e47a10eedde5b6eca2d59f7ca7893ecd9710c9b199b132fb59bc4765da090f75f6b1783351a8b9aaf76e9d96895b66fa429567b697db8a271e19a5480921b1601ab063edbbc693ea5d59259b3665babf526bdef2e893176b97b7474cb199f485e85241f0736a0c1e91b031b2ce9a4b1fe1c27b591d54e037fee0984b45244e4ee6fa0ff02c4fd5d1110459683eee394c4cadde362e8692cd571d14c10c8c9217f00fe2283f9a0852b7b72ff3e04a8710f05bffdc1c40a0729e5bc1cb06589ff82ca4fafd75629d6d47559863b43d8ef1f1f441824abcade74d7166cb27eae095490f1fe8ae3ee67ed44e3e27fe58565df6c0e33fdc00d7e55595204aa53e5d2a967edd8fb8ed6f6abd9802bfbd0bf6fd8e21a097b1d0eb23f9e3d516533449df2b3f6d3d5e5edc09e9f6732b915bf299605a553e66833e986e48acb4fcc8253e8ef5d85bfa16c4412ecd5df1b78b5b358f7b783dd037399be8d8865e4c409b44145c6bf4f5d8dbbf106376b1a03972fcbcafa53d3634c3e16cd6551d4d950d7eeee70ca232f1eb022b2957afff7f7eeca378c12c6587a2aa7f3550be277681f7786e2e41b164dccf4a5cb2d2e04aa54937d8a373500829ce3666fa0e72819c851c387449fe8958558f4f77cded2e6c3d98f3ee81593284e668304f720a89cd65eb82f01f564dac13b1291c13cc0472e272ca9cb791caa978a3821436ea1e36c200c5cdbbd44c6d1e7fb07014840826d4aa7dfc77f8805c05e27ecf89d4576a476695f1320f19c65d16c7804e5fdc5bfce4d318707ffc933104c869f5c697e7f8a1d204c940296584a808201a5b27ac71808d963dfff586ed253874ae6d6dfd4fafa05a56239723dc6188452dd77b1e3264de0e05a628d4357b67c950babfaf79be24d306d5ffefcb4ffa6cee68a48f4004469da47dcd28f91bc07160d1b0ef99ad17568ce30962000394c09723e225d463575116e4d8c0748681a9646cd4c09dab79c926dd6c16bb8e6829c8a8bd917e57978191eeeec14736178accf22b6d5327a8e40ac13f13a5fac1a87e6043c60a03c9b92ea5f90af320c5ea18906e2af4f254f2dc519a2d612fd375f481612f371df091e9fc74cefb6a417b867d24004379957b61ea85ed936b7ae273b763595c4ba8283beebd0103ce8d82a8394071a50c04bbc6af566b777f42e0685e1ce5eeb98511e0ca280ebb19d852c548b84242f06e0d4f2b5f60347537f831ba645b8b7150381c271ebb1db0469e9852115a3971d20b6c548232be3bfe836abcad590fd40353498a14885e03fcbf69a69de31e35ec9297cb321e47c679c228ec3ce67f05255536c42ca55ad889e31ce7bf263a30df4c46ffc097e0e7fd33499defc18d3d40b70f5ba14d8391d385675da63c70656439c49389e0ec709dc77a3c711810dbf8c5598273e982eb5b7fdfe4f24b3e78321b6a8382b8555fd3a8ca5345a762cd95d842d47b6853d829e1f8761df64b7f923a806344ca4e4ae20f68b4d951a9375816c4a46f7c55d3aafcfcfd84d944ef3bc78e898ac0c23cda915ebcbc22f46f98cc5d8148cf1ef98379da7684eee6a48730e62d37368e6b99ecd6dd7f8cecb0ecd605df775542b334b1dc9924bbc22172923735fd6bd1e53094fe74be1e4f1c9a427b58f7b3478695e459f29495fae1d8cca372ef99306624071a81531f739bdc2a929d422f33804b282f96d97c961f6f7b88dde7f916e31db7ca87f5f19b184ed4f27fc3f60348a15dfe093d598fa210478d0f4b6c8d7e0ec1fe1becf640c70318b791bc830cbcf1fea92b1c0ab5383275b852f473fd27bbe293b21ad6ae85c948f03343f73ee6f93815af23e342dc96bcb5aefb36e6cbf1e28aa6079c5dd30133e96f249bf065c5af0194123c79422b62e803b81577178c195d30b38edd0e985a6d77948df19826e321bcd7a1154952652de7beb9fef27f87fb3ba5cc0ce736613d5afc22a0cfe72059faddb306722c4ec09bcd1ac0cda5b8693fe280f77a49ae80f437013a5f67e8ce4ef6532a43d850f1c1c46f328a76fe3276e8735f8ff3b996db81aab308b8f95fc2d3a60fd1a91b45e1fd86a47b887cd293f264ede6477ba2979905b95d81b609ebe23f736d13ab3984a2822201dc1c1a9b524d2d830559d1a197a9707a3d68688c0efb2c2d699ad3e9a00449767f1adad6119b1fda9d6939d4f85f5c871ac8da52e855077dc21048b0cb24df3c2a42d60570a1109393a61856ec7ec8ca51594030e287f1c21cc5c76350111c8e3d4fdb82bc3308621774f55bed3af0c2975c0e4f7bf2071f1a02ede02fe9ddc540f14677643a6ebb2195499940128218d467fe1931f13baf21c6c472253a6d82df5fd5335c76fa6e98f0f3200812ee6bba92a5ee0927603331c8381bc4f94e14f0c6957a61eac2b31025e23a80e368b6044174c755cf27d6c0e9d6ce1200165cf59fc6cf5fb056fcb7beeabd473049e92d5516075fb48650788eb190037aeaf9e2803ac80a214c0dbf8f042137fa18c7e6260eaf314d2f065fb8ccc13ac80fa48147e9cb9b72970847fc282608e394849ea6eb2cb461dbdb1c0f343d2ca23efb4382cf9b969052d64fe269fb63eb0e70bd81ffc447350355e"}, {0x88, 0x3a, 0x4, "1de0f426a3ed550c054736d4642c4901cb6de7d809a184c035ef04320eb20a553c379fcc78c4f752d27234ef4dac46783e65cce0e8cd67af79d717b3ae7dfd7f9dfea52bcb52b1e29262a77c0581a4621e76ed0c70d56906a5aa7170567d74444c036de740b6f1e05a59fd43cd30b35f91e2"}, {0xa8, 0x109, 0x3, "5c180f4ab458f3a6a8517c3697ce636089daf3fcc99b691650822737d1b873425283e1d90f48fd5e84dff8d2a8362b65e37fe44d2f0b2cffd7d4f9aa4825632834b784ab7c8080def9186950888472ec00f0972e8a14dda52d2a0cf212b2475146ea150c8907a748fc6289ce72290cd22bfe6845e6bfdd0c89de10abd61ab5440139dee25acbd5f1d017132a419409de1faf"}, {0x20, 0x102, 0x9, "18c49429ee8d0499ca4a39e408c835"}, {0x110, 0x1, 0x5, "4db84285340b88fbebe07882fc33d2957bc8c82ad5c18a421a4c0592c617d758f8df68e2d9849e0a0db1146b6aafb19d35c011b6b3ababb703e20c398f13fdd5b9ff09d9751e102aa6e860a2ab3dd730d63a02a7837d0aab6dce1d64641c1c693674f5b73f5501b7b9f6fb6778bd2564e99d7b78a3255ba71d75db376a8ba503c18bf1bcf11d8250c706a0d6e45af4d4282e72b8cb4db843ea852cab673c87247749e3ff88a6088371547e1ef52cb19681b310bede7854a40ebe1ac093078d13afff2b64a678e0c96b4965e724ac65864b05a7dc8a80bff0e4b2555e6967c7217788268afa11660ac98c14b12713f545b00db543be5900ff5bd813cb7a0c67"}], 0x1340}, 0x20000000) (async)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_route(0x10, 0x3, 0x0) (async)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
pipe(&(0x7f00000002c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)="390000001100090468fe0700000000000700ff3f0800000045000e070000001419001a00", 0x24}], 0x1) (async)
write$binfmt_misc(r4, &(0x7f00000002c0), 0x15) (async, rerun: 64)
splice(r3, 0x0, r5, 0x0, 0x19404, 0x0) (rerun: 64)
bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
accept4(r2, 0x0, 0x0, 0x0) (async)
setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000280)=0xfffff908, 0x4) (async, rerun: 32)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/sync_on_suspend', 0x40a82, 0x0) (rerun: 32)
sendfile(r6, r6, 0x0, 0x4) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x2, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0x4}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x1ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008091}, 0x395b7a0214e8daea)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x311e80, 0x0)
readv(r8, &(0x7f0000000140)=[{&(0x7f0000001400)=""/4096, 0xfffffcd9}, {0x0, 0x2000}], 0x2)

87.447949ms ago: executing program 6 (id=6474):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0) (async)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) (async)
sendto$inet(r1, 0x0, 0x0, 0x20000870, &(0x7f0000000240)={0x2, 0xffff, @remote}, 0x10) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
madvise(&(0x7f0000fee000/0x10000)=nil, 0x10000, 0x9) (async)
openat$cgroup_int(r2, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000180)="86"})

87.093149ms ago: executing program 6 (id=6475):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6082, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x0, 0x0}}})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000080)={'bridge0\x00', 0x0})
ioprio_set$pid(0x2, 0x0, 0x0)
sendfile(r1, r1, 0x0, 0x1000007fd)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/248, 0xf8, 0x2, 0x4}, @fda={0x66646185, 0x4, 0x0, 0x14}, @fda={0x66646185, 0x0, 0x0, 0x26}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
r5 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x4000200)
inotify_rm_watch(r4, r5)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000580)={<r6=>0x0, 0x9, 0x7})
ioctl$BTRFS_IOC_GET_DEV_STATS(r3, 0xc4089434, &(0x7f0000000980)={r6, 0x0, 0x1, [0x74, 0x2, 0xe2, 0x8001, 0xb0], [0x61, 0x81, 0x7ff, 0xfffffffffffffff3, 0x4, 0x3, 0x99a, 0x9, 0x6, 0x100000000, 0x6, 0x2, 0x350, 0x2, 0xadda, 0x1, 0x5, 0x0, 0x7, 0x80000000, 0x6, 0xae, 0x0, 0x9, 0x4, 0x1, 0x4, 0x8, 0xe7b, 0x7, 0x1, 0xf, 0xe4, 0x9, 0x7fffffff, 0x1, 0x8000000000000000, 0x6, 0x3, 0x8001, 0x7, 0x3, 0xfffffffffffffffd, 0x401, 0x6, 0x7, 0x45b89ad1, 0x2, 0x7, 0x9, 0xfffffffffffffff7, 0x930e, 0xdf, 0x7fffffff, 0x9, 0x10001, 0xfffffffffffffff7, 0x5c41, 0x7f, 0x1, 0x8, 0x6, 0x7, 0x3, 0x3, 0x7fffffffffffffff, 0x7fffffff, 0x1, 0x55ed84d4, 0x2, 0x1, 0xffffffff, 0x2, 0xba06, 0xb, 0xfff, 0x5, 0x4, 0x7fffffffffffffff, 0xc3, 0x6, 0x0, 0x6, 0x800, 0x6, 0xb9ce, 0x1, 0x3, 0x8000000000000001, 0x2, 0xe4, 0x7, 0x3d8, 0xffffffffffffffff, 0x3, 0x7, 0x2, 0x0, 0xfffffffffffffffe, 0x8, 0x7, 0x0, 0xfffffffffffffff9, 0x8001, 0x80, 0x3, 0xc, 0xb23, 0x81, 0x0, 0x2, 0xfffffffffffffff3, 0x4, 0x3, 0x1, 0xa, 0x89f5, 0x6, 0x2, 0x1, 0x401]})

83.28922ms ago: executing program 6 (id=6476):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom1\x00', 0x0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)) (async)
ioctl$BINDER_GET_FROZEN_INFO(r0, 0xc00c620f, &(0x7f0000000000))

79.742049ms ago: executing program 6 (id=6477):
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
shutdown(r0, 0x1000000)
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x208003, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)=[{{&(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10, 0x0}}], 0x1, 0xc044)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130) (async)
r2 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x40106726, &(0x7f00000000c0)) (async)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x40106726, &(0x7f00000000c0))
stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)) (async)
stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = socket(0x18, 0xa, 0x1)
recvmmsg$unix(r4, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x400120a0, 0x0)
lsetxattr$security_selinux(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:dhcpd_initrc_exec_t:s0\x00', 0x29, 0x2) (async)
lsetxattr$security_selinux(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:dhcpd_initrc_exec_t:s0\x00', 0x29, 0x2)
getgroups(0x3, &(0x7f00000001c0)=[0x0, <r5=>0xee01, 0xffffffffffffffff])
chown(&(0x7f0000000080)='./cgroup\x00', r3, r5) (async)
chown(&(0x7f0000000080)='./cgroup\x00', r3, r5)

22.92242ms ago: executing program 2 (id=6478):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
r1 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) (async)
r2 = socket(0x10, 0x803, 0x6) (async)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) (async, rerun: 64)
getsockopt$inet_buf(r3, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b) (rerun: 64)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) (async)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r5 = ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece) (async)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d684ec0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72bd2597c592ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f7eb55bb353ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe025ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a95d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f600"})
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x40)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000000)=r7) (async)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7}) (async)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, 0x0, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90}) (async)
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000680)) (async)
ioctl$VHOST_SET_VRING_ERR(r6, 0x4008af22, &(0x7f00000002c0)={0x1, r7}) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000980)=0x1) (async)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
stat(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
quotactl_fd$Q_SETINFO(r0, 0xffffffff80000600, r8, &(0x7f0000000280)={0xffffffffffffff7f, 0x3, 0x1}) (async)
mknod$loop(&(0x7f0000000300)='./file0\x00', 0x4, 0x1) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 6 (id=6479):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x4, 0x1}, 0x10)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
epoll_create1(0x80000)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x14)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988ca", 0xe}, {&(0x7f0000000500)="f98314d58ce4b24ee1534bcda4c0118523a2f5fe0000bbfc11", 0x19}], 0x2)
bind$tipc(r0, &(0x7f00000002c0)=@id={0x1e, 0x3, 0x2, {0x4e24, 0x1}}, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
futex(&(0x7f00000040c0), 0x6, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
futex(&(0x7f00000040c0), 0x87, 0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
bind$tipc(r5, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x41, 0x1}, 0x4}}, 0x10)

kernel console output (not intermixed with test programs):

ntered promiscuous mode
[  454.310774][T15818] batadv_slave_1: left promiscuous mode
[  454.605281][  T331] usb 2-1: USB disconnect, device number 44
[  454.632786][T15834] rust_binder: Error while translating object.
