Extracting prog: 43m39.133039324s
Minimizing prog: 14m38.785481128s
Simplifying prog options: 0s
Extracting C: 28.965931305s
Simplifying C: 12m59.104313357s


extracting reproducer from 59 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-openat$userio-socket$kcm-sendmsg$inet-write$USERIO_CMD_SET_PORT_TYPE-write$USERIO_CMD_REGISTER-write$USERIO_CMD_SEND_INTERRUPT-sendmsg$NL80211_CMD_CRIT_PROTOCOL_START-openat$sequencer-syz_open_procfs-preadv-setsockopt$bt_l2cap_L2CAP_LM-read$sequencer-getsockname$packet-getpgrp-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
single: failed to extract reproducer
bisect: bisecting 59 programs with base timeout 30s
testing program (duration=44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 2, 2, 32, 20, 12, 12, 7, 2, 12, 27, 20, 2, 2, 15, 16, 18, 16, 9, 16, 16, 13, 30, 20, 30, 10, 12, 12, 6, 30, 3, 29, 2, 2, 2, 23, 2, 16, 2, 9, 6, 29, 7, 11, 2, 16, 14, 3, 6, 3, 38, 16, 2, 1, 3, 10, 3, 3, 19]
detailed listing:
executing program 3:
syz_emit_vhci(&(0x7f0000000800)=ANY=[@ANYBLOB="040f04017ed2a9845abc4c03b4730ba17420aff8e756740cbff20541197ff44a2543939efc840dc676cad077af85358ac6c2629056fcc96a4b62fdc6837e67f2e88f20d4571901887cc47b7314d309c795825f1838b646ef6c41dfb009e419e3f26733ca37c4fb52cc8fb3ca92ace1cc89bdb4ab4d04f8e3431d884acd43fa39380f38aa815ee58bb308e1ecc9ed36b6f4fbc264783ff45bac2518c31d869798a706ea0c9a471581a2377a7abfe34fd8339aa88c75b56aca9ac0582e584bc77098005c9ac4863ab8333a38e27e420e206b3f10ba6b273e9191e661fd6f636323955ad2b45479851cbdc18ce808668347bf4bee7618b8fd34a77a2475ab6b739530eb7b200c85d3f8f58a4d74c0ffffff7eba02590d9328c756910e442fb1a9bb0ba4ac4ce24df59621aba5d1aa1a8402955a42597c6482222b2f81377838ef8c6d634b42edcb1bef33e73a2097abd40642f2d8363fdc29e3dad8c2e1373b78bd0e1571b38bb3570c3e5bcb12143e9e6243ca938c8f5ec7d80a66ac0d70c9aacaf0db8003d6fdbc8f71b3877b"], 0x7)
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xd, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000040), 0x0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)=r3}, 0x20)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB], 0x104}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
r9 = landlock_create_ruleset(&(0x7f0000000080)={0x220, 0x1, 0x1}, 0x18, 0x0)
landlock_restrict_self(r9, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x8000003d)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000200)={<r10=>r6, 0x718b95a8, 0xf, 0x9})
mknodat$loop(r10, &(0x7f0000000340)='./file0\x00', 0x2, 0x0)
ioctl$KVM_GET_LAPIC(r1, 0x8400ae8e, 0x0)
pipe2(&(0x7f0000000000), 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x7, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x19}, @generic={0xa7}, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r11 = syz_open_dev$video4linux(&(0x7f0000000100), 0x0, 0x0)
poll(&(0x7f0000000280)=[{r11, 0x8}], 0x1, 0x5)
r12 = socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r13, 0x8914, &(0x7f0000000040)={'virt_wifi0\x00', @random="0005ddd5b9f7"})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c1f00001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03000000000000001c0012800c0001006d6163766c616e000c000280080201000800000008000580", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8], 0x4c}}, 0x4014)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c000100030000000000000007", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb, 0x30a}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={<r0=>0x0}, &(0x7f0000000100)=0xc)
setpgid(r0, 0xffffffffffffffff)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x18801a, 0x0) (async)
mount$bind(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x18801a, 0x0)
r1 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f00000008c0)={'filter\x00', 0x2, 0x4, 0x3c8, 0x0, 0x1f8, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x3e}, @dev, 0x0, 0xff0000ff, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x108}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) (async)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f00000008c0)={'filter\x00', 0x2, 0x4, 0x3c8, 0x0, 0x1f8, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x3e}, @dev, 0x0, 0xff0000ff, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x108}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000080)=0x2)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x0, 0x0, {0x400e802, 0x4, 0x9, 0x8}})
accept(r1, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000240), 0x1, 0x2) (async)
r5 = syz_open_dev$radio(&(0x7f0000000240), 0x1, 0x2)
ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f00000002c0)={0x4, 0x101, 0x1, {0xe, 0xfffffffc, 0x9, 0x2d}})
acct(&(0x7f0000000000)='./file0\x00') (async)
acct(&(0x7f0000000000)='./file0\x00')
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) (async)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xb28082, 0x0)
setns(0xffffffffffffffff, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360) (async)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f0000000140), 0x0, 0x0)
executing program 3:
socket(0x10, 0x802, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c0203010902"], 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080))
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
epoll_create(0x101)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2000002)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
ioctl$FIDEDUPERANGE(r6, 0xc0189436, &(0x7f0000000040)={0x2, 0x0, 0x1, 0x0, 0x0, [{{r6}, 0x1}]})
ioctl$KVM_GET_MSRS(r5, 0xc008ae88, &(0x7f0000000040))
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r4, 0x110, 0x4, &(0x7f00000000c0)=0x1, 0x4)
executing program 3:
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, 0x0}, 0x20)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e999000000000000000000000000000000000000ffff00000000ac14", @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fd"], 0xb8}}, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x3f00)
executing program 32:
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, 0x0}, 0x20)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e999000000000000000000000000000000000000ffff00000000ac14", @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fd"], 0xb8}}, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x3f00)
executing program 1:
r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000c80)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x10, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_REFILL_DELAY={0x8, 0x9, 0x4}, @TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc800}, 0x1040)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x1000000, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x32314241}})
executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x258, 0x4c, 0x232, 0x258, 0x0, 0x388, 0x2e8, 0x2e8, 0x388, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [], 'veth1_to_bond\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x0, 0x230, 0x258, 0x0, {}, [@common=@unspec=@cluster={{0x30}}, @common=@inet=@policy={{0x158}, {[{@ipv4=@dev, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@ipv4, [], @ipv4=@broadcast}, {@ipv4=@multicast2, [], @ipv4=@dev}, {@ipv6=@loopback, [], @ipv6=@private2}], 0x1}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @private1, [], [], 'team_slave_0\x00', 'xfrm0\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) (fail_nth: 17)
executing program 1:
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_buf(r0, 0x6, 0x21, &(0x7f0000000200)="24fc911e918c74ad7a0e599e17a90eca", 0x10)
getsockopt$inet_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000080))
mlockall(0x2)
shmget$private(0x0, 0x400000, 0x4, &(0x7f000000e000/0x400000)=nil)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r2=>0x0)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)={0x4f8, 0x2b, 0x200, 0x70bd29, 0x25dfdbfb, "", [@nested={0x180, 0x4f, 0x0, 0x1, [@generic="0454f16d24a7795fb78e3bd7c84d67a2e68acb2b7c8cd49a980c51cdf9e6a074b84d573e065508f57e2dc6f23b36eee0def5e6ef40cae31b8d0e6ea49ff79730a0b6bfc6b57cbd31abe481b631577a7e03bbfeb01c19d233a4cbfd33be1a5a1cb1a6035f59b44aeb4eb6fd22ebd317bcb3dd1fb3df1b6d787ab275417f0391845a0c7dba4a4bb9deb0944a8f", @nested={0x4, 0x37}, @typed={0x8, 0xb, 0x0, 0x0, @u32=0x80000000}, @nested={0x4, 0x114}, @generic="022d535e7e095d9c8adff967250203dc16f9a04d249a3d370e542753e0abc8ebc03e79f6723f9524bd1da51235209c2bca917e059c41a4d068102d4c04f32b5a6765665df3937c9c65d0a7f56d39e3e61713fff0cd16822d812e95cc6881a6cf2b29762ff23dccc35c13afa52e647bd429884fcb712eb932463145f2ef2a745b7bb142cc97fabc6119add23cc79e9896560d0a946ad6333d61c97d21221f22c5abf2c3533122f2588200b8af742b43e16b70fba29e3ba21c5d845e18570291c3ad7c853416d3fa1741b72534f2274670ba52b862e2c1ca7dc561fae98bddae32"]}, @generic="3ac0ea83d30e43d822abf66e28236ed0d3487d4345b5c727866a7d43768e23ede404eadf1b2242ab9b2d682de41d18be668c73b7834a31e7c6827bbbedf95d59a59275c14ed415d235ebe860b1cf984f88f01c4ab8003aa4ea998935d7476c3c82944a40907757ebc7ed05f775593d7f34705e5d8cd9be4092ec0d8e2dc3", @generic="b52b13326c549a4ab59aa24e05380f67af93ee97489253306a72d71a591451db6e53edc6a201140ae61d8a117b9a8e8da5840c652c6882ae1969861f9799bfc7a0620942ddd8b15bfa8df9596639bbee1dd50fd55247817d10da51116f5bec93e022b28c539685c983ffe46a65130bb9e9570c9b41c10095ea10b1e9e80398809033421e2c956f5f65639cd6aeda157ceadd035607b20ed6556a10c944d514d333a1328d31037e24a956505b3341000c98e4054c939df521ddac6cbe6878243b21d6be7062fbc53155fcd1107ac56148d6435f4281bafb42056a5ea823d479837649cd3ea8cdc5", @nested={0x1f0, 0x6a, 0x0, 0x1, [@typed={0x8, 0xd1, 0x0, 0x0, @ipv4=@multicast2}, @typed={0xad, 0x151, 0x0, 0x0, @binary="e6aedb525e4871f609536713181d860bf31398c045cd3425cd3801cc692e7ffbfcf1ddb79ab922437e803acb952c6e714b84e7040e162bf2752c01d3664c69c62c6977ecad1ced49cff7d5ab5f7f81872304284ba3057f4a3184b404b7c255a799291d829e151eda1268a57c7d0be1453541b00260cf6cd3972a4863df5a97ebf71b4654be36d6e259b163414bb7340a5727ef07d0cd6effeb95b3cb32f5f041c565b36880773131b7"}, @generic="d225db8571063c174e500a3a3fbae365db2f64cfa12a42a20183d0a8fb3fa9f776b12ca86af8ff22335a176d8559dca73874928216f3a7c201b98f8306cf54306bc3", @generic="355cba50015df4d10071ae35f700766eb2c9278f76d2a2f69aa2449965d3a738ab04dbe6b858287ce54d096e6ba4e331", @nested={0x4, 0xf9}, @nested={0x4, 0x66}, @generic="5c1a7469c1dd258443868a4f0206c014f93976545a2c832695d1195c01642a45a9341b297209615b0bb41239c8cd4657e72dc87eb48332d4798372c7d80aa69188f1fecf46bc4b91ed75f1e0fd57b1e68d73007216b2e01486d738eb9b8e3cf2a7b2c104b08d28c2bfeb430ec0e8fa4cb006ca93d7d50f54145854e44453e16bfc1841b69040987cc0266f5aeb4bfc3f4fce768c194dd23aabd2d643a1fc3d6b9e0e5b1288db838075eaff37b01e2094303211493dd7", @nested={0x4, 0x2}]}, @typed={0x8, 0xa6, 0x0, 0x0, @pid=r2}, @typed={0x8, 0x86, 0x0, 0x0, @u32=0x3ff}]}, 0x4f8}], 0x1}, 0x0)
shmat(0x0, &(0x7f0000136000/0x4000)=nil, 0x4000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0)
executing program 1:
socket(0x10, 0x802, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c0203010902"], 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
epoll_create(0x101)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x389380a, 0x0)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x1)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
ioctl$FIDEDUPERANGE(r5, 0xc0189436, &(0x7f0000000040)={0x2, 0x0, 0x1, 0x0, 0x0, [{{r5}, 0x1}]})
ioctl$KVM_GET_MSRS(r4, 0xc008ae88, &(0x7f0000000040))
executing program 1:
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
lseek(r0, 0x9, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f00000001c0)='\x00', 0xfe3d, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0xfd, 0xfe, 0x0, 0x0, 0x5, 0x8b, 0x0, 0x0, 0x80, 0x0, 0x0, 0xfc, 0x3}, 0xe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0xfc, &(0x7f00000001c0)={&(0x7f0000000200)={0x14, 0x22, 0x1, 0xfffffffc, 0xfffffffc, {0x2}}, 0x14}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg$unix(r3, 0x0, 0x2)
setsockopt$sock_attach_bpf(r3, 0x1, 0x23, &(0x7f0000000000), 0x4)
sendmsg$inet(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180)=0x6, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe1, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x30, 0x0, 0x415e01c18bc11981, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x8, 0x10}, {0x7f, 0x3}, {0xfa, 0x2}, {0xd8, 0x3}], "fd0ee3f6bd3284a7"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x40000a0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, 0x0)
executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000e00)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x268, 0x311, 0x0, 0x268, 0x3f0, 0x460, 0x460, 0x3f0, 0x460, 0x9, 0x0, {[{{@uncond, 0x160, 0x288, 0x2b0, 0x3000000, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x7f800000000000, 0x0, 0x0, 0x80, 0x5, 0x9}}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @private2, @remote, [], [], [], 0x0, 0x7863}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xd8, 0x140, 0xe4030000, {}, [@common=@unspec=@realm={{0x30}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
executing program 33:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000e00)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x268, 0x311, 0x0, 0x268, 0x3f0, 0x460, 0x460, 0x3f0, 0x460, 0x9, 0x0, {[{{@uncond, 0x160, 0x288, 0x2b0, 0x3000000, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x7f800000000000, 0x0, 0x0, 0x80, 0x5, 0x9}}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @private2, @remote, [], [], [], 0x0, 0x7863}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xd8, 0x140, 0xe4030000, {}, [@common=@unspec=@realm={{0x30}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x40400, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