[  454.632818][T15834] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  454.639082][T15834] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:156
[  454.663432][T15836] overlayfs: failed to resolve './file0': -2
[  454.667389][T15838] rust_binder: Write failure EFAULT in pid:158
[  454.679986][T15838] rust_binder: Write failure EFAULT in pid:158
[  454.687860][  T330] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  454.857891][  T330] usb 9-1: Using ep0 maxpacket: 8
[  454.864317][  T330] usb 9-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[  454.875436][  T330] usb 9-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  454.888792][  T330] usb 9-1: config 0 interface 0 has no altsetting 0
[  454.895492][  T330] usb 9-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  454.904555][  T330] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.913187][  T330] usb 9-1: config 0 descriptor??
[  455.017857][  T331] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  455.120158][  T330] logitech 0003:046D:C20E.003B: rdesc size test failed for formula gp
[  455.128691][  T330] logitech 0003:046D:C20E.003B: unknown main item tag 0x1
[  455.135828][  T330] logitech 0003:046D:C20E.003B: item fetching failed at offset 3/5
[  455.143967][  T330] logitech 0003:046D:C20E.003B: parse failed
[  455.150206][  T330] logitech 0003:046D:C20E.003B: probe with driver logitech failed with error -22
[  455.177905][  T331] usb 2-1: Using ep0 maxpacket: 32
[  455.184261][  T331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  455.195205][  T331] usb 2-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00
[  455.204298][  T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.212988][  T331] usb 2-1: config 0 descriptor??
[  455.320507][  T399] usb 9-1: USB disconnect, device number 18
[  455.819979][T15841] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  455.827783][T15841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  455.838794][   T36] audit: type=1400 audit(1762658247.629:1165): avc:  denied  { remount } for  pid=15883 comm="syz.8.5066" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  455.847568][T15841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  455.871449][T15884] /dev/rnullb0: Can't open blockdev
[  455.919427][  T331] usbhid 2-1:0.0: can't add hid device: -71
[  455.925426][  T331] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  455.934274][  T331] usb 2-1: USB disconnect, device number 45
[  455.961963][T15891] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  455.992695][T15896] rust_binder: Error while translating object.
[  455.992750][T15896] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  455.999137][T15896] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:325
[  456.072264][T15912] +$<�: renamed from bridge0 (while UP)
[  456.127975][T15918] netlink: 68 bytes leftover after parsing attributes in process `syz.6.5078'.
[  456.270551][T15937] fuse: Unknown parameter 'b��0x0000000000000005'
[  456.277853][T15937] rust_binder: Error while translating object.
[  456.277905][T15937] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  456.284170][T15937] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:343
[  456.362832][   T36] audit: type=1400 audit(1762658248.149:1166): avc:  denied  { read } for  pid=15938 comm="syz.8.5084" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  456.394135][   T36] audit: type=1400 audit(1762658248.149:1167): avc:  denied  { open } for  pid=15938 comm="syz.8.5084" path="/109/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  456.394610][T15939] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:345
[  456.421341][T15939] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  456.433507][T15939] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:345
[  456.437139][T15943] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  456.556226][T15955] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:353
[  456.569940][T15957] netlink: 'syz.8.5090': attribute type 12 has an invalid length.
[  456.599880][T15959] rust_binder: Write failure EFAULT in pid:357
[  456.612025][T15961] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  456.630603][T15966] rust_binder: Write failure EFAULT in pid:364
[  456.727850][  T330] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  456.887894][   T66] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  456.888278][  T330] usb 2-1: too many configurations: 98, using maximum allowed: 8
[  456.904484][  T330] usb 2-1: unable to read config index 0 descriptor/start: -61
[  456.912192][  T330] usb 2-1: can't read configurations, error -61
[  457.043121][   T66] usb 9-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  457.047909][  T330] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[  457.053571][   T66] usb 9-1: config 220 has 1 interface, different from the descriptor's value: 3
[  457.070226][   T66] usb 9-1: config 220 interface 0 has no altsetting 0
[  457.078544][   T66] usb 9-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  457.087756][   T66] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.095846][   T66] usb 9-1: Product: syz
[  457.100091][   T66] usb 9-1: Manufacturer: syz
[  457.104727][   T66] usb 9-1: SerialNumber: syz
[  457.208279][  T330] usb 2-1: too many configurations: 98, using maximum allowed: 8
[  457.217180][  T330] usb 2-1: unable to read config index 0 descriptor/start: -61
[  457.224843][  T330] usb 2-1: can't read configurations, error -61
[  457.231291][  T330] usb usb2-port1: attempt power cycle
[  457.567897][  T330] usb 2-1: new full-speed USB device number 48 using dummy_hcd
[  457.588608][  T330] usb 2-1: too many configurations: 98, using maximum allowed: 8
[  457.597616][  T330] usb 2-1: unable to read config index 0 descriptor/start: -61
[  457.605370][  T330] usb 2-1: can't read configurations, error -61
[  457.737892][  T330] usb 2-1: new full-speed USB device number 49 using dummy_hcd
[  457.758610][  T330] usb 2-1: too many configurations: 98, using maximum allowed: 8
[  457.767504][  T330] usb 2-1: unable to read config index 0 descriptor/start: -61
[  457.775256][  T330] usb 2-1: can't read configurations, error -61
[  457.781703][  T330] usb usb2-port1: unable to enumerate USB device
[  457.862059][   T66] usb 9-1: Found UVC 0.00 device syz (8086:0b07)
[  457.871075][   T66] usb 9-1: No valid video chain found.
[  457.878675][T15985] SELinux: failed to load policy
[  457.879279][   T66] usb 9-1: USB disconnect, device number 19
[  458.004375][T15992] kvm: kvm [15991]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0xc1) = 0x5
[  458.013150][T15992] kvm: kvm [15991]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0xc2) = 0x5
[  458.024334][T15992] kvm: kvm [15991]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x11e) = 0x5
[  458.035879][T15992] kvm: kvm [15991]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x186) = 0x5
[  458.044585][T15992] kvm: kvm [15991]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x187) = 0x5
[  458.056059][T15992] kvm_intel: kvm [15991]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x1d9) = 0x5
[  458.108183][T15992] rust_binder: Error while translating object.
[  458.108226][T15992] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  458.114524][T15992] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:376
[  458.217548][   T36] audit: type=1326 audit(1762658249.999:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15997 comm="syz.8.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663358f6c9 code=0x7ffc0000
[  458.250390][   T36] audit: type=1326 audit(1762658249.999:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15997 comm="syz.8.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663358f6c9 code=0x7ffc0000
[  458.273924][   T36] audit: type=1326 audit(1762658250.019:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15997 comm="syz.8.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f663358f6c9 code=0x7ffc0000
[  458.297472][   T36] audit: type=1326 audit(1762658250.019:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15997 comm="syz.8.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663358f6c9 code=0x7ffc0000
[  458.321119][   T36] audit: type=1326 audit(1762658250.019:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15997 comm="syz.8.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f663358f6c9 code=0x7ffc0000
[  458.344925][   T36] audit: type=1326 audit(1762658250.019:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15997 comm="syz.8.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663358f6c9 code=0x7ffc0000
[  458.368601][   T36] audit: type=1326 audit(1762658250.019:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15997 comm="syz.8.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f663358df10 code=0x7ffc0000
[  458.472498][T16001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=16001 comm=syz.6.5104
[  458.485536][T16001] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5104'.
[  458.521906][T16005] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.529027][T16005] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.062777][T16018] tmpfs: Cannot retroactively limit inodes
[  459.447887][  T593] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  459.514165][T16093] binder: Unknown parameter '�'
[  459.539041][T16101] tipc: Started in network mode
[  459.544674][T16101] tipc: Node identity 4, cluster identity 4711
[  459.551236][T16101] tipc: Node number set to 4
[  459.599255][  T593] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.610325][  T593] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  459.627894][  T593] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  459.643108][  T593] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  459.657312][  T593] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.671401][  T593] usb 9-1: config 0 descriptor??
[  459.683616][T16122] netlink: 388 bytes leftover after parsing attributes in process `syz.6.5133'.
[  460.016691][T16142] rust_binder: Error while translating object.
[  460.016751][T16142] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  460.023056][T16142] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:192
[  460.277912][  T399] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  460.427927][  T399] usb 2-1: device descriptor read/64, error -71
[  460.528054][T16153] netlink: 104 bytes leftover after parsing attributes in process `syz.6.5141'.
[  460.667889][  T399] usb 2-1: device descriptor read/64, error -71
[  460.907891][  T399] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  461.037895][  T399] usb 2-1: device descriptor read/64, error -71
[  461.277891][  T399] usb 2-1: device descriptor read/64, error -71
[  461.387961][  T399] usb usb2-port1: attempt power cycle
[  461.649117][T16184] incfs: mount failed -22
[  461.727888][  T399] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  461.748917][  T399] usb 2-1: device descriptor read/8, error -71
[  461.878938][  T399] usb 2-1: device descriptor read/8, error -71
[  462.127886][  T399] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  462.149072][  T399] usb 2-1: device descriptor read/8, error -71
[  462.218018][  T593] usbhid 9-1:0.0: can't add hid device: -71
[  462.225534][  T593] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  462.236581][  T593] usb 9-1: USB disconnect, device number 20
[  462.245807][T16202] __vm_enough_memory: pid: 16202, comm: syz.8.5161, bytes: 18014402804453376 not enough memory for the allocation
[  462.269324][T16205] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  462.288326][  T399] usb 2-1: device descriptor read/8, error -71
[  462.304922][T16209] x_tables: duplicate underflow at hook 2
[  462.397969][  T399] usb usb2-port1: unable to enumerate USB device
[  462.536809][T16221] netlink: 'syz.6.5168': attribute type 4 has an invalid length.
[  462.552492][T16221] netlink: 'syz.6.5168': attribute type 4 has an invalid length.
[  462.563145][   T36] kauditd_printk_skb: 4 callbacks suppressed
[  462.563159][   T36] audit: type=1326 audit(1762658254.349:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16220 comm="syz.6.5168" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f96bc58f6c9 code=0x0
[  463.116786][T16232] rust_binder: Error while translating object.
[  463.116819][T16232] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  463.126945][T16232] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:199
[  463.437849][  T593] usb 9-1: new low-speed USB device number 21 using dummy_hcd
[  463.462558][T16272] netlink: 'syz.0.5187': attribute type 4 has an invalid length.
[  463.470415][T16272] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5187'.
[  463.587849][  T593] usb 9-1: device descriptor read/64, error -71
[  463.699513][T16286] tipc: Started in network mode
[  463.704427][T16286] tipc: Node identity 4, cluster identity 4711
[  463.710906][T16286] tipc: Node number set to 4
[  463.827959][  T593] usb 9-1: device descriptor read/64, error -71
[  464.077844][  T593] usb 9-1: new low-speed USB device number 22 using dummy_hcd
[  464.217914][  T593] usb 9-1: device descriptor read/64, error -71
[  464.457880][  T593] usb 9-1: device descriptor read/64, error -71
[  464.567979][  T593] usb usb9-port1: attempt power cycle
[  464.907865][  T593] usb 9-1: new low-speed USB device number 23 using dummy_hcd
[  464.929070][  T593] usb 9-1: device descriptor read/8, error -71
[  465.059000][  T593] usb 9-1: device descriptor read/8, error -71
[  465.297891][  T593] usb 9-1: new low-speed USB device number 24 using dummy_hcd
[  465.319033][  T593] usb 9-1: device descriptor read/8, error -71
[  465.448873][  T593] usb 9-1: device descriptor read/8, error -71
[  465.484536][T16300] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5198'.
[  465.558029][  T593] usb usb9-port1: unable to enumerate USB device
[  466.276452][   T36] audit: type=1326 audit(1762658258.059:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16316 comm="syz.8.5205" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663358f6c9 code=0x0
[  466.858710][T16358] netlink: 'syz.0.5218': attribute type 4 has an invalid length.
[  466.866745][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5218'.
[  466.999773][T16386] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5226'.
[  467.154971][T16395] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:420
[  467.174198][T16398] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  467.191011][T16398] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:422
[  467.219664][T16402] rust_binder: 425: no such ref 0
[  467.236096][T16401] rust_binder: 16401 RLIMIT_NICE not set
[  467.415484][T16426] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:235
[  467.428912][T16425] rust_binder: Failed to allocate buffer. len:5192, is_oneway:false
[  467.497852][ T6581] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  467.657850][ T6581] usb 9-1: Using ep0 maxpacket: 32
[  467.664079][ T6581] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  467.672615][ T6581] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  467.681271][ T6581] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  467.690419][ T6581] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  467.700457][ T6581] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  467.710170][ T6581] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  467.723708][ T6581] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  467.732873][ T6581] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.741414][ T6581] usb 9-1: config 0 descriptor??
[  467.747959][  T593] usb 2-1: new low-speed USB device number 54 using dummy_hcd
[  467.899021][  T593] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  467.908212][  T593] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.916948][  T593] usb 2-1: config 0 descriptor??
[  467.948737][ T6581] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 25 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  467.960846][ T6581] usb 9-1: USB disconnect, device number 25
[  467.967575][ T6581] usblp0: removed
[  468.257860][ T6581] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  468.407844][ T6581] usb 9-1: Using ep0 maxpacket: 32
[  468.414171][ T6581] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  468.422716][ T6581] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  468.431365][ T6581] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  468.440359][ T6581] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  468.450057][ T6581] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  468.459742][ T6581] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  468.472749][ T6581] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  468.481904][ T6581] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.490669][ T6581] usb 9-1: config 0 descriptor??
[  468.700728][ T6581] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 26 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  468.717889][ T6581] usb 9-1: USB disconnect, device number 26
[  468.725307][ T6581] usblp0: removed
[  469.017861][ T6581] usb 9-1: new full-speed USB device number 27 using dummy_hcd
[  469.051647][T16465] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5252'.
[  469.169077][ T6581] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  469.180165][ T6581] usb 9-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  469.189262][ T6581] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.198351][ T6581] usb 9-1: config 0 descriptor??
[  469.203645][T16463] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  470.730126][T16428] tmpfs: Unknown parameter ''
[  470.739461][  T593] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  470.749580][  T593] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  470.760566][  T593] asix 2-1:0.0: probe with driver asix failed with error -71
[  470.768873][  T593] usb 2-1: USB disconnect, device number 54
[  471.264248][T16494] overlayfs: conflicting lowerdir path
[  471.310425][T16496] rust_binder: Write failure EFAULT in pid:243
[  471.515644][T16525] netlink: 188 bytes leftover after parsing attributes in process `syz.6.5271'.
[  471.662493][T16540] binder: Bad value for 'stats'
[  471.667875][  T399] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  471.687125][   T36] audit: type=1326 audit(1762658263.469:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.710729][   T36] audit: type=1326 audit(1762658263.469:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.734706][   T36] audit: type=1326 audit(1762658263.479:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.758611][T16544] x_tables: duplicate underflow at hook 1
[  471.758844][   T36] audit: type=1326 audit(1762658263.479:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.788139][   T36] audit: type=1326 audit(1762658263.479:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.811845][   T36] audit: type=1326 audit(1762658263.479:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.827300][T16546] overlayfs: failed to clone lowerpath
[  471.839391][   T36] audit: type=1326 audit(1762658263.479:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.864504][   T36] audit: type=1326 audit(1762658263.479:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.876697][  T399] usb 2-1: unable to read config index 0 descriptor/start: -61
[  471.888172][   T36] audit: type=1326 audit(1762658263.479:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.919242][  T399] usb 2-1: can't read configurations, error -61
[  471.919582][   T36] audit: type=1326 audit(1762658263.479:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16541 comm="syz.6.5278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  471.979664][ T6581] usbhid 9-1:0.0: can't add hid device: -71
[  471.987943][ T6581] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  471.991286][T16556] support for the xor transformation has been removed.
[  471.998447][ T6581] usb 9-1: USB disconnect, device number 27
[  472.003255][T16556] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=16556 comm=syz.8.5283
[  472.021619][T16556] netlink: 32 bytes leftover after parsing attributes in process `syz.8.5283'.
[  472.077854][  T399] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  472.229376][  T399] usb 2-1: unable to read config index 0 descriptor/start: -61
[  472.237172][  T399] usb 2-1: can't read configurations, error -61
[  472.243690][  T399] usb usb2-port1: attempt power cycle
[  472.587861][  T399] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  472.609600][  T399] usb 2-1: unable to read config index 0 descriptor/start: -61
[  472.617303][  T399] usb 2-1: can't read configurations, error -61
[  472.747894][  T399] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  472.769783][  T399] usb 2-1: unable to read config index 0 descriptor/start: -61
[  472.777520][  T399] usb 2-1: can't read configurations, error -61
[  472.783990][  T399] usb usb2-port1: unable to enumerate USB device
[  473.205605][T16568] rust_binder: Error while translating object.
[  473.205658][T16568] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  473.212075][T16568] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:448
[  473.477874][ T6581] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[  473.617878][ T6581] usb 9-1: device descriptor read/64, error -71
[  473.857854][ T6581] usb 9-1: device descriptor read/64, error -71
[  473.915959][T16615] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=16615 comm=syz.0.5301
[  474.097883][ T6581] usb 9-1: new high-speed USB device number 29 using dummy_hcd
[  474.227859][ T6581] usb 9-1: device descriptor read/64, error -71
[  474.433376][T16628] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16628 comm=syz.1.5305
[  474.467899][ T6581] usb 9-1: device descriptor read/64, error -71
[  474.577998][ T6581] usb usb9-port1: attempt power cycle
[  474.674925][T16654] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 152, size: 238)
[  474.674953][T16654] rust_binder: Error while translating object.
[  474.685598][T16654] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  474.691897][T16654] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:274
[  474.837470][T16021] Bluetooth: hci0: Frame reassembly failed (-84)
[  474.917845][ T6581] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  474.942022][ T6581] usb 9-1: device descriptor read/8, error -71
[  475.035078][T16687] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=16687 comm=syz.0.5328
[  475.047835][T16687] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=16687 comm=syz.0.5328
[  475.060729][T16687] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=16687 comm=syz.0.5328
[  475.077020][T16687] vlan1: entered promiscuous mode
[  475.083545][T16687] vlan1: entered allmulticast mode
[  475.089462][T16687] veth0_vlan: entered allmulticast mode
[  475.095202][ T6581] usb 9-1: device descriptor read/8, error -71
[  475.117568][T16687] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  475.124725][T16687] overlayfs: failed to set xattr on upper
[  475.130751][T16687] overlayfs: ...falling back to redirect_dir=nofollow.
[  475.137680][T16687] overlayfs: ...falling back to index=off.
[  475.143553][T16687] overlayfs: ...falling back to uuid=null.
[  475.149798][T16687] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  475.326576][T16699] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1014 sclass=netlink_tcpdiag_socket pid=16699 comm=syz.6.5332
[  475.337866][ T6581] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[  475.358827][ T6581] usb 9-1: device descriptor read/8, error -71
[  475.382561][T16702] overlay: ./file0 is not a directory
[  475.386393][T16701] overlay: ./file0 is not a directory
[  475.488920][ T6581] usb 9-1: device descriptor read/8, error -71
[  475.597977][ T6581] usb usb9-port1: unable to enumerate USB device
[  475.856468][T16715] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.863570][T16715] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.870751][T16715] bridge_slave_0: entered allmulticast mode
[  475.877066][T16715] bridge_slave_0: entered promiscuous mode
[  475.883697][T16715] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.890778][T16715] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.898183][T16715] bridge_slave_1: entered allmulticast mode
[  475.904409][T16715] bridge_slave_1: entered promiscuous mode
[  475.960966][T16715] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.968054][T16715] bridge0: port 2(bridge_slave_1) entered forwarding state
[  475.975331][T16715] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.982401][T16715] bridge0: port 1(bridge_slave_0) entered forwarding state
[  476.002007][T16021] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.009713][T16021] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.019241][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.026303][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  476.035633][T16021] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.042721][T16021] bridge0: port 2(bridge_slave_1) entered forwarding state
[  476.068734][T16715] veth0_vlan: entered promiscuous mode
[  476.080212][T16715] veth1_macvtap: entered promiscuous mode
[  476.115332][T16729] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  476.123600][T16729] rust_binder: Write failure EINVAL in pid:2
[  476.201300][T16734] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5343'.
[  476.467975][  T593] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  476.512488][T16770] fuse: Unknown parameter '017777777777777777777770x0000000000000003'
[  476.628796][  T593] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.640290][  T593] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  476.650886][  T593] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  476.659994][  T593] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  476.668075][  T331] usb 9-1: new full-speed USB device number 32 using dummy_hcd
[  476.675761][  T593] usb 6-1: Manufacturer: syz
[  476.682168][  T593] usb 6-1: config 0 descriptor??
[  476.837864][  T403] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  476.837889][  T444] Bluetooth: hci0: command 0x1003 tx timeout
[  476.852763][  T331] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  476.874175][  T331] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  476.897547][  T331] usb 9-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  476.906902][  T331] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.926364][  T331] usb 9-1: config 0 descriptor??
[  476.932153][T16756] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  477.089671][  T593] usbhid 6-1:0.0: can't add hid device: -32
[  477.090271][T16738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.096236][  T593] usbhid 6-1:0.0: probe with driver usbhid failed with error -32
[  477.112114][T16738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.169663][  T399] usb 6-1: USB disconnect, device number 41
[  477.363146][T16813] binder: Binderfs stats mode cannot be changed during a remount
[  477.387168][   T36] kauditd_printk_skb: 104 callbacks suppressed
[  477.387187][   T36] audit: type=1400 audit(1762658269.169:1295): avc:  denied  { execute } for  pid=16814 comm="syz.8.5373" path="/selinux/validatetrans" dev="selinuxfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1
[  477.428337][  T331] hid-picolcd 0003:04D8:F002.003C: No report with id 0xf3 found
[  477.436100][  T331] hid-picolcd 0003:04D8:F002.003C: No report with id 0xf4 found
[  477.448630][  T331] usb 9-1: USB disconnect, device number 32
[  477.457682][T16816] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:477
[  477.491625][T16825] netpci0: tun_chr_ioctl cmd 1074025672
[  477.506390][T16825] netpci0: ignored: set checksum enabled
[  477.513891][T16825] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:480
[  477.657994][   T66] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  477.703353][T16832] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5379'.
[  477.732162][T16838] IPv6: NLM_F_CREATE should be specified when creating new route
[  477.837873][   T66] usb 2-1: Using ep0 maxpacket: 16
[  477.844326][   T66] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  477.854678][   T66] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  477.868411][   T66] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  477.877537][   T66] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  477.885617][   T66] usb 2-1: SerialNumber: syz
[  477.907878][  T331] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[  478.058099][  T331] usb 9-1: Using ep0 maxpacket: 32
[  478.064409][  T331] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  478.074360][  T331] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  478.087237][  T331] usb 9-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[  478.096331][  T331] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.105309][  T331] usb 9-1: config 0 descriptor??
[  478.150056][T16822] rust_binder: 286: no such ref 1
[  478.201516][T16849] rust_binder: 286: no such ref 1
[  478.206672][T16849] rust_binder: Write failure EINVAL in pid:286
[  478.391259][   T36] audit: type=1400 audit(1762658270.179:1296): avc:  denied  { create } for  pid=16850 comm="syz.6.5385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1
[  478.396352][T16852] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5385'.
[  478.513407][  T331] hid-generic 0003:1B1C:1B3E.003D: failed to start in urb: -90
[  478.523232][  T331] hid-generic 0003:1B1C:1B3E.003D: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.8-1/input0
[  478.712933][T16829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.721557][T16829] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.733991][  T399] usb 9-1: USB disconnect, device number 33
[  478.829982][T16865] overlayfs: fs on '.' does not support file handles, falling back to xino=off.
[  478.972547][T16882] rust_binder: 509: no such ref 3
[  478.977635][T16882] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:509
[  479.005447][T16887] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:515
[  479.273787][T16919] netlink: 'syz.6.5407': attribute type 11 has an invalid length.
[  479.718124][  T331] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  479.877030][  T331] usb 6-1: config 1 has an invalid descriptor of length 68, skipping remainder of the config
[  479.891832][  T331] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  479.911464][  T331] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  479.934620][  T331] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  479.943889][  T331] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.952024][  T331] usb 6-1: Product: syz
[  479.960933][  T331] usb 6-1: Manufacturer: syz
[  479.967515][  T331] usb 6-1: SerialNumber: syz
[  480.029257][T16942] binder: Unknown parameter '000000000000000000'
[  480.177363][T16932] input: syz0 as /devices/virtual/input/input50
[  480.189953][T16965] netlink: 'syz.8.5423': attribute type 16 has an invalid length.
[  480.198609][T16965] netlink: 'syz.8.5423': attribute type 2 has an invalid length.
[  480.201920][  T331] cdc_ncm 6-1:1.0: CDC Union missing and no IAD found
[  480.206751][T16965] netlink: 64086 bytes leftover after parsing attributes in process `syz.8.5423'.
[  480.217671][  T331] cdc_ncm 6-1:1.0: bind() failure
[  480.236032][  T331] usb 6-1: USB disconnect, device number 42
[  480.428111][   T66] cdc_acm 2-1:1.0: invalid descriptor buffer length
[  480.442314][   T66] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  480.450763][   T66] cdc_acm 2-1:1.0: This needs exactly 3 endpoints
[  480.457404][T16982] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5428'.
[  480.466763][   T66] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22
[  480.476184][   T66] usb 2-1: USB disconnect, device number 59
[  480.500896][T16984] rust_binder: Got transaction with invalid offset.
[  480.500974][T16984] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  480.507987][T16984] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:292
[  480.517561][T16984] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  480.534953][T16984] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  480.543188][T16985] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  480.575123][T16992] binder: Unknown parameter '00000000000000000000000'
[  480.644248][T16998] loop1: detected capacity change from 0 to 7
[  480.870798][T16999] Invalid logical block size (1)
[  480.949356][T17012] overlayfs: failed to resolve '/
[  480.949356][T17012] MO�"�': -2
[  480.987856][   T66] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  481.090867][T17020] __vm_enough_memory: pid: 17020, comm: syz.8.5441, bytes: 18014402804453376 not enough memory for the allocation
[  481.147846][  T593] usb 2-1: new full-speed USB device number 60 using dummy_hcd
[  481.158019][   T66] usb 6-1: Using ep0 maxpacket: 8
[  481.164558][   T66] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.174766][   T66] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  481.200046][   T66] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  481.209441][   T66] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  481.228257][   T66] usb 6-1: SerialNumber: syz
[  481.232069][T17052] netlink: 'syz.8.5451': attribute type 2 has an invalid length.
[  481.241254][   T66] cdc_acm 6-1:1.0: skipping garbage
[  481.246546][   T66] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  481.255551][   T66] cdc_acm 6-1:1.0: This needs exactly 3 endpoints
[  481.263557][   T66] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22
[  481.298817][  T593] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  481.317148][  T593] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  481.326373][  T593] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.336587][  T593] usb 2-1: config 0 descriptor??
[  481.347025][T17005] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  481.443091][T17001] __vm_enough_memory: pid: 17001, comm: syz.5.5434, bytes: 18014402804453376 not enough memory for the allocation
[  481.455735][    T9] usb 6-1: USB disconnect, device number 43
[  481.562814][  T593] hid-generic 0003:04F3:0755.003E: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[  481.773677][T17005] pim6reg1: entered promiscuous mode
[  481.787855][T17005] pim6reg1: entered allmulticast mode
[  481.859891][    T9] usb 2-1: USB disconnect, device number 60
[  481.889979][T17075] netlink: 'syz.6.5457': attribute type 13 has an invalid length.