close(r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})
executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe2$9p(&(0x7f0000000240), 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
r0 = openat$kvm(0xffffff9c, 0x0, 0x41, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x4}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x440, 0x6, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], 0x0, 0x200306})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='6\x00\x00', @ANYRES32], 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xfff3}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x80, 0x4b6, 0x401, 0x0, 0x12, 0xfffffff8}}, {0x4}}]}]}, 0x48}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500))
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="090000000300000004000100", @ANYRES32, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$ttynull(0xffffffffffffff9c, &(0x7f00000001c0), 0x103182, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$KDSETMODE(r1, 0x4b3a, 0x1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x6, 0x2, 0x0, 0x2, 0xffffffff}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd}}, @TCA_NETEM_RATE={0x14, 0x6, {0x1, 0x80, 0x7, 0x7a7}}]}}}]}, 0x6c}}, 0x20000000)
sendmsg$inet(r2, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)="f4f1ff34255f0e634dcc29", 0xb}, {&(0x7f0000002280)="55d83bd90fc95102a98ce7a7d33d191b4018adb7c1633ad06e09ddb7caf99e98ec1516a5aadcb25784095959604f5eaab8ae6634bc29e2d6fee809ccb9363b1e73972a254570226b52e383eddcf9402ba1e18e507c38a73dc4039d6d19a692f2755b7c22b5fefe2703bee0678a36a57071527162d15b0c2dba1a1168b9b60b8db415561d6aec08f82350c57c5c42b461d103ff0ba2a032aed95465c81d92ca8461b949c9b8f368aa43a046a0cc8340e369892718e78d519c3172ca68523305695afead8d8108b320d38acfe30acf10205317ab39317401bab0a32305a77cbf349e0e3afd0bac82b1433dce7af172391f06942b98ff7f78dabf7d0ff44faf4d9735d99720a7469949e5ca1eb084bad91319da4c79a9d59b1933e77c06038e265d96044d4213c4f2e17444bb8031c5400962a706504e917455debcb350c3f5a1b0e9c407bd477e55e5f199ef6a63cbcf4a3239ee5a92de569debaed989d6906648d200629924e85e5733f55ba85bcad8eaad6d81afb5c0d494edec0ebbdc5a63381a7f1e555471bb9076e33101d8c5021def1ac26c9b67bd86d09b379479ebbff9c9ea3ef79e88f61893b76a93e211989515f31f2f88bb966ab04a0f649e99a0b0c054aae4d018d44ca39f4b3471edae1fe665f433792ed8c66f2b05dfb4bb8170a032d43f2604baada4d9f9d9e182de56812b484c60cbd8d7b4028a847c09abb991f97d540b5475d5b32f6399427f2fb4fc893be8bde9130b51d7a93938507a0c5272197b6580645c3fd3789a0b180545f4f9dd6732bbe5f546e692b9be0b16b38b383a9a19970a6946def0d9afd158f07c6adde55410790208db837cff10a124226d12fe24e4e1002ad255acc7f0aca6617fb823fc5fb9cd6111ac25a2f962c5ffc3122c8b6817589d46466f0a3a041be681b3da7e3647b97980b0eb3814e375b5194007ddbdd3106a5388138eba1660db573abb2f46c6bb1c3125843974030ef09115d52d87e2992890b19a9b430a110331b77b3fdc458f66b40704ea7c7a62353d835e208126fb1634a76121691c53739f3d77e059b394010aa2166cab06400fcbf40040c9751b77faa25607bded1543b91265e25cf0a7477e97b5cd48e889b2aa17bdf17109e79620bab4084871ce24feac4af0673b140063d81f16cb4da3532ef6e914b56c28321460842cf82a1c48b7d0391a9272c9e656d24088fd698eca138b842bee5a5fcd278c0837d824bbff6ee7bbd3c0fd14e8a6d8583aed4d42aaafc2cbe8ee412e111c91deeae202c56c061461beffbdf61451960a64abebeee0ee3ffa59d41c395368eb14b6075e16afa374d2e5335abebe43dd5fa4f403e9613df05fa48e9efab177da804e125eb17b7240cb95011bcf86364b8ef5ff7c249021870cedfa6dbc7397b6e0caec99697df7a91ec6dd07f6974ec9214ce163e63eb297dc00d772464c6c9d842705401b332ffa7dbbd6332565875e41f0a76ead6aee9de27eb7a8944692b308a27c68cfefa6dd90ecc93878129bff6f6f8ab81200f93dd34fab15dfeef93dbaa1f522cece9b7b56b4ec8c212bbc98dc8dd8b1bc16c50cdb8d906725f849f015bfb7b1651805fc486d3ffaab367660c459b1e5762e18ea4c3c381c3de86040e4713f33423b8817f486cee38814a4d650ea00968efda6a12ef8c86904d4042a46dbbd9c6858bdd3930bd3d62414d6e5ea25582c8183c1a199b7c634849013f0a44f509b65681961edbf5d5cff0b5e9c7c7ab1d75e758e9ecb34ac59b916cca556c9fa1b63a644fc054335b4e63d2382eef4ad624e83beff86dc99ed714a206257dc63423e3e796ec722c6928e7872f1d7f92b1331ad490428049e705bb61722fa85fab971de2269ddbec4460e484d979d851ddf9e0c7205fe1212c54fadbafd21d88bde2cb23d701d2c023f17e99010a965a7353199c39cbb1f2a08041bce13a0997beef575282bee387e37aea490febd5da84164102fc3eeba772690ccf02a690cca800a74da63dab4774d1ca0c17f56b0bee3867032712ba9f3f6159d74280248141dde46cee0bbc06a914f5aa744b343454b667ce342ff826532a34ba1de1cc349132bef6a7d7559b4db1c2b696b2b929d9345142ae449db008c6d1c9d3c875f7c7644658aef5ccbf2a36d0aacd60901b4e8fb51e53f56da5f6e074e283839f653c311f2f891e4ba3757abb5277f074cdf4ca37c2fd81255c1c0430652f23fe958dd8ea3ed149a29206ef79201a617fa011f4a93662e57d82c80b9a6fe2e618a1e875c95b591ccdb1a095c9d76dc4a033c711cdf491a71f49e488c83871538afa6c368619440579253506d8b7a100347072858e3130aa9a6e0127e405799a13ac677300aeec0afb7f2ef392ccb6099f4c5dc8003b2adb286c9573b15dd7b204cd28cb122ec892618351422d23651b6dbfad134a452a96e4b27908a984abd036bf4ab646c782cb03e7c11691aac6538cea9c04144d9b7b9ad75f1c37d6b4edc6bc5dfcfce2c1f6b17bf89a012f2ed2788f50b74eb06b8e82434f6787235f2b2c79e1c41b925794a2ab08483de34135d9122d447d2939148abefbce8bea5ccce58e745b5bcdd1c9770b1c0cca1a2cf6cf1c1b7531d41b9494783d984c437576f111564c58e906b728c8d12bedd29ed230eed6d0b1b953c6d65c98c537c00ceb8ad457ab0954e103c37872cc1fe755e0e64c2d870b166bc44f503ae0685ae7495fd0079077b4df1c96decef5accd7f51ebe196483a310ecd3c17d419df42aed3925d2f28ebe74d0d9b4c5e041cc2687e0c881042674bea8a85020392ff0e5d6eb31c9ef475ccf41e2ec83d6351b97081aabac59bb932f67e727650ddd5a451672024eb3351ca7b46b31fa929284fcc2fe9a4e4c50014058c85e0ed526153bf5353ba5d45142cbc17953b684511fb6e836f713059824fb24fbb05d54d024bd51d6a7a54dc4b25008ebfc870ce7522ad05e6beb2c5ae0a127f898fc1fdd69de292ee967051cdd0c9e853beaf1e4309a415924f910b6aacde745d1fb9461e71562e377d2fe5f03ac7af7a5bd75417bfc071a98fae9f6df6e6066fef8ca3213f0b5476641517b5ec600e66564fa41072bc56e961d4a0d6da9a4c9f5eea59559fa397f3d4676fa3934dcc8edcbdadf14d074f07597efd2d8d8e5c577fd5263c8e15e36878bea65bab5163afca08ec5a900e81df25a22d25a6779e7c2ff01178cb53842e022dd63a954de1fd9179e3aa9badf0a38dfcfb7e7c95a3a348936a86f001d0ed127006f3c8a6670fe7331a75c66f2d12f0dd979a4eb3a0da0e3411c9cdcba542ba277711151ab6378c2c66f7c8af51f8067e7919d6a0ab661ee4b8952a0073b244abbfb86ff0c3fb8219c32cf5705b124f5dbf02295f4c2ba32626319234d09f8413bc9db241811f6557e7395fa73f4054b1ad1f395f425e761a634e647ca6001deafa5d4fb06d018bec56cd5e35da6081d946ebd180f48693ee8be785f9bd784fbe2d99dd91b315708ac83bf471d476cab51918f76a24291791f56e0e2892236ef478420e9151d4ca4bf50d926efc3f95ffc9bcc77fa0c3daba614731e96e61e6c619d1f4c31e6d4b25acdef82d3f75c44a680749527a09c1bb4936497f304dc2a6d8d2cb8a30f0014ca02cef7e0e690d54e752de433b69138a3228d3251249a1e543648e5ce269077195db4a5f76501845e0ba17838d3c8869f20b493fdf76d339d033952d53bb1f380d086159ea28a719bbd3bdec86b4e8d48b26dc58c4157f8461dbce40e47793e83821a0259451cfdda5fc5ff1fc96e4b25a330e6d11a99530fcc21fc81f1adf348f85eb7a6354b2e389047fbf49fcd379b2e4bff11470d0e3a727b5b9d4a325b231859bab9bfd194b18da7841fed2ceb699498212a941a6b0a553d096d47ff07ba9a52e8fd221c1fe626f3804f131517d7d3418e6e56044ada5a62cd5d5f7038ecae3f398d2d036979cf47c31627d57a48b3c72801113dd23edfb4515d156c76fbc964d888689bcbfc4666117d1b0d527892e32d2d68727a3b092a441f2f5620fe4d227550447ebcf1ae9dc2cd9125918ea612ede7d888dee7075f7f9712ea67c049db939d35d63dea84cd948c0ac5e79bf0d0a42470c98ae0d747a14fc7de7f35a5186096bc4e3171ea09f6f2af2bbb5b205fd45784e8936febb17162988b35baa22d2506518281e4ad362bb2e2e0f87d9b9866f2ca80072abe8f533bacc06a6a6b8550b1353ce9fe5c076f1e587c95be3c3ca7c3b1000c5e8cb1bf961542ab5eff8e0b1630e0343dfeea322f55a8a63ba1e21d48ff00ccc5ba22f95168d2db84adb69f34767399b998727115c79e58f7650eda101128e64317a863f56d2f82fd07fbe5706ebc8f63ce555793ef8f8bcddbabedfabe58e3501c2f7b2fcac0cca351b8d3f027c76e16078024505ddafd34726bb85c6fb0e05910fbcfa9a143805f7d28e6e5431d2e5e5c9d8720342d9ffa25e0ce987a6044ca163c70a48d1f8fea6ae7b18bb44518ff0ebc7b57e0ff82a1c2d7698431dba267bad0d71d8226441810c557395808469e1064ea442b1e2b566f352b1c74851f841eff0c6763d660c804b137087d3c1bc4659d58bf893a091cd8311292092e8206bb4116b798970017d83f95ecdfafda6c248cd1890461684e8fe66026af83f0005ffa6b24dc48f19e9a588853942e385c0cb616981fa06e09cfacc7e64285ad0b34f410bc4822c171511fc79ae1a6da73ea9bc75021599916952925798adac7e4a1d7c39f93f7492620c3a91017dd3e09439d7f8f45e197a0e4e02729f571a2c978d5de84c095c6ab73abf8e660d92aafa0d411f67e1b8b3326a62af723165c0e13adfb9d8caa29685efe683734465d8b3028ba8bb1df9721cd971519fd2e80212a52dbaaae00fecfc43728ad03edcc51057c9d684314b5ea2afdac2fc236f04efe90fcfc2f92df743102d361f3b16fa452b28c162c4b715098a9d5a7d1071cf30b06ec1f9e096fae3438c8cfe03aa06d10b133c5e253f32077ac961ad4731ec61d95ee69143a1b0a7cb4ecb1a931689e378aac4e04d4c68d37004b53d49b58f7ec60f2c359890ada8f205efd222b840a13a3136938dee0feadf9e3799aee056724aa31dd93ccb799a5a13f555abe17c5cfd30719473933eb093d0ba910e3a3f92b3cefe8612065455683149d9c8e2a3b3be9eaa522198d2bb94ebc0a0e461c415803c97e260119932f0c1698b4b2792a646a40eb2c187804144cf8269017967abaac57844b7e82e9daa0883ce06b4488a24fa33885ac34703a7d94985ee447dc4cd4263facc373331310e2f04df0944ceb85b0302ace8d0554009b4dc1387b86e1c2561935bc35dc37493489edea072bb0875ecc1f20aa31869ebdf9aa83a25b3ee8cfb6ec276b03e5cee6ee221b112e2a07d919883f908b40a7d16037c8b5869e43f21024649ccb3e6e08c890f05fbd95441f7bfd62a5e20ba2b2672ca5323f4c295bab0039f5b93d43e5c228755a29f3f533363ffb1a477f06c7efd94abf76bf3bf8e36139d8cd4392919fd7493fafb042d50e88cf2935f11e6956234a9a5e2f4ca533c7e48adf4b81e99eb0e9b907dc2054ebd7bf17aebc5486a0737b971b022809d4e2753f98c7bd5c0f04cf20da173a3b9c66e31e67c901c97dae8335bc5d80d364ce4c58a81c3363f4728894e8b05dcba45b37f79ad93d080507a9ffa8fae7223ddb5337eb03bc37cf931fc3acaf9b4e08f9cdde03744d6231b76d0b317d8c320dcd1def6f69af4cc1e676d4a8d8", 0x1000}], 0x2}, 0x0)
executing program 0:
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000080)="366636f30f09c4e12f10c82e260f01b600a00000663e3e2e64f2450f5d693b410f233a410fc774ca18406f0f01c447091c00660f600b", 0x36}], 0x1, 0x12, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mlock(&(0x7f0000001000/0x2000)=nil, 0x2000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r3, 0x11, 0x68, &(0x7f0000000340)=0x1, 0x4)
setsockopt$inet_udp_encap(r3, 0x11, 0x64, &(0x7f0000000100)=0x2, 0x4)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000400000000000900020073797a31000000000500010007000000050005000000000014000780080011400000000005001500030000000d000300686173683a6d"], 0x5c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0xf000000)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='6\x00\x00', @ANYRES32], 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xfff3}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x80, 0x4b6, 0x401, 0x0, 0x12, 0xfffffff8}}, {0x4}}]}]}, 0x48}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="090000000300000004000100", @ANYRES32, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 34:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='6\x00\x00', @ANYRES32], 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xfff3}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x80, 0x4b6, 0x401, 0x0, 0x12, 0xfffffff8}}, {0x4}}]}]}, 0x48}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="090000000300000004000100", @ANYRES32, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 2:
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c643c, &(0x7f0000000300))
mount$9p_virtio(0x0, 0x0, 0x0, 0x14403, 0x0)
close(r1)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0xffffffac, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002600)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="a132", 0x2}], 0x1}}], 0x1, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/206, 0xce, 0x0, 0x0}, &(0x7f0000000540)=0x40)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f00000003c0)={0x28, 0x0, 0x2710, @host}, 0x10)
executing program 2:
r0 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)) (async, rerun: 64)
fchdir(r1) (async, rerun: 64)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) (async, rerun: 32)
sendmmsg$inet(r2, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) (async, rerun: 32)
bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x4eb0, 0x10100, 0x1}, &(0x7f0000000480), &(0x7f0000000040)=<r4=>0x0) (async)
syz_io_uring_setup(0x7b9c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000000340)=<r5=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) (async, rerun: 32)
io_uring_enter(r3, 0x48e9, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f0000000b00)=0x7) (async)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000080)=0x3ff)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000180)=0xef) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (rerun: 64)
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000100)=0x5) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r9, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r10, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') (async, rerun: 64)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x410002, 0x11, 0xb}, 0x18) (async, rerun: 64)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
executing program 2:
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
lseek(r0, 0x9, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f00000001c0)='\x00', 0xfe3d, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0xfd, 0xfe, 0x0, 0x0, 0x5, 0x8b, 0x0, 0x0, 0x80, 0x0, 0x0, 0xfc, 0x3}, 0xe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x14, 0x22, 0x1, 0xfffffffc, 0xfffffffc, {0x2}}, 0x14}, 0x1, 0x0, 0xfcffffff}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg$unix(r3, 0x0, 0x2)