[  481.898114][T17075] erspan0: refused to change device tx_queue_len
[  481.905385][T17075] overlayfs: failed to clone lowerpath
[  482.099321][T17085] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  482.422686][T17102] netlink: 36 bytes leftover after parsing attributes in process `syz.5.5465'.
[  482.475121][T17108] rust_binder: Write failure EINVAL in pid:56
[  482.548435][T17125] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:58
[  482.558244][T17124] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  482.570263][T17124] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:326
[  482.664996][   T36] audit: type=1400 audit(1762662626.442:1297): avc:  denied  { setattr } for  pid=17145 comm="syz.8.5480" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  482.744829][T17151] overlayfs: failed to clone upperpath
[  482.898004][T17169] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5487'.
[  483.057872][T17185] rust_binder: 344: no such ref 0
[  483.108763][T17193] /dev/md0: Can't lookup blockdev
[  483.647838][   T66] usb 9-1: new full-speed USB device number 34 using dummy_hcd
[  483.677859][    T9] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  483.809034][   T66] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  483.820031][   T66] usb 9-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  483.829108][    T9] usb 2-1: Using ep0 maxpacket: 32
[  483.834302][   T66] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.843293][   T66] usb 9-1: config 0 descriptor??
[  483.848338][    T9] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  483.856413][    T9] usb 2-1: config 0 has no interface number 0
[  483.862881][T17220] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  483.864188][    T9] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  483.880013][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.888086][    T9] usb 2-1: Product: syz
[  483.892275][    T9] usb 2-1: Manufacturer: syz
[  483.896868][    T9] usb 2-1: SerialNumber: syz
[  483.902245][    T9] usb 2-1: config 0 descriptor??
[  483.908208][    T9] smsc95xx v2.0.0
[  484.223945][T17255] 9pnet_fd: p9_fd_create_unix (17255): problem connecting socket: ./file0: -30
[  484.283488][   T66] hid-generic 0003:0C45:760B.003F: hidraw0: USB HID v1.01 Device [HID 0c45:760b] on usb-dummy_hcd.8-1/input0
[  484.511646][T17222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.520362][T17222] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.528774][T17222] rust_binder: Write failure EFAULT in pid:354
[  484.529075][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  484.546142][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  484.547455][  T593] usb 9-1: USB disconnect, device number 34
[  484.556964][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  484.572576][    T9] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  484.582119][    T9] usb 2-1: USB disconnect, device number 61
[  485.094917][T17278] rust_binder: Error while translating object.
[  485.094977][T17278] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  485.101293][T17278] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:103
[  485.241357][T17287] overlayfs: missing 'workdir'
[  485.272072][T17292] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5528'.
[  485.287896][    T9] usb 2-1: new full-speed USB device number 62 using dummy_hcd
[  485.295614][T17298] rust_binder: 614: no such ref 0
[  485.306312][T17298] rust_binder: 614: no such ref 1
[  485.311465][T17298] rust_binder: 614: no such ref 3
[  485.427893][    T9] usb 2-1: device descriptor read/64, error -71
[  485.471183][T17293] binder: Bad value for 'max'
[  485.471424][T17307] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  485.483126][T17307] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:620
[  485.510075][T17314] rust_binder: Error while translating object.
[  485.519274][T17314] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  485.525442][T17314] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:623
[  485.667854][    T9] usb 2-1: device descriptor read/64, error -71
[  485.917853][    T9] usb 2-1: new full-speed USB device number 63 using dummy_hcd
[  485.975100][   T36] audit: type=1326 audit(1762662629.752:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17322 comm="syz.6.5537" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f96bc58f6c9 code=0x0
[  486.067854][    T9] usb 2-1: device descriptor read/64, error -71
[  486.127845][T17325] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  486.128517][T17325] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  486.142286][T17325] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  486.307864][    T9] usb 2-1: device descriptor read/64, error -71
[  486.397874][  T593] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  486.417960][    T9] usb usb2-port1: attempt power cycle
[  486.547852][  T593] usb 6-1: Using ep0 maxpacket: 16
[  486.555416][  T593] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  486.566484][  T593] usb 6-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00
[  486.571485][T17343] rust_binder: Write failure EFAULT in pid:640
[  486.575731][  T593] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.590578][  T593] usb 6-1: config 0 descriptor??
[  486.758207][    T9] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[  486.778961][    T9] usb 2-1: device descriptor read/8, error -71
[  486.877682][T17347] overlayfs: failed to resolve './file2': -2
[  486.908999][    T9] usb 2-1: device descriptor read/8, error -71
[  487.168272][    T9] usb 2-1: new full-speed USB device number 65 using dummy_hcd
[  487.188887][    T9] usb 2-1: device descriptor read/8, error -71
[  487.253655][T17370] input: syz0 as /devices/virtual/input/input51
[  487.298261][  T331] usb 6-1: USB disconnect, device number 44
[  487.320977][    T9] usb 2-1: device descriptor read/8, error -71
[  487.345458][T17386] rust_binder: Write failure EFAULT in pid:655
[  487.437959][    T9] usb usb2-port1: unable to enumerate USB device
[  487.461780][T17393] rust_binder: Read failure Err(EAGAIN) in pid:140
[  487.472810][T17395] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  487.479618][T17395] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:142
[  487.490038][   T36] audit: type=1400 audit(1762662631.282:1299): avc:  denied  { module_load } for  pid=17394 comm="syz.5.5561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  487.490065][T17395] Invalid ELF header type: 2 != 1
[  487.757844][  T331] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  487.858922][T17407] netlink: 'syz.6.5565': attribute type 46 has an invalid length.
[  487.867424][T17407] netlink: 'syz.6.5565': attribute type 28 has an invalid length.
[  487.889636][T17411] netlink: 'syz.6.5566': attribute type 32 has an invalid length.
[  487.907844][  T331] usb 6-1: Using ep0 maxpacket: 16
[  487.916607][  T331] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  487.937831][  T331] usb 6-1: config 0 interface 0 has no altsetting 0
[  487.944581][  T331] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  487.957899][  T331] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.968201][  T331] usb 6-1: config 0 descriptor??
[  488.071909][   T36] audit: type=1326 audit(1762662631.852:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.104658][   T36] audit: type=1326 audit(1762662631.852:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.203332][  T331] usbhid 6-1:0.0: can't add hid device: -71
[  488.212941][  T331] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  488.221429][   T36] audit: type=1326 audit(1762662631.852:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.249326][  T331] usb 6-1: USB disconnect, device number 45
[  488.256078][   T36] audit: type=1326 audit(1762662631.852:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.285602][   T36] audit: type=1326 audit(1762662631.852:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.324728][T17431] rust_binder: Error while translating object.
[  488.324795][T17431] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  488.331053][T17431] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:665
[  488.334811][   T36] audit: type=1326 audit(1762662631.852:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.376563][   T36] audit: type=1326 audit(1762662631.852:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.400397][   T36] audit: type=1326 audit(1762662631.852:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.424289][   T36] audit: type=1326 audit(1762662631.882:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f96bc58f6c9 code=0x7ffc0000
[  488.448070][   T36] audit: type=1326 audit(1762662631.882:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17414 comm="syz.6.5568" exe="/root/syz-executor" sig=0 arch=40000003 syscall=243 compat=1 ip=0x200000000006 code=0x7ffc0000
[  488.495654][T17443] rust_binder: Error while translating object.
[  488.495723][T17443] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  488.502676][T17443] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:668
[  488.546281][T17445] syzkaller0: entered allmulticast mode
[  488.578172][T17445] syzkaller0: entered promiscuous mode
[  488.594396][T17445] syzkaller0 (unregistering): left promiscuous mode
[  488.602077][T17445] syzkaller0 (unregistering): left allmulticast mode
[  488.638928][T17449] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  488.638964][T17449] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:670
[  488.751954][T17454] netlink: 84 bytes leftover after parsing attributes in process `syz.8.5582'.
[  488.783194][T17454] usb usb8: usbfs: process 17454 (syz.8.5582) did not claim interface 0 before use
[  488.804234][T17454] binder: Bad value for 'defcontext'
[  488.933203][T17466] fuse: Unknown parameter 'grouy_id'
[  488.940014][T17466] rust_binder: Write failure EFAULT in pid:680
[  489.047843][  T330] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  489.052989][T17489] !@�: renamed from xfrm0 (while UP)
[  489.132485][T17495] overlayfs: unescaped trailing colons in lowerdir mount option.
[  489.197874][  T330] usb 6-1: Using ep0 maxpacket: 16
[  489.204896][  T330] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  489.213790][  T330] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  489.223962][  T330] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  489.234368][  T330] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  489.243558][  T330] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.251676][  T330] usb 6-1: Product: syz
[  489.255836][  T330] usb 6-1: Manufacturer: syz
[  489.260470][  T330] usb 6-1: SerialNumber: syz
[  489.277244][T17498] overlayfs: failed to clone upperpath
[  489.283395][T17498] overlayfs: failed to clone upperpath
[  489.368973][T17502] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3821099475 (7642198950 ns) > initial count (2842047336 ns). Using initial count to start timer.
[  489.668171][  T330] usb 6-1: 0:2 : does not exist
[  489.707829][  T331] usb 2-1: new low-speed USB device number 66 using dummy_hcd
[  489.868883][  T331] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  489.878421][  T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.887181][  T331] usb 2-1: config 0 descriptor??
[  490.275600][T17528] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5608'.
[  490.400265][T17551] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5616'.
[  490.467320][T17562] netlink: 'syz.8.5619': attribute type 4 has an invalid length.
[  490.475548][T17562] netlink: 'syz.8.5619': attribute type 5 has an invalid length.
[  490.483858][T17562] netlink: 'syz.8.5619': attribute type 1 has an invalid length.
[  490.492388][T17563] netlink: 1072 bytes leftover after parsing attributes in process `syz.8.5619'.
[  490.517956][T17563] netlink: 280 bytes leftover after parsing attributes in process `syz.8.5619'.
[  490.523612][T17459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  490.538028][T17459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  490.574627][T17569] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5620'.
[  490.612959][  T330] usb 6-1: 1:0: failed to get current value for ch 0 (-22)
[  490.639539][  T330] usb 6-1: USB disconnect, device number 46
[  490.651428][T13946] udevd[13946]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  490.801153][T17581] 9pnet_fd: Insufficient options for proto=fd
[  490.953180][T17596] netlink: 96 bytes leftover after parsing attributes in process `syz.8.5629'.
[  491.300078][T17618] rust_binder: Write failure EFAULT in pid:380
[  491.358038][  T331] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  491.374338][  T331] asix 2-1:0.0: probe with driver asix failed with error -71
[  491.382631][  T331] usb 2-1: USB disconnect, device number 66
[  491.677907][  T331] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  491.769437][T17663] overlayfs: failed to clone lowerpath
[  491.775409][T17663] overlayfs: failed to clone lowerpath
[  491.801493][T17665] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5653'.
[  491.837859][  T331] usb 2-1: Using ep0 maxpacket: 16
[  491.844304][  T331] usb 2-1: config 254 has an invalid interface number: 215 but max is 0
[  491.854434][  T331] usb 2-1: config 254 has no interface number 0
[  491.860953][  T331] usb 2-1: config 254 interface 215 has no altsetting 0
[  491.869750][  T331] usb 2-1: New USB device found, idVendor=045e, idProduct=0478, bcdDevice=a8.dd
[  491.885729][  T331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.894035][  T331] usb 2-1: Product: syz
[  491.898385][  T331] usb 2-1: Manufacturer: syz
[  491.903134][  T331] usb 2-1: SerialNumber: syz
[  492.039301][T17675] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2
[  492.049278][T17675] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:155
[  492.111349][T16031] bridge_slave_1: left allmulticast mode
[  492.131142][T16031] bridge_slave_1: left promiscuous mode
[  492.136893][T16031] bridge0: port 2(bridge_slave_1) entered disabled state
[  492.145021][T16031] bridge_slave_0: left allmulticast mode
[  492.150813][T16031] bridge_slave_0: left promiscuous mode
[  492.156460][T16031] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.288163][T16031] veth1_macvtap: left promiscuous mode
[  492.293748][T16031] veth0_vlan: left promiscuous mode
[  492.448215][T17677] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.455409][T17677] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.462769][T17677] bridge_slave_0: entered allmulticast mode
[  492.469527][T17677] bridge_slave_0: entered promiscuous mode
[  492.476852][T17677] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.484493][T17677] bridge0: port 2(bridge_slave_1) entered disabled state
[  492.492107][T17677] bridge_slave_1: entered allmulticast mode
[  492.492697][T17692] netlink: 'syz.6.5666': attribute type 25 has an invalid length.
[  492.498727][T17677] bridge_slave_1: entered promiscuous mode
[  492.580999][T17677] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.588279][T17677] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.595538][T17677] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.602603][T17677] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.626294][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.634397][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  492.642938][  T331] usb 2-1: unknown interface protocol 0x2, assuming v1
[  492.654696][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.657949][  T331] usb 2-1: cannot find UAC_HEADER
[  492.661802][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.670771][  T331] snd-usb-audio 2-1:254.215: probe with driver snd-usb-audio failed with error -22
[  492.703688][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.710804][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.711930][  T331] usb 2-1: USB disconnect, device number 67
[  492.734582][T13946] udevd[13946]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:254.215/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  492.736174][T17677] veth0_vlan: entered promiscuous mode
[  492.768579][T17677] veth1_macvtap: entered promiscuous mode
[  492.775436][T17718] rust_binder: 396: no such ref 3
[  492.781911][T17718] rust_binder: 396: no such ref 1
[  492.787040][T17718] rust_binder: Write failure EFAULT in pid:396
[  492.809993][T17720] rust_binder: Error while translating object.
[  492.816254][T17720] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  492.823098][T17720] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:398
[  492.953450][T17735] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5678'.
[  493.070403][T17744] 9pnet_fd: Insufficient options for proto=fd
[  493.086388][T17747] fuse: Unknown parameter ''
[  493.128025][    T9] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  493.166593][T17766] overlayfs: failed to resolve './file0': -2
[  493.184813][T17768] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  493.196463][T17768] overlayfs: missing 'lowerdir'
[  493.288960][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  493.299307][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  493.308312][    T9] usb 3-1: config 1 has no interface number 0
[  493.314405][    T9] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  493.329149][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  493.338355][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.346435][    T9] usb 3-1: Product: syz
[  493.350734][    T9] usb 3-1: Manufacturer: syz
[  493.355348][    T9] usb 3-1: SerialNumber: syz
[  493.361944][    T9] usb 3-1: selecting invalid altsetting 1
[  493.561653][    T9] cdc_ncm 3-1:1.1: bind() failure
[  493.568856][    T9] usb 3-1: USB disconnect, device number 48
[  493.774613][   T36] kauditd_printk_skb: 130 callbacks suppressed
[  493.774653][   T36] audit: type=1326 audit(1762662637.552:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17788 comm="syz.8.5696" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663358f6c9 code=0x0
[  493.848634][T17792] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:414
[  493.850047][   T36] audit: type=1400 audit(1762662637.632:1441): avc:  denied  { watch watch_reads } for  pid=17791 comm="syz.1.5697" path="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  493.903828][T17796] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  493.903933][T17795] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  493.922767][T17798] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false
[  493.945887][T17801] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  494.327848][    T9] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  494.357986][  T330] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  494.478035][    T9] usb 3-1: Using ep0 maxpacket: 32
[  494.484541][    T9] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  494.493105][    T9] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  494.501761][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  494.510815][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  494.520503][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  494.527857][  T330] usb 2-1: Using ep0 maxpacket: 16
[  494.530892][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  494.536754][  T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.548389][    T9] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  494.559678][  T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.568313][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.578863][  T330] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  494.599217][  T330] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  494.599837][    T9] usb 3-1: config 0 descriptor??
[  494.608607][  T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.625679][  T330] usb 2-1: config 0 descriptor??
[  494.819811][    T9] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 49 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  494.833289][    T9] usb 3-1: USB disconnect, device number 49
[  494.840351][    T9] usblp0: removed
[  495.034851][  T330] usbhid 2-1:0.0: can't add hid device: -71
[  495.042970][  T330] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  495.053831][  T330] usb 2-1: USB disconnect, device number 68
[  495.257878][   T31] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  495.407849][   T31] usb 3-1: Using ep0 maxpacket: 32
[  495.419188][   T31] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  495.427676][   T31] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  495.436473][   T31] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  495.445591][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  495.446800][T17837] netlink: 80 bytes leftover after parsing attributes in process `syz.6.5714'.
[  495.455331][   T31] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  495.474108][   T31] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  495.478092][T17842] netlink: 'syz.6.5715': attribute type 30 has an invalid length.
[  495.488334][   T31] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  495.504087][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.512917][   T31] usb 3-1: config 0 descriptor??
[  495.566971][T17853] netlink: 64 bytes leftover after parsing attributes in process `syz.6.5718'.
[  495.631157][T17857] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 4294967293
[  495.639196][T17857] rust_binder: Write failure EINVAL in pid:430
[  495.687848][ T6381] bridge0: port 3(veth0_to_team) entered disabled state
[  495.705418][ T6381] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.713676][ T6381] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.721873][ T6381] tipc: Resetting bearer <eth:xfrm0>
[  495.739066][   T31] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 50 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  495.766526][ T6381] tipc: Disabling bearer <eth:xfrm0>
[  495.870114][ T6381] tipc: Left network mode
[  495.977929][T17895] netlink: 'syz.6.5731': attribute type 27 has an invalid length.
[  495.992139][  T330] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  496.017594][T17895] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.024863][T17895] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.092048][   T10] usb 3-1: USB disconnect, device number 50
[  496.102846][   T10] usblp0: removed
[  496.147848][  T330] usb 2-1: Using ep0 maxpacket: 8
[  496.154495][  T330] usb 2-1: unable to get BOS descriptor or descriptor too short
[  496.163713][  T330] usb 2-1: config 6 has an invalid interface number: 194 but max is 0
[  496.172007][  T330] usb 2-1: config 6 has no interface number 0
[  496.178215][  T330] usb 2-1: config 6 interface 194 has no altsetting 0
[  496.186389][  T330] usb 2-1: New USB device found, idVendor=0403, idProduct=d578, bcdDevice=32.00
[  496.195481][  T330] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.204476][  T330] usb 2-1: Product: syz
[  496.208705][  T330] usb 2-1: Manufacturer: syz
[  496.213317][  T330] usb 2-1: SerialNumber: syz
[  496.462705][  T330] ftdi_sio 2-1:6.194: FTDI USB Serial Device converter detected
[  496.471077][  T330] usb 2-1: Detected FT233HP
[  496.475886][  T330] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  496.483004][  T330] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  496.490741][  T330] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  496.500652][  T330] usb 2-1: USB disconnect, device number 69
[  496.508101][  T330] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  496.517953][  T330] ftdi_sio 2-1:6.194: device disconnected
[  496.929637][T17924] rust_binder: Got transaction with invalid offset.
[  496.929693][T17924] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  496.936314][T17924] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:19
[  497.207844][  T330] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  497.217892][    T9] usb 2-1: new low-speed USB device number 70 using dummy_hcd
[  497.357830][    T9] usb 2-1: device descriptor read/64, error -71
[  497.377814][  T330] usb 3-1: Using ep0 maxpacket: 8
[  497.384243][  T330] usb 3-1: config index 0 descriptor too short (expected 5924, got 36)
[  497.392615][  T330] usb 3-1: config 250 has an invalid interface number: 228 but max is -1
[  497.401117][  T330] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0
[  497.410177][  T330] usb 3-1: config 250 has no interface number 0
[  497.416440][  T330] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  497.428019][  T330] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  497.438503][  T330] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  497.448779][  T330] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  497.459155][  T330] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  497.472698][  T330] usb 3-1: config 250 interface 228 has no altsetting 0
[  497.481193][  T330] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  497.490310][  T330] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  497.498638][  T330] usb 3-1: Product: syz
[  497.502795][  T330] usb 3-1: SerialNumber: syz
[  497.509890][  T330] hub 3-1:250.228: bad descriptor, ignoring hub
[  497.516373][  T330] hub 3-1:250.228: probe with driver hub failed with error -5
[  497.597908][    T9] usb 2-1: device descriptor read/64, error -71
[  497.715039][  T330] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 51 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  497.748282][  T330] usb 3-1: USB disconnect, device number 51
[  497.754823][  T330] usblp0: removed
[  497.837912][    T9] usb 2-1: new low-speed USB device number 71 using dummy_hcd
[  497.977866][    T9] usb 2-1: device descriptor read/64, error -71
[  498.217851][    T9] usb 2-1: device descriptor read/64, error -71
[  498.327969][    T9] usb usb2-port1: attempt power cycle
[  498.572082][T17950] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5751'.
[  498.669450][    T9] usb 2-1: new low-speed USB device number 72 using dummy_hcd
[  498.698874][    T9] usb 2-1: device descriptor read/8, error -71
[  498.828917][    T9] usb 2-1: device descriptor read/8, error -71
[  499.067892][    T9] usb 2-1: new low-speed USB device number 73 using dummy_hcd
[  499.090483][    T9] usb 2-1: device descriptor read/8, error -71
[  499.110132][   T36] audit: type=1400 audit(1762662642.892:1442): avc:  denied  { read } for  pid=17969 comm="syz.2.5758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  499.229009][    T9] usb 2-1: device descriptor read/8, error -71
[  499.337933][    T9] usb usb2-port1: unable to enumerate USB device
[  499.454527][T17973] __vm_enough_memory: pid: 17973, comm: syz.2.5759, bytes: 18014402804453376 not enough memory for the allocation
[  499.998838][T17990] __vm_enough_memory: pid: 17990, comm: syz.1.5765, bytes: 18014402804453376 not enough memory for the allocation
[  500.139151][T17996] netlink: 'syz.8.5768': attribute type 29 has an invalid length.
[  500.147062][T17996] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5768'.
[  500.205111][T18000] __vm_enough_memory: pid: 18000, comm: syz.2.5770, bytes: 18014402804453376 not enough memory for the allocation
[  500.252523][T18007] netlink: 'syz.8.5773': attribute type 17 has an invalid length.
[  500.387830][  T330] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  500.537870][  T330] usb 2-1: Using ep0 maxpacket: 8
[  500.544268][  T330] usb 2-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[  500.555375][  T330] usb 2-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  500.568587][  T330] usb 2-1: config 0 interface 0 has no altsetting 0
[  500.575199][  T330] usb 2-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  500.584283][  T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.592883][  T330] usb 2-1: config 0 descriptor??
[  500.999696][  T330] logitech 0003:046D:C20E.0041: rdesc size test failed for formula gp
[  501.008157][  T330] logitech 0003:046D:C20E.0041: unknown main item tag 0x1
[  501.015499][  T330] logitech 0003:046D:C20E.0041: item fetching failed at offset 3/5
[  501.023622][  T330] logitech 0003:046D:C20E.0041: parse failed
[  501.029771][  T330] logitech 0003:046D:C20E.0041: probe with driver logitech failed with error -22
[  501.202591][  T593] usb 2-1: USB disconnect, device number 74
[  501.699547][T18055] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5788'.
[  501.708761][T18055] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5788'.
[  501.745246][   T36] audit: type=1326 audit(1762662645.522:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm="syz.8.5791" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f663358f6c9 code=0x0
[  501.903637][T18090] rust_binder: Write failure EFAULT in pid:453
[  502.052161][T18112] veth0_virt_wifi: mtu less than device minimum
[  502.200474][   T36] audit: type=1400 audit(1762662645.982:1444): avc:  denied  { setattr } for  pid=18130 comm="syz.1.5811" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  502.244894][T18136] 9pnet_fd: Insufficient options for proto=fd
[  502.269346][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.276061][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.288386][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.295064][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.301680][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.308518][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.315133][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.324245][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.331249][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.332365][T18149] rust_binder: Write failure EFAULT in pid:488
[  502.338196][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.351248][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.357717][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.359833][T18151] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5818'.
[  502.364385][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.374797][T18151] rust_binder: Write failure EFAULT in pid:490
[  502.379670][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.393123][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.399824][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.406448][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.413186][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.419974][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.426698][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.433733][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.440986][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.447516][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.454206][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.463705][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.471005][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.477616][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.484249][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.490814][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.497296][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.503936][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.510422][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.516963][T18141] binder: Unknown parameter '0x0000000000000003'
[  502.538645][T18159] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[  502.538985][T18159] rust_binder: Write failure EINVAL in pid:498
[  502.609376][T18168] netlink: 84 bytes leftover after parsing attributes in process `syz.1.5825'.
[  502.618587][T18168] rust_binder: Error in use_page_slow: ESRCH
[  502.618603][T18168] rust_binder: use_range failure ESRCH
[  502.624578][T18168] rust_binder: Failed to allocate buffer. len:4208, is_oneway:false
[  502.630088][T18168] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  502.638114][T18168] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:500
[  502.990223][T18183] netlink: 37 bytes leftover after parsing attributes in process `syz.6.5831'.
[  503.197897][T18204] rust_binder: Failed to allocate buffer. len:1176, is_oneway:false
[  503.197942][T18204] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  503.206000][T18204] rust_binder: Read failure Err(EFAULT) in pid:81
[  503.457839][  T593] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  503.505981][T18209] rust_binder: Failed to allocate buffer. len:1184, is_oneway:true
[  503.599636][T18213] binder: Bad value for 'max'
[  503.612461][  T593] usb 3-1: device descriptor read/64, error -71
[  503.702849][T18232] /dev/loop0: Can't lookup blockdev
[  503.726320][T18246] rust_binder: BC_REQUEST_DEATH_NOTIFICATION death notification already set
[  503.747929][   T36] audit: type=1400 audit(1762662647.532:1445): avc:  denied  { setattr } for  pid=18247 comm="syz.1.5853" name="RAWv6" dev="sockfs" ino=91171 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  503.811059][T18256] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5857'.
[  503.857957][  T593] usb 3-1: device descriptor read/64, error -71
[  504.097863][  T593] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  504.227843][  T593] usb 3-1: device descriptor read/64, error -71
[  504.417274][T18268] overlayfs: missing 'lowerdir'
[  504.468048][  T593] usb 3-1: device descriptor read/64, error -71
[  504.488558][T18284] netlink: 'syz.6.5866': attribute type 11 has an invalid length.
[  504.515551][T18288] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5868'.
[  504.580748][  T593] usb usb3-port1: attempt power cycle
[  504.680200][T18301] fuse: Unknown parameter 'grid'
[  504.927860][  T593] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  504.948972][  T593] usb 3-1: device descriptor read/8, error -71
[  505.079429][  T593] usb 3-1: device descriptor read/8, error -71
[  505.317835][  T593] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  505.338870][  T593] usb 3-1: device descriptor read/8, error -71
[  505.468861][  T593] usb 3-1: device descriptor read/8, error -71
[  505.536487][T18320] netlink: 44 bytes leftover after parsing attributes in process `syz.6.5878'.
[  505.550129][T18320] netlink: 59 bytes leftover after parsing attributes in process `syz.6.5878'.
[  505.559179][T18320] netlink: 59 bytes leftover after parsing attributes in process `syz.6.5878'.