setsockopt$sock_attach_bpf(r3, 0x1, 0x23, &(0x7f0000000000), 0x4)
sendmsg$inet(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180)=0x6, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe1, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x30, 0x0, 0x415e01c18bc11981, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x8, 0x10}, {0x7f, 0x3}, {0xfa, 0x2}, {0xd8, 0x3}], "fd0ee3f6bd3284a7"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x40000a0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00')
read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="03", 0x1, 0x24008844, &(0x7f0000000040)={0xa, 0x2, 0x398, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bic\x00', 0x4)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xb, 0x8000000000002})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$P9_RGETLOCK(r7, &(0x7f00000002c0)=ANY=[], 0x200002e6)
fcntl$setpipe(r7, 0x407, 0x7000000)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r3, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x0, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0x0, r5, r6, 0x2e1, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r8, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r8, r3)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r9 = landlock_create_ruleset(&(0x7f00000000c0)={0x1400, 0x1, 0x2}, 0x18, 0x4)
landlock_restrict_self(r9, 0x0)
r10 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs2/binder1\x00', 0x800, 0x0)
dup3(r2, r1, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x50, 0x24, 0xf0b, 0x2, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xffff}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x8}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x6}]}}]}, 0x50}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x68, 0x2, 0x9, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFCTH_TUPLE={0x1c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @NFCTH_STATUS={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x5}, 0x800)
r4 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f0000000080)={0x0, 0x6})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2d, 0x100, 0x72bd26, 0x25dfdbfc, {0x6}, [@nested={0x4, 0xd}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x0)
executing program 2:
socket(0x10, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000c, 0x31, 0xffffffffffffffff, 0x80000000)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
executing program 35:
socket(0x10, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000c, 0x31, 0xffffffffffffffff, 0x80000000)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
executing program 7:
ioprio_set$uid(0x3, 0x0, 0x4007)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 15)
executing program 7:
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="1700000056"], 0x1c}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7fff, 0xf3})
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="1201b9000000", 0x0, 0x0, 0x1, 0x0, 0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$AUDIT_GET_FEATURE(r5, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4040}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x10, 0x3fb, 0x2, 0x70bd27, 0x25dfdbfc, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000480), 0xffffffffffffffff)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
signalfd(r1, &(0x7f00000004c0)={[0x200]}, 0x8)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000ac0)={'wpan1\x00', <r10=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x50, r8, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_DEVKEY={0x2c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x57}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x50}, 0x1, 0x0, 0x0, 0x10040}, 0x4)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r8, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4040090)
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@random="8580f83288e1", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x1, 0x5, 0x1c, 0x67, 0x0, 0x2, 0x2, 0x0, @private=0xa010102, @broadcast}, {0x11, 0x81, 0x0, @remote}}}}}, 0x0)
bind$can_j1939(r5, &(0x7f0000000380)={0x1d, r6, 0x2, {0x1, 0x0, 0x3}, 0xfd}, 0x18)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_CHANNEL(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r12, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r13}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x20000000)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r9)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, 0xc0c1}, 0x840)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000004100), r3)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000440)={0x1, 0x0, [{0x2ee, 0x0, 0x8000000000000000}]})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0x7000000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0xa1ffffffffffffff, 0x0, 0x840}, 0x0)
executing program 7:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 36:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 8:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private0, 0x1, 0x0, 0x1, 0x0, 0xffff, 0x6}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0x8}})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0), 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20020, &(0x7f0000000240)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB="2c00570d9431f9d867dad023a4b66eaca765a7be2827b0b9f4fa47fc9f32070000b1928ec9621965e68ff46f3b2e94ccfde49466450600582631ec3f3baf3c3a6dd0a2bd44"])
listen(r2, 0x0)
r4 = gettid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000080027bd7000fbdbdf25cf21b417", @ANYRES32=0x0, @ANYBLOB="00000000234000001400030076657468305f766972745f776966690008001300", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="7472616e0f0066642c7266646e6f3d7f1c1f68a431d45c9f777392b537a941bcff6e3edf073bca5255ecdd597f2303e16475676951419216b1fc0a62010b00f5f4c7a335e4c13c1cbe26d70443c97773d9a1d66d7094dbfe614e3e964dbc96c44cbe79c8c0686acdf73a95a1ec23135910731eddf572d4b60759c5932c4c7f8c04a1d4dc6dadbdbbc7d895050000003b904591c7a4c81e", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',\x00'])
executing program 8:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x1100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 8:
ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, 0x0)
openat$kvm(0x0, 0x0, 0x2382, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa4, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002680)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xfff2, 0xa}, {0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syslog(0x9, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syslog(0x3, 0x0, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa07, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
executing program 8:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c00010000ffffff9e00000007", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 8:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000011c0)='./file0\x00', &(0x7f00000004c0), 0x1440b, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141082, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 83)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001980)={0x1, 0x0, [{0x4, 0xd8, &(0x7f0000001a80)=""/216}]})
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000280)=0x4000000)
r5 = fcntl$dupfd(r3, 0x0, r4)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000080))
umount2(0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000000c0)={0x1, r5})
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000640)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
preadv(r9, &(0x7f00000000c0)=[{&(0x7f00000004c0)=""/127, 0x7f}], 0x1, 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r10, 0x4004ae8b, 0x0)
ioctl$VHOST_VDPA_GET_VRING_GROUP(r5, 0xc008af7b, &(0x7f0000000040)={0x0, 0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x9, 0x3, &(0x7f0000000000)=@framed={{0x1e, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x30}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r11=>0x0})
r12 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r12, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x78, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME={0x5b, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @initial, {}, @value=@ver_80211n={0x0, 0x64, 0x2, 0x0, 0x0, 0x2}}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x60, 0x1}]}, @void, @val={0x4, 0x6, {0x0, 0x0, 0x1, 0x2000}}, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x1, 0x2, 0xa, 0x60}}, @void}}]}, 0x78}}, 0x0)
userfaultfd(0x80801)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x7fffffff)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
executing program 4:
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x33, 0x2, @tid=0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002600)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x18)
r1 = io_uring_setup(0x3226, &(0x7f0000000240)={0x0, 0x60fc, 0x200, 0x3, 0xf3})
r2 = syz_io_uring_setup(0x82e, &(0x7f0000000500)={0x0, 0xcd1d, 0x10100, 0xfffffffb, 0x0, 0x0, r1}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
r5 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$CDROMVOLCTRL(r5, 0x5392, &(0x7f00000004c0)={0xa, 0x5, 0x18, 0x10})
syz_io_uring_submit(r3, r4, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
io_uring_enter(r2, 0x26c3, 0xdffffffb, 0x4c, 0x0, 0x0)
executing program 4:
r0 = socket(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000280)="7800000018002507b9409b14ffff00000214ae04020206050a02040c430009003f00040510000000370085a168d0bf46d389516a9069921a4b0005000a00000049935ade4a460c89b6ec0cff3959547f5000000000c902007a00004a324004001600040000d5808bd3e30a37e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000b40)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xdf, 0x17ef, 0x60ee, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3c, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x2, 0x4, {0x9, 0x21, 0x7, 0x8, 0x1, {0x22, 0x564}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x10, 0xf3, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x10, 0x1, 0x4}}]}}}]}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000b80)={0xa, 0x6, 0x250, 0x1, 0x3, 0x7, 0x10, 0xc0}, 0x5, &(0x7f0000000bc0)={0x5, 0xf, 0x5}, 0x3, [{0x61, &(0x7f0000000c00)=@string={0x61, 0x3, "fc2d5ec17db00226c08c5d69ed913726c1b2800501893790b737fe1612c0256b5fd273473b5d8c02cb35dafa7ef41da79a737361f8c9d8c0d35fed4ac381d2f78b65c2a53c6c4cb37de8fdc9d28ce714566579f40811cfaeb5c84741d21159"}}, {0x4, &(0x7f0000000c80)=@lang_id={0x4, 0x3, 0x402}}, {0xd2, &(0x7f0000000cc0)=@string={0xd2, 0x3, "ed3166834713853f932237f560aefb4f03700b7083424addefcdc7d5393ee527cc210ef26ceb481f334c4c059598a2f9ddd1104a9a6828d17bbc571522fb1c708d07479673ac8f558a7e1fc1a80d0198cdf0ee6d0933b8a0283bd501262d8afe6fc9191787287712d1f62eece28507e445e795da718975118f08b132515ca53cec43dc83f26d262eedf3b911c8930541a1d0f7f56a02b8d3ae909ff23e7957a9d21ce4c51ee6a376046b9cf180333e80e242996f166aef07e4ec16c2a10dd3f9726a918ad2b21a5763f1f7ad103020f7"}}]})
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000000c0)={<r1=>0x0, 0xfffffffc}, &(0x7f0000000200)=0x8)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0xfffffffffffffffc)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000b00)={r1, 0x10, 0x7fff}, 0x8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x6c, 0x30, 0x48b, 0x1, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @loopback, @multicast2, 0xff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000140)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000000000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff})
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r4, 0x7ac, &(0x7f0000000000)={&(0x7f00000006c0)={{@any, 0xf}, {@hyper, 0xff}, 0x400, "a0bef8f809fdbd794a5876812ecdc0f431e2e967134102e29601a109e8d6a5ea253fda100493f73e13d658b12a3dd0ee2619b2e158b8c1b070c4557ee3d7af4aa2bee609c235eee770aaee45497f554467c6e9d3f26475cfcac907d6b9d7846c4a66e178b7e711e1aa3c48463161dc313e13c58b5b22e077b23a647b4dbba9d052b703693008e1f49a92569615441c37e65f33c121efe1792557ebe6005581e24f47c1ea78ff928b49608b7e9b9e13903f343c17be0054fe54f0d8d7ec55847f847cc5bc5f54ffb48cdd6c4e992054759f155c47cf89fc8a0f48cfcea4ffe70b9fe7385805918d66fec51601c1ecbbd2d4968fa2ee1cb00bb49ae093b25d39cd0010349f9c63e8fe096e6f8afd79a91d6d0d16e0437fb9e342342795b94ceefe593cbf02d29e96b1f24b13cd77a1846e1bb48e2598c86b2c792fdda2200ebc4e4dd451afd893f7d56431141b1a3a783274db59e9b6e0433ef25a2bddb33a27bce4efdca9d10025d6dd659e7f2a57d3388cf7586814d510bb27139a7354ae00d731bfd4ef92d07469a83000d1850e84c47be45cfa6ddc6a85d6f733a6a2c952966ab3ed2a577de6dba67623b3f0e95ec21f0f7f8f8ffa4214f82dc15951b8186335578ce37d126681210eab215969b3d288e68dccb9772dfc9ae4c64b5ee5e120e90ba3685b2c7f83dedfcea4a974cc5720ed4eafa2b32bf03ae60cc716fff174a71a2ff4398e7d311303752c6b60572a9d4c50bea69e11f8ad4313677866073ae7780e58284e50e2a96e3d1b7c5ed63c9ca828961448d6d0240a7fbb458fd4ae04f42af11fb5a724be40a5ab6cc51eebd1d06cc1bb000e875db0030cc7c28a19f06dd362e774598e9669db5aaa732e589ecd57efebd3e3bbd87e6e8755cf41f97867085cfc0c13249180c5c4b0259c26f0e3a02da75480e52efeaee4a83458268362ee1e305cc3da30c43c7d25f80eba5d5386e08ecc4cb0a5ae4ddc8a7555a92800873676a1dcec504174f2bb2dea5776fbe3e8055d8918bb8589f9dd023a058a8b4fbed59a6cc78ef07bdb8f7b1dc77f1dcdc5583ca5a5dac9c5cff92a561b9ee1d8c7af343e7550c565a766299030a8e431edf48d8cd122ecda6182efe0dba76208af12a5539ed51991ad88cddca65043c0dde225d8602a783de11b636a7624d5002e27a2aed5963b0c40a80162a9449396190dd0c15bbf9fd35808a6921efb066f0924a4fe18f5cc3b008671dff827064e16e1a0589cc2bdff95a7987287955ecf2a8e8184d506ec4be628d93d5dad068ca02567388c536e23e5d36c74e9fa429279c09e29e5164219c81e2167cd01dc4ca5ff739ab6355ba1f0b84db5f2a939fd58e0b3a32a15432d77335eaee2a081699c0c865c03ffebb4c9a1bb041b164bea76b87ac63248bb570f0761c7b6eae686bd9a3f1f42bfc2961da5e11288"}, 0x418, 0x6})