[  505.577954][  T593] usb usb3-port1: unable to enumerate USB device
[  505.604560][T18323] rust_binder: 572: no such ref 1
[  505.609778][T18323] rust_binder: Failed to allocate buffer. len:18446744073709551264, is_oneway:false
[  505.609805][T18323] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  505.619261][T18323] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:572
[  506.282534][T18345] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.291872][T18345] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.298579][T18345] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.305430][T18345] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.312497][T18345] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.318605][T18345] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.325191][T18345] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.344901][   T36] audit: type=1401 audit(1762662650.122:1446): op=setxattr invalid_context=73797374656D5F753A6F626A6563745F723A667361646D5F657865635F743A73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002E2F66696C65300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[  506.464259][T18381] fuse: Bad value for 'fd'
[  506.591111][   T36] audit: type=1400 audit(1762662650.372:1447): avc:  denied  { ioctl } for  pid=18380 comm="syz.2.5899" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 ioctlcmd=0xaea3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  506.652718][   T36] audit: type=1400 audit(1762662650.432:1448): avc:  denied  { map } for  pid=18410 comm="syz.8.5909" path="socket:[90812]" dev="sockfs" ino=90812 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  506.761587][T18428] batadv_slave_1: entered promiscuous mode
[  506.778330][T18427] batadv_slave_1: left promiscuous mode
[  506.803963][T18424] __vm_enough_memory: pid: 18424, comm: syz.1.5913, bytes: 18014402804453376 not enough memory for the allocation
[  506.933433][T18433] bridge0: port 1(bridge_slave_0) entered blocking state
[  506.940627][T18433] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.949595][T18433] bridge_slave_0: entered allmulticast mode
[  506.956149][T18433] bridge_slave_0: entered promiscuous mode
[  506.963075][T18433] bridge0: port 2(bridge_slave_1) entered blocking state
[  506.971020][T18433] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.978425][T18433] bridge_slave_1: entered allmulticast mode
[  506.984993][T18433] bridge_slave_1: entered promiscuous mode
[  507.006285][T18448] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  507.063531][T18433] bridge0: port 2(bridge_slave_1) entered blocking state
[  507.070651][T18433] bridge0: port 2(bridge_slave_1) entered forwarding state
[  507.078015][T18433] bridge0: port 1(bridge_slave_0) entered blocking state
[  507.085074][T18433] bridge0: port 1(bridge_slave_0) entered forwarding state
[  507.106511][ T6381] bridge0: port 1(bridge_slave_0) entered disabled state
[  507.114267][ T6381] bridge0: port 2(bridge_slave_1) entered disabled state
[  507.121690][ T6581] usb 2-1: new full-speed USB device number 75 using dummy_hcd
[  507.132333][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  507.139453][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  507.144937][T18457] rust_binder: 112: no such ref 3
[  507.149229][ T6381] bridge0: port 2(bridge_slave_1) entered blocking state
[  507.158788][ T6381] bridge0: port 2(bridge_slave_1) entered forwarding state
[  507.183562][T18433] veth0_vlan: entered promiscuous mode
[  507.194671][T18433] veth1_macvtap: entered promiscuous mode
[  507.257893][ T6581] usb 2-1: device descriptor read/64, error -71
[  507.469085][T18468] loop7: detected capacity change from 0 to 7
[  507.475577][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.484804][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.492812][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.497868][ T6581] usb 2-1: device descriptor read/64, error -71
[  507.502037][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.516075][T18468]  loop7: unable to read partition table
[  507.523331][T18468] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  507.537455][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.546683][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.555205][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.564441][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.572708][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.581918][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.590280][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.599506][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.607744][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.617071][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.635894][T18474] tipc: Started in network mode
[  507.640919][T18474] tipc: Node identity 4, cluster identity 4711
[  507.647178][T18474] tipc: Node number set to 4
[  507.713910][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.723159][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  507.731069][    C0] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.740252][    C0] Buffer I/O error on dev loop7, logical block 1, async page read
[  507.748158][    C0] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  507.757305][    C0] Buffer I/O error on dev loop7, logical block 2, async page read
[  507.766385][  T110]  loop7: unable to read partition table
[  507.777488][ T6581] usb 2-1: new full-speed USB device number 76 using dummy_hcd
[  507.841657][T18491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.850394][T18491] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.927886][ T6581] usb 2-1: device descriptor read/64, error -71
[  507.941116][T18505] rust_binder: 27: no such ref 2
[  508.118452][   T66] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  508.167862][ T6581] usb 2-1: device descriptor read/64, error -71
[  508.267874][   T66] usb 3-1: Using ep0 maxpacket: 32
[  508.274161][   T66] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.285343][   T66] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  508.295300][ T6581] usb usb2-port1: attempt power cycle
[  508.300940][   T66] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  508.310320][   T66] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.318986][   T66] usb 3-1: config 0 descriptor??
[  508.324845][   T66] hub 3-1:0.0: USB hub found
[  508.525396][   T66] hub 3-1:0.0: 1 port detected
[  508.647856][ T6581] usb 2-1: new full-speed USB device number 77 using dummy_hcd
[  508.668897][ T6581] usb 2-1: device descriptor read/8, error -71
[  508.798891][ T6581] usb 2-1: device descriptor read/8, error -71
[  509.037957][ T6581] usb 2-1: new full-speed USB device number 78 using dummy_hcd
[  509.058945][ T6581] usb 2-1: device descriptor read/8, error -71
[  509.128033][   T66] hub 3-1:0.0: activate --> -90
[  509.189574][ T6581] usb 2-1: device descriptor read/8, error -71
[  509.297960][ T6581] usb usb2-port1: unable to enumerate USB device
[  509.729481][T18497] rust_binder: Error while translating object.
[  509.729520][T18497] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  509.735832][T18497] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:115
[  509.745870][ T6581] usb 3-1: USB disconnect, device number 56
[  509.761091][   T66] hub 3-1:0.0: hub_ext_port_status failed (err = -71)
[  509.768045][   T66] usb 3-1-port1: attempt power cycle
[  510.119472][T18559] overlayfs: conflicting options: userxattr,redirect_dir=on
[  510.265893][T18579] netlink: 'syz.8.5963': attribute type 12 has an invalid length.
[  510.311728][T18589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  510.324294][T18589] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  510.567839][    T9] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  510.617865][  T593] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  510.718847][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  510.729041][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  510.743512][    T9] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  510.752622][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.760895][    T9] usb 2-1: Product: syz
[  510.765072][    T9] usb 2-1: Manufacturer: syz
[  510.768967][  T593] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.769884][    T9] usb 2-1: SerialNumber: syz
[  510.780994][  T593] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  510.789087][    T9] usb 2-1: config 0 descriptor??
[  510.797837][  T593] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  510.801483][    T9] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  510.813014][  T593] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  510.831012][  T593] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.843221][  T593] usb 3-1: config 0 descriptor??
[  511.001898][    T9] usb 2-1: USB disconnect, device number 79
[  511.032267][T18603] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  511.039598][T18603] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:38
[  511.051172][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.067683][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.075104][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.082580][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.090014][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.097405][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.104813][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.112297][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.119800][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.127299][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.134784][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.142293][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.149703][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.157095][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.164505][  T593] plantronics 0003:047F:FFFF.0042: unknown main item tag 0x0
[  511.172056][  T593] plantronics 0003:047F:FFFF.0042: No inputs registered, leaving
[  511.183339][  T593] plantronics 0003:047F:FFFF.0042: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  511.308704][  T593] usb 3-1: USB disconnect, device number 61
[  511.527335][T18614] overlayfs: failed to clone upperpath
[  511.643350][   T36] audit: type=1326 audit(1762662655.422:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18617 comm="syz.1.5974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2972d8f6c9 code=0x7fc00000
[  511.678510][T18630] overlayfs: failed to clone upperpath
[  511.717219][T18636] netlink: 'syz.1.5980': attribute type 4 has an invalid length.
[  511.733344][T18636] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5980'.
[  511.742941][T18636] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=18636 comm=syz.1.5980
[  511.895584][T18645] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5982'.
[  511.923798][T18644] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5982'.
[  511.990196][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  511.990229][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  511.996755][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.003955][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.010705][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.017044][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.023616][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.030146][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.036532][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.043126][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.049646][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.056121][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.062673][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.070231][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.075597][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.083225][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.088791][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.095391][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.102131][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.109663][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.115565][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.129004][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.129032][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.142323][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.142350][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.158886][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.158911][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.165421][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.179247][T18653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.253618][T18661] rust_binder: Write failure EINVAL in pid:142
[  512.277374][T18665] rust_binder: 145: no such ref 2
[  512.382074][T18674] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  512.389509][T18674] rust_binder: 147: no such ref 3
[  512.394631][T18674] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:147
[  512.395014][T18674] rust_binder: 147: no such ref 2
[  512.399420][T18666] netlink: 84 bytes leftover after parsing attributes in process `syz.1.5988'.
[  512.410006][T18674] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  512.428807][T18674] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:147
[  512.432604][T18674] rust_binder: Got transaction with invalid offset.
[  512.442381][T18674] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  512.449466][T18674] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:147
[  512.542953][   T36] audit: type=1326 audit(1762662656.322:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18698 comm="syz.8.5998" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663358f6c9 code=0x0
[  512.645694][T18706] tipc: Trying to set illegal importance in message
[  512.844490][T18728] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=18728 comm=syz.1.6008
[  512.948446][   T36] audit: type=1400 audit(1762662656.732:1451): avc:  denied  { connect } for  pid=18747 comm="syz.1.6015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  513.407819][  T593] usb 3-1: new full-speed USB device number 62 using dummy_hcd
[  513.556069][T18768] fuse: Bad value for 'group_id'
[  513.561178][T18768] fuse: Bad value for 'group_id'
[  513.567191][  T593] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  513.578286][  T593] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  513.588195][  T593] usb 3-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00
[  513.597260][  T593] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.607178][  T593] usb 3-1: config 0 descriptor??
[  514.018709][  T593] chicony 0003:04F2:1421.0043: item fetching failed at offset 3/5
[  514.026751][  T593] chicony 0003:04F2:1421.0043: Chicony hid parse failed: -22
[  514.034206][  T593] chicony 0003:04F2:1421.0043: probe with driver chicony failed with error -22
[  514.081979][T18780] overlayfs: failed to clone upperpath
[  514.089585][T18780] netlink: 'syz.8.6029': attribute type 4 has an invalid length.
[  514.322221][   T66] usb 3-1: USB disconnect, device number 62
[  514.778597][T18817] overlayfs: failed to clone lowerpath
[  514.861482][T18835] SELinux:  Context system_u:object_r:inetd_exec_t:s0 is not valid (left unmapped).
[  514.872444][   T36] audit: type=1400 audit(1762662658.662:1452): avc:  denied  { relabelto } for  pid=18833 comm="syz.2.6048" name="48" dev="tmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  514.878888][T18835] IPv6: NLM_F_CREATE should be specified when creating new route
[  514.902956][   T36] audit: type=1400 audit(1762662658.662:1453): avc:  denied  { associate } for  pid=18833 comm="syz.2.6048" name="48" dev="tmpfs" ino=265 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:inetd_exec_t:s0"
[  514.930224][T18843] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  514.943095][   T36] audit: type=1400 audit(1762662658.702:1454): avc:  denied  { write } for  pid=17677 comm="syz-executor" name="48" dev="tmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  514.978710][   T36] audit: type=1400 audit(1762662658.702:1455): avc:  denied  { remove_name } for  pid=17677 comm="syz-executor" name="binderfs" dev="tmpfs" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  514.995680][T18860] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  515.006451][   T36] audit: type=1400 audit(1762662658.702:1456): avc:  denied  { rmdir } for  pid=17677 comm="syz-executor" name="48" dev="tmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  515.009277][T18860] rust_binder: Error while translating object.
[  515.015412][   T36] audit: type=1326 audit(1762662658.722:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18837 comm="syz.8.6051" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7f663358f6c9 code=0x0
[  515.039555][T18860] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  515.068525][T18860] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:159
[  515.087300][T18868] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6058'.
[  515.105570][T18868] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6058'.
[  515.114589][T18868] netlink: 'syz.2.6058': attribute type 5 has an invalid length.
[  515.122336][T18868] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6058'.
[  515.131410][T18868] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6058'.
[  515.140385][T18868] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6058'.
[  515.149361][T18868] netlink: 'syz.2.6058': attribute type 5 has an invalid length.
[  515.157088][T18868] netlink: 43 bytes leftover after parsing attributes in process `syz.2.6058'.
[  515.166136][T18868] netlink: 'syz.2.6058': attribute type 5 has an invalid length.
[  515.174100][T18868] netlink: 'syz.2.6058': attribute type 5 has an invalid length.
[  515.181968][T18868] netlink: 'syz.2.6058': attribute type 5 has an invalid length.
[  515.189798][T18868] netlink: 'syz.2.6058': attribute type 5 has an invalid length.
[  515.197669][T18868] netlink: 'syz.2.6058': attribute type 5 has an invalid length.
[  515.795679][   T36] audit: type=1326 audit(1762662659.572:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18908 comm="syz.1.6071" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2972d8f6c9 code=0x0
[  515.822262][T18913] fuse: Unknown parameter 'bd'
[  518.602965][   T36] audit: type=1326 audit(1762662662.382:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19005 comm="syz.2.6108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcab8f6c9 code=0x7fc00000
[  519.232255][   T36] audit: type=1326 audit(1762662663.012:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19005 comm="syz.2.6108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7fcab8f6c9 code=0x7fc00000
[  519.300110][T19044] fuse: Unknown parameter '�k�G����00000000000000000000'
[  519.308774][T19044] overlayfs: failed to resolve './file0/file0': -20
[  519.375455][   T36] audit: type=1326 audit(1762662663.152:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19045 comm="syz.2.6120" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fcab8f6c9 code=0x0
[  520.087396][T19077] __nla_validate_parse: 94 callbacks suppressed
[  520.087412][T19077] netlink: 56 bytes leftover after parsing attributes in process `syz.8.6131'.
[  520.213075][T19093] kvm: kvm [19092]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7
[  520.221751][T19093] kvm: kvm [19092]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7
[  520.287475][T19107] rust_binder: Error while translating object.
[  520.287508][T19107] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  520.293889][T19107] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:61
[  520.329758][T19110] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  520.362358][   T36] audit: type=1400 audit(1762662664.142:1462): avc:  denied  { write } for  pid=19111 comm="syz.6.6142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  520.392092][   T36] audit: type=1400 audit(1762662664.172:1463): avc:  denied  { read write } for  pid=18433 comm="syz-executor" name="loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  520.418827][   T36] audit: type=1400 audit(1762662664.172:1464): avc:  denied  { open } for  pid=18433 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  520.443163][   T36] audit: type=1400 audit(1762662664.172:1465): avc:  denied  { ioctl } for  pid=18433 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  520.468873][   T36] audit: type=1400 audit(1762662664.182:1466): avc:  denied  { read } for  pid=19116 comm="syz.6.6143" name="binder1" dev="binder" ino=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  520.491848][   T36] audit: type=1400 audit(1762662664.182:1467): avc:  denied  { open } for  pid=19116 comm="syz.6.6143" path="/dev/binderfs/binder1" dev="binder" ino=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  520.515896][   T36] audit: type=1400 audit(1762662664.182:1468): avc:  denied  { create } for  pid=19116 comm="syz.6.6143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  520.570662][T19124] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 152, size: 18446744073709551507)
[  520.570690][T19124] rust_binder: Error while translating object.
[  520.582966][T19124] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  520.589240][T19124] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:77
[  520.611061][T19126] rust_binder: 79: no such ref 0
[  520.625341][T19126] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  520.632592][T19126] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  520.650351][T19128] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:81
[  520.663041][T19130] input: syz0 as /devices/virtual/input/input54
[  520.686425][T19130] rust_binder: 83: no such ref 3
[  520.691479][T19130] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  520.698646][T19130] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  520.705751][T19130] rust_binder: Write failure EFAULT in pid:83
[  521.194762][T19152] overlayfs: missing 'lowerdir'
[  521.864355][T19191] netlink: 68 bytes leftover after parsing attributes in process `syz.2.6171'.
[  521.892030][T19195] netlink: 9 bytes leftover after parsing attributes in process `syz.2.6173'.
[  521.901316][T19195] gretap0: entered promiscuous mode
[  521.907745][T19195] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6173'.
[  521.916866][T19195] 0��{X��: renamed from gretap0
[  521.923081][T19195] 0��{X��: left promiscuous mode
[  521.928230][T19195] 0��{X��: entered allmulticast mode
[  521.934375][T19195] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  522.125828][T19199] can: request_module (can-proto-7) failed.
[  523.191224][T19227] fuse: Bad value for 'fd'
[  523.342178][T19231] overlayfs: failed to clone upperpath
[  524.046379][   T36] kauditd_printk_skb: 61 callbacks suppressed
[  524.046401][   T36] audit: type=1400 audit(1762662667.822:1530): avc:  denied  { execute } for  pid=19257 comm="syz.8.6196" path="/dev/fuse" dev="tmpfs" ino=1765 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  524.900062][   T36] audit: type=1400 audit(1762662668.672:1531): avc:  denied  { connect } for  pid=19273 comm="syz.2.6202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  524.929752][   T36] audit: type=1400 audit(1762662668.712:1532): avc:  denied  { bind } for  pid=19275 comm="syz.8.6203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  524.958989][   T36] audit: type=1400 audit(1762662668.742:1533): avc:  denied  { mount } for  pid=19282 comm="syz.1.6205" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  524.960334][T19274] overlayfs: failed to clone upperpath
[  524.993713][   T36] audit: type=1400 audit(1762662668.772:1534): avc:  denied  { read } for  pid=19273 comm="syz.2.6202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  525.013744][   T36] audit: type=1400 audit(1762662668.782:1535): avc:  denied  { bind } for  pid=19287 comm="syz.8.6207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  525.041056][   T36] audit: type=1400 audit(1762662668.782:1536): avc:  denied  { name_bind } for  pid=19287 comm="syz.8.6207" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  525.063756][   T36] audit: type=1400 audit(1762662668.782:1537): avc:  denied  { node_bind } for  pid=19287 comm="syz.8.6207" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  525.085520][   T36] audit: type=1400 audit(1762662668.782:1538): avc:  denied  { read } for  pid=19287 comm="syz.8.6207" lport=20004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  525.106526][   T36] audit: type=1400 audit(1762662668.812:1539): avc:  denied  { create } for  pid=19289 comm="syz.1.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  525.124370][T19311] 9pnet_fd: Insufficient options for proto=fd
[  525.362290][T19328] 9pnet_fd: Insufficient options for proto=fd
[  525.639741][T19346] validate_nla: 26 callbacks suppressed
[  525.639766][T19346] netlink: 'syz.2.6228': attribute type 1 has an invalid length.
[  525.762763][T19354] fuse: blksize only supported for fuseblk
[  526.635612][T19421] 9pnet_fd: Insufficient options for proto=fd
[  526.651367][T19424] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26213 sclass=netlink_route_socket pid=19424 comm=syz.8.6257
[  526.674313][T19428] 9pnet_fd: Insufficient options for proto=fd
[  527.519780][T19474] overlayfs: conflicting options: metacopy=on,redirect_dir=follow
[  527.537270][T19474] /dev/loop0: Can't lookup blockdev
[  528.361074][T19497] netlink: 'syz.2.6283': attribute type 6 has an invalid length.
[  528.371255][T19497] netlink: 'syz.2.6283': attribute type 4 has an invalid length.
[  528.379049][T19497] netlink: 17 bytes leftover after parsing attributes in process `syz.2.6283'.
[  528.428354][T19508] overlayfs: failed to clone upperpath
[  528.543838][T19537] netlink: 'syz.8.6297': attribute type 13 has an invalid length.
[  528.549653][T19538] x_tables: duplicate entry at hook 1
[  528.560321][T19538] x_tables: duplicate entry at hook 1
[  528.699852][T19557] netlink: 36 bytes leftover after parsing attributes in process `syz.8.6302'.
[  528.875342][T19574] overlay: ./file0 is not a directory
[  529.053588][   T36] kauditd_printk_skb: 38 callbacks suppressed
[  529.053611][   T36] audit: type=1400 audit(1762662672.832:1578): avc:  denied  { create } for  pid=19585 comm="syz.1.6313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  529.060622][T19586] 9pnet_fd: Insufficient options for proto=fd
[  529.333847][   T36] audit: type=1400 audit(1762662673.112:1579): avc:  denied  { write } for  pid=19592 comm="syz.8.6315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  529.357040][   T36] audit: type=1400 audit(1762662673.112:1580): avc:  denied  { nlmsg_write } for  pid=19592 comm="syz.8.6315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  529.456881][T19599] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6318'.
[  529.519123][   T36] audit: type=1400 audit(1762662673.302:1581): avc:  denied  { map } for  pid=19598 comm="syz.2.6318" path="pipe:[95431]" dev="pipefs" ino=95431 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  529.542092][   T36] audit: type=1400 audit(1762662673.302:1582): avc:  denied  { execute } for  pid=19598 comm="syz.2.6318" path="pipe:[95431]" dev="pipefs" ino=95431 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  529.941647][   T36] audit: type=1400 audit(1762662673.722:1583): avc:  denied  { read write } for  pid=19604 comm="syz.6.6320" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  529.974360][   T36] audit: type=1400 audit(1762662673.722:1584): avc:  denied  { open } for  pid=19604 comm="syz.6.6320" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  530.000674][   T36] audit: type=1400 audit(1762662673.732:1585): avc:  denied  { map } for  pid=19604 comm="syz.6.6320" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  530.017585][T19614] rust_binder: Failed to allocate buffer. len:120, is_oneway:false
[  530.024085][T19615] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[  530.039415][T19615] rust_binder: 100: no such ref 1
[  530.044519][T19615] rust_binder: Failed to allocate buffer. len:3160, is_oneway:true
[  530.153279][T19625] netlink: 'syz.8.6327': attribute type 1 has an invalid length.
[  530.178354][T19627] netlink: 'syz.8.6328': attribute type 27 has an invalid length.
[  530.186243][T19627] lo: entered promiscuous mode
[  530.191534][T19627] lo: entered allmulticast mode
[  530.203196][T19627] tunl0: entered promiscuous mode
[  530.208366][T19627] tunl0: entered allmulticast mode
[  530.213909][T19627] gre0: entered promiscuous mode
[  530.219150][T19627] gre0: entered allmulticast mode
[  530.224476][T19627] gretap0: entered promiscuous mode
[  530.229850][T19627] gretap0: entered allmulticast mode
[  530.235648][T19627] erspan0: entered promiscuous mode
[  530.241273][T19627] erspan0: entered allmulticast mode
[  530.246901][T19627] ip_vti0: entered promiscuous mode
[  530.252159][T19627] ip_vti0: entered allmulticast mode
[  530.257672][T19627] ip6_vti0: entered promiscuous mode
[  530.263215][T19627] ip6_vti0: entered allmulticast mode
[  530.268947][T19627] sit0: entered promiscuous mode
[  530.273900][T19627] sit0: entered allmulticast mode
[  530.279253][T19627] ip6tnl0: entered promiscuous mode
[  530.284447][T19627] ip6tnl0: entered allmulticast mode
[  530.289994][T19627] ip6gre0: entered promiscuous mode
[  530.295369][T19627] ip6gre0: entered allmulticast mode
[  530.300958][T19627] ip6gretap0: entered promiscuous mode
[  530.306415][T19627] ip6gretap0: entered allmulticast mode
[  530.312302][T19627] bridge0: entered promiscuous mode
[  530.317500][T19627] bridge0: entered allmulticast mode
[  530.323201][T19627] vcan0: entered promiscuous mode
[  530.328270][T19627] vcan0: entered allmulticast mode
[  530.333455][T19627] dummy0: entered promiscuous mode
[  530.338782][T19627] dummy0: entered allmulticast mode
[  530.344206][T19627] veth0: entered promiscuous mode
[  530.349387][T19627] veth0: entered allmulticast mode
[  530.354873][T19627] veth1: entered promiscuous mode
[  530.359954][T19627] veth1: entered allmulticast mode
[  530.365312][T19627] wg0: entered promiscuous mode
[  530.370190][T19627] wg0: entered allmulticast mode
[  530.375543][T19627] wg1: entered promiscuous mode
[  530.380670][T19627] wg1: entered allmulticast mode
[  530.386142][T19627] wg2: entered promiscuous mode
[  530.391350][T19627] wg2: entered allmulticast mode
[  530.396603][T19627] veth0_to_bridge: entered promiscuous mode
[  530.402579][T19627] veth0_to_bridge: entered allmulticast mode
[  530.409185][T19627] veth1_to_bridge: entered promiscuous mode
[  530.415080][T19627] veth1_to_bridge: entered allmulticast mode
[  530.421866][T19627] veth0_to_bond: entered promiscuous mode
[  530.427747][T19627] veth0_to_bond: entered allmulticast mode
[  530.434030][T19627] bond_slave_0: entered promiscuous mode
[  530.439745][T19627] bond_slave_0: entered allmulticast mode
[  530.445760][T19627] veth1_to_bond: entered promiscuous mode
[  530.451777][T19627] veth1_to_bond: entered allmulticast mode
[  530.458302][T19627] bond_slave_1: entered promiscuous mode
[  530.463964][T19627] bond_slave_1: entered allmulticast mode
[  530.470086][T19627] veth0_to_team: entered promiscuous mode
[  530.475825][T19627] veth0_to_team: entered allmulticast mode
[  530.482073][T19627] team_slave_0: entered promiscuous mode
[  530.487822][T19627] team_slave_0: entered allmulticast mode
[  530.493842][T19627] veth1_to_team: entered promiscuous mode
[  530.499631][T19627] veth1_to_team: entered allmulticast mode
[  530.505820][T19627] team_slave_1: entered promiscuous mode
[  530.511683][T19627] team_slave_1: entered allmulticast mode
[  530.517709][T19627] veth0_to_batadv: entered promiscuous mode
[  530.523999][T19627] veth0_to_batadv: entered allmulticast mode
[  530.530557][T19627] batadv_slave_0: entered promiscuous mode
[  530.536476][T19627] batadv_slave_0: entered allmulticast mode
[  530.542834][T19627] veth1_to_batadv: entered promiscuous mode
[  530.548827][T19627] veth1_to_batadv: entered allmulticast mode
[  530.555069][T19627] batadv_slave_1: entered promiscuous mode
[  530.561086][T19627] batadv_slave_1: entered allmulticast mode
[  530.567291][T19627] !@�: entered promiscuous mode
[  530.572501][T19627] !@�: entered allmulticast mode
[  530.577746][T19627] veth0_to_hsr: entered promiscuous mode
[  530.583572][T19627] veth0_to_hsr: entered allmulticast mode
[  530.589932][T19627] hsr_slave_0: entered promiscuous mode
[  530.595501][T19627] hsr_slave_0: entered allmulticast mode
[  530.601635][T19627] veth1_to_hsr: entered promiscuous mode
[  530.607353][T19627] veth1_to_hsr: entered allmulticast mode
[  530.613523][T19627] hsr_slave_1: entered promiscuous mode
[  530.619289][T19627] hsr_slave_1: entered allmulticast mode
[  530.625304][T19627] veth1_virt_wifi: entered promiscuous mode
[  530.631372][T19627] veth1_virt_wifi: entered allmulticast mode
[  530.637724][T19627] veth0_virt_wifi: entered promiscuous mode
[  530.643757][T19627] veth0_virt_wifi: entered allmulticast mode
[  530.650299][T19627] veth1_vlan: entered promiscuous mode
[  530.655830][T19627] veth1_vlan: entered allmulticast mode
[  530.661919][T19627] veth0_vlan: entered allmulticast mode
[  530.668186][T19627] vlan1: entered promiscuous mode
[  530.673325][T19627] vlan1: entered allmulticast mode
[  530.679031][T19627] veth1_macvtap: entered allmulticast mode
[  530.685253][T19627] veth0_macvtap: entered promiscuous mode
[  530.691070][T19627] veth0_macvtap: entered allmulticast mode
[  530.697245][T19627] macsec0: entered promiscuous mode
[  530.702540][T19627] macsec0: entered allmulticast mode
[  530.708269][T19627] syztnl0: entered promiscuous mode
[  530.713494][T19627] syztnl0: entered allmulticast mode
[  530.730429][T19633] netlink: 168 bytes leftover after parsing attributes in process `syz.8.6329'.
[  530.955960][   T36] audit: type=1400 audit(1762662674.732:1586): avc:  denied  { nlmsg_read } for  pid=19645 comm="syz.8.6333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  530.976705][   T36] audit: type=1400 audit(1762662674.742:1587): avc:  denied  { setopt } for  pid=19645 comm="syz.8.6333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  531.083336][T19650] netlink: 96 bytes leftover after parsing attributes in process `syz.8.6334'.
[  531.955495][T19659] overlayfs: failed to clone lowerpath
[  532.086692][T19685] 9pnet_fd: Insufficient options for proto=fd
[  532.690462][T19705] netlink: 'syz.2.6352': attribute type 4 has an invalid length.
[  532.699916][T19706] netlink: 'syz.2.6352': attribute type 4 has an invalid length.
[  533.038170][T19735] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1537 sclass=netlink_route_socket pid=19735 comm=syz.1.6361
[  533.957500][T19769] rust_binder: 119: no such ref 1
[  533.974720][T19772] netlink: 'syz.6.6373': attribute type 25 has an invalid length.
[  534.211439][   T36] kauditd_printk_skb: 10 callbacks suppressed
[  534.211458][   T36] audit: type=1400 audit(1762662677.992:1598): avc:  denied  { unmount } for  pid=18433 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  534.294580][   T36] audit: type=1400 audit(1762662678.072:1599): avc:  denied  { read write } for  pid=19789 comm="syz.6.6378" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  534.319417][   T36] audit: type=1400 audit(1762662678.072:1600): avc:  denied  { open } for  pid=19789 comm="syz.6.6378" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  534.346400][T19791] rust_binder: Failed to allocate buffer. len:1168, is_oneway:true
[  534.432310][   T36] audit: type=1400 audit(1762662678.212:1601): avc:  denied  { read write } for  pid=19800 comm="syz.6.6381" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  534.465089][   T36] audit: type=1400 audit(1762662678.212:1602): avc:  denied  { open } for  pid=19800 comm="syz.6.6381" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  534.490392][   T36] audit: type=1400 audit(1762662678.222:1603): avc:  denied  { ioctl } for  pid=19800 comm="syz.6.6381" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  534.516251][   T36] audit: type=1400 audit(1762662678.242:1604): avc:  denied  { getopt } for  pid=19805 comm="syz.1.6383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  534.537011][   T36] audit: type=1326 audit(1762662678.302:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19815 comm="syz.1.6386" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2972d8f6c9 code=0x0
[  534.706092][T19840] x_tables: unsorted entry at hook 2
[  535.011623][   T36] audit: type=1400 audit(1762662678.792:1606): avc:  denied  { setattr } for  pid=19848 comm="syz.1.6397" name="PACKET" dev="sockfs" ino=95868 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  535.060531][T19849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19849 comm=syz.1.6397
[  535.367544][T19859] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6400'.
[  535.377277][   T36] audit: type=1400 audit(1762662679.152:1607): avc:  denied  { ioctl } for  pid=19858 comm="syz.1.6400" path="socket:[95044]" dev="sockfs" ino=95044 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  536.096742][T19877] x_tables: duplicate underflow at hook 1
[  537.446260][T19925] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  537.446304][T19925] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  537.453053][T19925] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  537.626263][T19941] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6424'.
[  537.801640][T19961] rust_binder: 162: no such ref 3
[  537.806856][T19961] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  537.814998][T19961] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  537.822353][T19961] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:162
[  537.866415][T19967] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  537.883105][T19967] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:167
[  537.903545][T19974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  537.921786][T19974] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  538.055654][T20002] input: syz0 as /devices/virtual/input/input55
[  538.852677][T20060] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20060 comm=syz.1.6460
[  539.006116][T20067] overlayfs: fs on '.' does not support file handles, falling back to xino=off.
[  539.029379][T20067] erofs: (device loop6): erofs_read_superblock: cannot find valid erofs superblock
[  539.085487][T20072] IPv6: NLM_F_CREATE should be specified when creating new route
[  539.093813][T20072] rust_binder: 201: no such ref 2
[  539.112369][T20075] rust_binder: Error while translating object.
[  539.112431][T20075] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  539.118700][T20075] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:203
[  539.279124][T20098] rust_binder: Got transaction with invalid offset.
[  539.288484][T20098] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  539.295085][T20098] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:220
[  539.318501][   T36] kauditd_printk_skb: 34 callbacks suppressed
[  539.318520][   T36] audit: type=1400 audit(1762662683.102:1642): avc:  denied  { bind } for  pid=20099 comm="syz.6.6473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  539.353761][   T36] audit: type=1400 audit(1762662683.102:1643): avc:  denied  { accept } for  pid=20099 comm="syz.6.6473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  539.373806][   T36] audit: type=1400 audit(1762662683.102:1644): avc:  denied  { setopt } for  pid=20099 comm="syz.6.6473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  539.403254][T20109] rust_binder: Write failure EINVAL in pid:231
[  539.430393][   T36] audit: type=1400 audit(1762662683.212:1645): avc:  denied  { create } for  pid=20113 comm="syz.6.6477" name="#55" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  539.431180][T20114] /dev/rnullb0: Can't open blockdev
[  539.436894][   T36] audit: type=1400 audit(1762662683.212:1646): avc:  denied  { link } for  pid=20113 comm="syz.6.6477" name="#55" dev="tmpfs" ino=421 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  539.485238][   T36] audit: type=1400 audit(1762662683.212:1647): avc:  denied  { rename } for  pid=20113 comm="syz.6.6477" name="#56" dev="tmpfs" ino=421 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  539.514318][T20012] ------------[ cut here ]------------
[  539.514700][   T36] audit: type=1400 audit(1762662683.292:1648): avc:  denied  { read } for  pid=20118 comm="syz.2.6478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  539.519866][T20012] WARNING: CPU: 1 PID: 20012 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[  539.540281][T20119] netlink: 2 bytes leftover after parsing attributes in process `syz.2.6478'.
[  539.549511][T20012] Modules linked in:
[  539.562286][T20012] CPU: 1 UID: 0 PID: 20012 Comm: syz.6.6450 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  539.574050][T20012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  539.584161][T20012] RIP: 0010:ovl_dir_modified+0x15a/0x190
[  539.589869][T20012] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 ae 48 99 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc 97 4c 03 cc e8 16 db 42 ff <0f> 0b e9 3e ff ff ff e8 0a db 42 ff 0f 0b e9 6e ff ff ff 44 89 f9
[  539.609527][T20012] RSP: 0018:ffffc9000446f768 EFLAGS: 00010293
[  539.615613][T20012] RAX: ffffffff8243239a RBX: 0000000000000000 RCX: ffff888123a49300
[  539.623613][T20012] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  539.631624][T20012] RBP: ffffc9000446f790 R08: ffff888110e99a1f R09: 1ffff110221d3343
[  539.639642][T20012] R10: dffffc0000000000 R11: ffffed10221d3344 R12: 0000000000000000
[  539.647651][T20012] R13: dffffc0000000000 R14: ffff888110e99980 R15: ffff888122361880
[  539.655665][T20012] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  539.664639][T20012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  539.671450][T20012] CR2: 00007f7fc95b4f98 CR3: 00000000072a8000 CR4: 00000000003526b0
[  539.679475][T20012] Call Trace:
[  539.682781][T20012]  <TASK>
[  539.685716][T20012]  ovl_do_remove+0x7b8/0xcf0
[  539.690341][T20012]  ? ovl_set_redirect+0x780/0x780
[  539.695410][T20012]  ? down_write+0xe9/0x2a0
[  539.699855][T20012]  ? __cfi_down_write+0x10/0x10
[  539.704727][T20012]  ovl_rmdir+0x1e/0x30
[  539.708820][T20012]  vfs_rmdir+0x3dd/0x560
[  539.713089][T20012]  incfs_kill_sb+0x109/0x230
[  539.717678][T20012]  deactivate_locked_super+0xd5/0x2a0
[  539.723170][T20012]  deactivate_super+0xb8/0xe0
[  539.727937][T20012]  cleanup_mnt+0x3f1/0x480
[  539.732381][T20012]  __cleanup_mnt+0x1d/0x40
[  539.736809][T20012]  task_work_run+0x1e0/0x250
[  539.741438][T20012]  ? __cfi_task_work_run+0x10/0x10
[  539.746613][T20012]  ? free_nsproxy+0x223/0x290
[  539.751340][T20012]  do_exit+0x9bc/0x2630
[  539.755517][T20012]  ? __sched_text_start+0x10/0x10
[  539.760595][T20012]  ? __cfi_do_exit+0x10/0x10
[  539.765221][T20012]  ? __kasan_check_write+0x18/0x20
[  539.770445][T20012]  ? _raw_spin_lock_irq+0x8d/0x120
[  539.775592][T20012]  ? __kasan_check_read+0x15/0x20
[  539.780654][T20012]  ? cgroup_update_frozen+0x160/0x990
[  539.786047][T20012]  do_group_exit+0x22a/0x300
[  539.790697][T20012]  ? cgroup_leave_frozen+0x16c/0x2b0
[  539.796096][T20012]  get_signal+0x139d/0x14f0
[  539.800645][T20012]  arch_do_signal_or_restart+0x96/0x720
[  539.806237][T20012]  ? common_nsleep+0x93/0xb0
[  539.811155][T20012]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  539.817410][T20012]  ? __se_sys_clock_nanosleep+0x2fd/0x390
[  539.823187][T20012]  ? __kasan_check_read+0x15/0x20
[  539.828285][T20012]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  539.834372][T20012]  syscall_exit_to_user_mode+0x58/0xb0
[  539.839887][T20012]  do_syscall_64+0x64/0xf0
[  539.844326][T20012]  ? clear_bhb_loop+0x50/0xa0
[  539.849058][T20012]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  539.854970][T20012] RIP: 00fb:0x294e66b3c7c44cb4
[  539.859872][T20012] Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
[  539.867267][T20012] RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
[  539.875704][T20012] RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
[  539.883726][T20012] RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
[  539.891740][T20012] RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
[  539.899769][T20012] R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
[  539.907744][T20012] R13: a8d7b5dbf29d588f R14: 9ba473c1014f02b4 R15: 107b9d1451766018
[  539.915774][T20012]  </TASK>
[  539.918834][T20012] ---[ end trace 0000000000000000 ]---
[  539.924882][T20012] ------------[ cut here ]------------
[  539.930395][T20012] WARNING: CPU: 0 PID: 20012 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[  539.939933][T20012] Modules linked in:
[  539.943865][T20012] CPU: 0 UID: 0 PID: 20012 Comm: syz.6.6450 Tainted: G        W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  539.957001][T20012] Tainted: [W]=WARN
[  539.960842][T20012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  539.970925][T20012] RIP: 0010:ovl_dir_modified+0x15a/0x190
[  539.976587][T20012] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 ae 48 99 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc 97 4c 03 cc e8 16 db 42 ff <0f> 0b e9 3e ff ff ff e8 0a db 42 ff 0f 0b e9 6e ff ff ff 44 89 f9
[  539.996249][T20012] RSP: 0018:ffffc9000446f768 EFLAGS: 00010293
[  540.002356][T20012] RAX: ffffffff8243239a RBX: 0000000000000000 RCX: ffff888123a49300
[  540.010416][T20012] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  540.018431][T20012] RBP: ffffc9000446f790 R08: ffff888110e99a1f R09: 1ffff110221d3343
[  540.026431][T20012] R10: dffffc0000000000 R11: ffffed10221d3344 R12: 0000000000000000
[  540.034436][T20012] R13: dffffc0000000000 R14: ffff888110e99980 R15: ffff888122361880
[  540.042499][T20012] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  540.051485][T20012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  540.058105][T20012] CR2: 000000110c30101e CR3: 0000000106eca000 CR4: 00000000003526b0
[  540.066088][T20012] Call Trace:
[  540.069389][T20012]  <TASK>
[  540.072328][T20012]  ovl_do_remove+0x7b8/0xcf0
[  540.076919][T20012]  ? ovl_set_redirect+0x780/0x780
[  540.081966][T20012]  ? down_write+0xe9/0x2a0
[  540.086402][T20012]  ? __cfi_down_write+0x10/0x10
[  540.091299][T20012]  ovl_rmdir+0x1e/0x30
[  540.095399][T20012]  vfs_rmdir+0x3dd/0x560
[  540.099674][T20012]  incfs_kill_sb+0x1a0/0x230
[  540.104286][T20012]  deactivate_locked_super+0xd5/0x2a0
[  540.109693][T20012]  deactivate_super+0xb8/0xe0
[  540.114478][T20012]  cleanup_mnt+0x3f1/0x480
[  540.118939][T20012]  __cleanup_mnt+0x1d/0x40
[  540.123391][T20012]  task_work_run+0x1e0/0x250
[  540.128096][T20012]  ? __cfi_task_work_run+0x10/0x10
[  540.133243][T20012]  ? free_nsproxy+0x223/0x290
[  540.138033][T20012]  do_exit+0x9bc/0x2630
[  540.142296][T20012]  ? __sched_text_start+0x10/0x10
[  540.147392][T20012]  ? __cfi_do_exit+0x10/0x10
[  540.152017][T20012]  ? __kasan_check_write+0x18/0x20
[  540.157172][T20012]  ? _raw_spin_lock_irq+0x8d/0x120
[  540.162334][T20012]  ? __kasan_check_read+0x15/0x20
[  540.167420][T20012]  ? cgroup_update_frozen+0x160/0x990
[  540.172847][T20012]  do_group_exit+0x22a/0x300
[  540.177465][T20012]  ? cgroup_leave_frozen+0x16c/0x2b0
[  540.182793][T20012]  get_signal+0x139d/0x14f0
[  540.187324][T20012]  arch_do_signal_or_restart+0x96/0x720
[  540.193003][T20012]  ? common_nsleep+0x93/0xb0
[  540.197616][T20012]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  540.203796][T20012]  ? __se_sys_clock_nanosleep+0x2fd/0x390
[  540.209605][T20012]  ? __kasan_check_read+0x15/0x20
[  540.214653][T20012]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  540.220755][T20012]  syscall_exit_to_user_mode+0x58/0xb0
[  540.226235][T20012]  do_syscall_64+0x64/0xf0
[  540.230703][T20012]  ? clear_bhb_loop+0x50/0xa0
[  540.235405][T20012]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  540.241379][T20012] RIP: 00fb:0x294e66b3c7c44cb4
[  540.246169][T20012] Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a.
[  540.253819][T20012] RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
[  540.262274][T20012] RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
[  540.270308][T20012] RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
[  540.278356][T20012] RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
[  540.286352][T20012] R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
[  540.294466][T20012] R13: a8d7b5dbf29d588f R14: 9ba473c1014f02b4 R15: 107b9d1451766018
[  540.302501][T20012]  </TASK>
[  540.305655][T20012] ---[ end trace 0000000000000000 ]---
[  540.340133][   T12] bridge_slave_1: left allmulticast mode
[  540.345881][   T12] bridge_slave_1: left promiscuous mode
[  540.351595][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.359395][   T12] bridge_slave_0: left allmulticast mode
[  540.365120][   T12] bridge_slave_0: left promiscuous mode
[  540.370979][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.499435][   T12] tipc: Left network mode
[  540.504942][   T12] veth1_macvtap: left promiscuous mode
[  540.510692][   T12] veth0_vlan: left promiscuous mode