close(r2)
setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000000), 0x4)
ioctl$FS_IOC_GETFSLABEL(r2, 0x541b, &(0x7f0000000100))
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)={0x7c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x5f, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @initial, {}, @value=@ver_80211n={0x0, 0x64, 0x2, 0x0, 0x0, 0x2}}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @val={0x4, 0x6, {0x0, 0x0, 0x1, 0x2000}}, @void, @val={0x5, 0x3}, @val={0x25, 0x3, {0x1, 0x78, 0x9}}, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x1, 0x2, 0xa, 0x60}}, @void}}]}, 0x7c}}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
userfaultfd(0x80801)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x1f, 0x19, 0x7, 0x12, 0x3, 0x7, 0x1, 0x58, 0xffffffffffffffff}})
executing program 5:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) (fail_nth: 30)
executing program 5:
ioprio_set$uid(0x3, 0x0, 0x4007)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 30)
executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0xfffffff0}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 6:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e) (async)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r1, 0x40043d14, &(0x7f0000000500)={0x15})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x42, 0x5c})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r5, r4, 0x0) (async)
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
sendmsg$kcm(r6, &(0x7f0000000a40)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)='}!', 0x2}, {&(0x7f0000000340)="f9a0549cf662e946b8f574a2378c21d2b59f99c203d404c92806", 0x1a}, {&(0x7f0000000380)="37295c9d448ae9e58e146a23c1a2c29e3409c78e9f168891b16689a17be4812746e33820a97f302a490149ac613afabab70c2b", 0x33}, {&(0x7f00000010c0)="bf8673f93c9e8e0fcd1df8608b208112f11f0a185d1f021f65a1a48613690bc9d20c5cbc7f40d4c21d3777c508fca4fd3c93c3f8f4d9c4ab4beb62e898b12d1f5f394714ed18cdaa9783802008f4b7eae635901cd25ab35cdc4d96247c3d18d1221a808106ae1fa3a68985f8fa47c076143ca3e58826781e105e261e9adb40b92fe8e7c33fdd21476f33daef386367ef340c3a1d89da4042c96cb303edb91f948e1d9975bcfbef79548e110ba28748974d923720397ff60a3048a0fe5851686bf2ce8ad8ce76a2c46dbd954d80eb7df68450fb9b959f8e2662197966686299015eda6eb5e5394b1bab8cc727023664ec0387905b6151a550d170491b9391ea54dd1eff86b51693c9ec9a05b9fe052d5a28a0c9137dea02178eaceb8f4e4123b60e2043f190efdd69de76c5d5124a48694700f979fbbceca2ef2558f7bf5ddf99104d78d5df3f6b606fbb4190682ef203e214c0942e90a1b255450b2c99fdaf10bcfc2854bc2b80175aa1655e9bcefd2daad45378e70187f2df32d0c0fbc30df592dd89af16ac8528c84c64011323813fc82879564b780a6fc8ad98c91387781d06f928a0592a5399d9cd8d02632ae462312264bf3172191e4ec4d3c41e82e3d870e635252941686f8990261ce522474e905bef9d0cba4af98cf1a8adb787e9241dc22bd84ef1a4b4db89acd10ff2e62b015881d1116956d7a1053a1be9383d7ca4d28d2c38d25322714555641533e5864a4007453faa8a350078bcd86f9e9ef05efda5933c84af454bc5d6472c93cc0c9c9d35ad155192a00712808d64b260d0fbf967821b76a16dca3509901869dd0fc35a4fc1824179661b26c86d03e65ab28a560efc33bda06ecf4ea5964c1a0fa02fc7158573bf4be5b8fe2878c8a798d03a0791d3b9bbc3a42a57f8d8bda0c0498956d67e89da57d1142a35fcb34043e0790f3d666e1922a1f249cea1bdcb725e539615fbfa0c862fe670f20a407cfc077db1a36b6e5016bfa7d3bcce0bdef8f81514cbbe4ba26079cdb0aec0f726dc7636771e2f7b2e01ba2c66e1e1111e771d3158dfb4b28f336d218f8c998b2f8775489ace3dcc01e3aa66b310dda331d08a0edbf3c7ac2edc836a1244adb67d9fd755d519d6bbe26ef7f396c63dc3ed94234159983a33caab125ec52c3faac6942ae70a521ae6606d3d2ccf3a83c4c89e64578b54c8d4c1c672de13519d2103bdbb2ec3e104d7150a660120e0c67231408352536a8be735d52e1bbbdef4d76fd11dc173b9a5745128295c7ed43ac31011e0d033818c90a55eb3ca834eb7369c39d197012cb5bdf53bc68c55bb9d2ba64426f439a46cf710cb78e6fe76679e6ddb2f5a7bebd2267a23e0d04cce8dd83eaaa7dbd12a8a6cf543f5f27794b89118d38bd59fc4e26ad1ca28c531b1c2e47965a49eafcd6aa8859dca68c52ff469893c7d1759f838de06280c3bae92f0c46f92b897ad5affb0e61f316f3a772f5f860a407043011c08149d6614902e29d0fdcb2f334473269006dbfbe99c437ec4ad12b2e66c32e72cd77f879b0a963c3191f2958369dc64843d380e4367ea23bc01444236e5b88c9b28e338b7337867d1078a08fc350821af624b0adfbdf8506411229e80f8e6a610977b20f4f1030b87a47c6dbaf621cef706f2303cdd0b38ed24e00cd937b69d03311228e9d313672113acfc2ce6c3aff6375b56ed54c3bf848558ce7c0236d82a987f9bc68c94c282ad0d0bf76f005f917160dbdff9c59635710ee4ae6ca4e346309a6e4ceb50515852625ce2ac1d4dbcc1a2df53fa2e65022759deb4dc163b83ca2690143666edbfdbe78f142c54f24564350f7d2db9d26cc0770f693b19c950c6a6c7052c08820d587f1f543b024dbe688d6b17c351264fac7302a65174ee5492c10861ca7d559d3ccb430ac621e5766044a01728a4216bb9063b3051a7a96567e89ec253448e558c8b521e29ac64bb77ab4e4bfce12ee470dfdfdd150cc4031e593ea1a6fabc3ef93464f819321970bcaadae62130add21bcf64780d11072f64441eff7660cf018b8837972eff8b5ecaa4f03c3a71356adfcfdabf0eea9bc4009e5c76cd1b35f0c508ab21e68e1d0effc69a56a5806c3253cbcf7eb01575b1b99bbc59b33489a64651de1830f93488a4e464f19ba287ee9124f95e0e61db43f8882f350f97590b464e4e1859480e4b4f420d8e8a9e045a9a0b420bfffe7b6d6945065c4bbb9110166752e094c686be94bc983e99e49a9be1e455bf181d6c1e8991529dc985359fb55112b173bc1c74f15d29cd91bee6ded9b9e29d02feffeb9f6c7f4fa9186891fd719ee98b50578f859957d93982a31560cdfc961f45b57859dec0df7925b12bb09f1224503c9dcbdf1942dae424bf6950ab1bd02b015ff1ef4346e57d5d623fc4b152ce5471964567738785e99a1dd146cebe1d50ba9ab341025c24b4a1423df4e8cb10c82f9afd0f0b7d196f1e7f47136489a3088d9eb58920bb8c5ab00811afc186c59f7f0c7ca3e9d79965ec21ad87532a16cecdfc669bcdcd380502c49b9a8d50df21bd58139e4e7584f8ce1cdf6315cb504e3173a6caea099a234d20b268a602b20c5e90edcd45240022e2f0031efb15bf84770db7590209838feb3cedfd3ec601dc66da2ec168e54dcb2e885df99405eec8af40e69b82725f337f7dc2c669cd0ef1f5446421afeaad087c8528090cdbda0254a11e354c9e83e2bc90fc947f2138986c031e06c5f58330a0755d9fb24664983f90308ce77a0d583ac1fb3494b5e1f11077bf35905a6e899ec91b46ffe2a375fdd6fe2d0635dbc978f0a95c99ece8c9b476125e904e5805e386b21cd4c5e11d8d33b8574eac23132b5c787c775ca2d622fd5a5f6306ddbd088223e0143993d7a7ae70c1c2e94efa35edac35bfea5816592bc60a8c0907a93a6da36a754d5ecabc8258b1fac5439f2ebfe1e80e37b2df6c3f736d6541af1a907f747e3725b2c781104a88899fd834ab893754fd1346b8b900b29bbdf4a42616dacd11f69dd562b8a9d3b6f09df4e52539cfac47ac5f37d6fb8f29a811fcfe38d918cd0974cd0d6d63aea9280c35689a8d9c905ced6fa0881335dacd8b38687c5772e0e93f3a56058b8caf5962bf0866402baeb164b921b5b3828db5b50ccb3f189bb41631b8e0f1fc172cb5df0487f130c78de4e86df4cd8c5b9785df6e5e6d8d5076592f0c2d7e2dcff11f6fc87db70f37522ff8161dba5812d19a299148d294ad23974888a33513ed9ea548843a204746d532e28e046ded15e44847d3e91706347af4dc3b13b10c6dc966b1bea9eb78618b3585168e64ba92642e1434611f75d24571b23f3f7d21c99328f19b5f22a22f3504fdc531d3feb334602304c45558118a7f14e213b51f9c7f68f6f9a7ebb1745b62d6be93bbcc47212b7595c201049de47797fb91aa7cc67a3342354a1feb41bfd0bb802c9d5a30f3ce282e18589dac97a61b71e7ae406c38e3511a24a46954b1a7ea1ba031344cf595a62eed90c439bfb4a02c69619c4f040015e88b4901de05822523ad24551ec71662e8800c1a39d468bfeac295ebc1a73608c22bef6a21d09892c879319c3395e7a2a068f314aee998949156adeae5fa4ca781cb0acec941d9783a991bf4497df914d123043b8d46b7d5588cda6b1a1c1924114bd9c163cd67dca6ef8ac46bfd17bfb6a2309e94355116a2a4c11c11e010522860be97f14aa21388623cd8802c9a06afa3e24682436f97d46ce044bf751dae1d3ab2018ed075d82a3c3e7b2a288970a033148e1ce9a9c1a07b15137d42e76f14c482e2edab1b297668d11ee92cbce25dc5ca936979e48383023ce7e2ba92a75cdaa290f2a9abecd42be860db2a2c887831fe727b4b4e7c4dd44a04ea3d93898b54266070806c13d70265f1c5f715fd13216562cfe7794f329011d2ff46d34cca820da8aa96c1d86073d5cbc68f326e713e82624b0a0fd2e8ce04be4c8cf7a6aa07a91ec35f4e52b5460a2f789aaf5872c0e4a582df7291582b963220ff5dfd9bc353cbc9722e24c9251836039ffb88827fd82938bcfd7309251d5ab68a6de03d6eb167f0c42e68335dfdd4eeab0aa29afbf56bbb89922ab6bd762a7726751e41cfeb291bb425fd9b425af52808bdf0973440e77c82adb0ecdc48ab4591d947198cab761a516fc04f0535a778ac561bd1333954285e5e5b68f4899ab2121e58428067f9c96d76a9b55600ef1b43dd976cb233b31a71be8dff894b84df4321252f64e373cedd210d0f08a0922616b3294c8d59c344e71868a5827f2b6bf93a4a47320ca7219fa3fa7cd0ea41c6cd6f02642320b94051b133bf0eb34204a9e14d9316a8d713f2f52b731a0251b3e23325943bcce2de77007abb16e2593378af98e4bcc2c2aa0505963f7d80b4fa3661457ea8de8d9f313119e65f11dade39a8beb372eaf9fad04fc5ec3bc251ef9d2d0d4930835f508858bfbfe147e2ce3a528c6ea4c9beac9501ccc4d2b2bfa7703a4741450b796fd28a7d8975ae7512422ccf3b71f6a3b4e35e53a076a0b4a95d5090e9492a40ac6c6811641122468888ff7e7c8fcb2b9fca71e6bea5cd0ac74c18cdfc24c6ea3c38044b16959bc06538f1fbd11fb3c183904ae9c93e0576ac68b4c25944f3ff5c779ec288241c1ed40d85c7edce70466f60108fd076a0685728db971011c67520062226fcb8b8cdfc5974cbdd06b31263eb3d865ea86e8f6d31315a7f91882422626e4200bd1eed8f466cbf79bb9c3c634a8bd77d2007a8514976c3b94a1e91aa24553826504f7fface832cc88b508923600a918dbc2bd76a11a81afd36d4350409a33794f1f90edde644d815f24f46bf9fda0e05c910c07c7d93c54d524a4c9e1f2659f85a04d2be056dd60b9510d4eb9ef753a3a2acb1150dcaaf4f139b2e60b1576878bdd0563f163d8efe9ab01b05dad49c6f61e511f2932b997a71fb87b431f528a434cf44313d6b599ce74de29e62369f8e708bc4c82229893012063044304036c512ea4a0786b0cd4e05bb0d51cb38eec8bdcc94cb2b2956fb262398a4cebc79845a11527a75801e18780b8fe297afd77dfda8d410d9f0e07d10bace8422783d0faa2c4ed28f5761be62045701446f7e4ba04f44034270b84cd27fe0247cb2305afc4c73a18b94bdf5c5f140314d1ed1081192164d69d0e750e84590dad594caa041fe2f814c5e3b30a50de827f93516519643adf0110cd813e1d42dbebf199624e72344392c1578820f14f551a3b566d7780eff09204aeb7ee923b0061db8ddb3b47d8aeabdcc7e21390d95feaf7743a43a0ebff46c2486bf81fa01a35e9a947db743b44b451f993e432fa81cb6febafa56f377b46b84ad9ea760bdb529dfc0153ce59d06f5f264fa26b6ba14a384e1ac66c793a7581799177946687ab9dd9cffeb04551dcaaaa5e6c752c26315b47a1e5164d89f92437c42df6248c8e6e2c66d18be0d0c02d5c2ff31d23d5fce0b427b1520d9b68651b0a6b16261cf9f07f8a367bf2451890a5d87bc19ef41350b83a7fb65a49b7d23a5cfbb3b114653731b89c1de8e6fc235adee04faa97b175bf3720ed06c60b3a7ddcdb9c9304a963c35d37083d2f45dd08693af1e3878499797b62c8f748eafefcfc2a0a1bf1aa6dbdcb726f809cd8c4d1277cf73471110af469ade8ce89b93d7c9b4f56f119fa1e70b359d49eca5384439780ec8baa17e6c9f5d8e77c031df0b6ceb898fcdc74310f714ff29b27c22429043af7b4c5cac7c8362c1eefaabd1a441789554176c6b0cfd", 0x1000}, {&(0x7f0000000400)="06aae4e71534c8944b434f564cfee4fcf7e849642416e14f06f4593e59aeee9696160becdf6490c101aafe867036f8dc8630368c05d50662166ea004d155655f285f66549fb662bfb32d078ecfb670fc8a4f7adf0683ab55bdbdfdae90ddb84edf1a1c9b3b1dda4b1da8f62bf0193295ef675fa3b3bea9d27ecbf4556b9d9f5ca3fbb7156540d210cb74ba1587d623b4871564151c59129042b42b7af29403a030ff226de594b3e1d20d3977e4ed493d46729e749dfabd5f4d1da5db4f", 0xbd}, {&(0x7f00000004c0)="0d34face086fc2dd970bd4b839", 0xd}], 0x6}, 0x40005) (async)
sendmsg$kcm(r6, &(0x7f0000000a40)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)='}!', 0x2}, {&(0x7f0000000340)="f9a0549cf662e946b8f574a2378c21d2b59f99c203d404c92806", 0x1a}, {&(0x7f0000000380)="37295c9d448ae9e58e146a23c1a2c29e3409c78e9f168891b16689a17be4812746e33820a97f302a490149ac613afabab70c2b", 0x33}, {&(0x7f00000010c0)="bf8673f93c9e8e0fcd1df8608b208112f11f0a185d1f021f65a1a48613690bc9d20c5cbc7f40d4c21d3777c508fca4fd3c93c3f8f4d9c4ab4beb62e898b12d1f5f394714ed18cdaa9783802008f4b7eae635901cd25ab35cdc4d96247c3d18d1221a808106ae1fa3a68985f8fa47c076143ca3e58826781e105e261e9adb40b92fe8e7c33fdd21476f33daef386367ef340c3a1d89da4042c96cb303edb91f948e1d9975bcfbef79548e110ba28748974d923720397ff60a3048a0fe5851686bf2ce8ad8ce76a2c46dbd954d80eb7df68450fb9b959f8e2662197966686299015eda6eb5e5394b1bab8cc727023664ec0387905b6151a550d170491b9391ea54dd1eff86b51693c9ec9a05b9fe052d5a28a0c9137dea02178eaceb8f4e4123b60e2043f190efdd69de76c5d5124a48694700f979fbbceca2ef2558f7bf5ddf99104d78d5df3f6b606fbb4190682ef203e214c0942e90a1b255450b2c99fdaf10bcfc2854bc2b80175aa1655e9bcefd2daad45378e70187f2df32d0c0fbc30df592dd89af16ac8528c84c64011323813fc82879564b780a6fc8ad98c91387781d06f928a0592a5399d9cd8d02632ae462312264bf3172191e4ec4d3c41e82e3d870e635252941686f8990261ce522474e905bef9d0cba4af98cf1a8adb787e9241dc22bd84ef1a4b4db89acd10ff2e62b015881d1116956d7a1053a1be9383d7ca4d28d2c38d25322714555641533e5864a4007453faa8a350078bcd86f9e9ef05efda5933c84af454bc5d6472c93cc0c9c9d35ad155192a00712808d64b260d0fbf967821b76a16dca3509901869dd0fc35a4fc1824179661b26c86d03e65ab28a560efc33bda06ecf4ea5964c1a0fa02fc7158573bf4be5b8fe2878c8a798d03a0791d3b9bbc3a42a57f8d8bda0c0498956d67e89da57d1142a35fcb34043e0790f3d666e1922a1f249cea1bdcb725e539615fbfa0c862fe670f20a407cfc077db1a36b6e5016bfa7d3bcce0bdef8f81514cbbe4ba26079cdb0aec0f726dc7636771e2f7b2e01ba2c66e1e1111e771d3158dfb4b28f336d218f8c998b2f8775489ace3dcc01e3aa66b310dda331d08a0edbf3c7ac2edc836a1244adb67d9fd755d519d6bbe26ef7f396c63dc3ed94234159983a33caab125ec52c3faac6942ae70a521ae6606d3d2ccf3a83c4c89e64578b54c8d4c1c672de13519d2103bdbb2ec3e104d7150a660120e0c67231408352536a8be735d52e1bbbdef4d76fd11dc173b9a5745128295c7ed43ac31011e0d033818c90a55eb3ca834eb7369c39d197012cb5bdf53bc68c55bb9d2ba64426f439a46cf710cb78e6fe76679e6ddb2f5a7bebd2267a23e0d04cce8dd83eaaa7dbd12a8a6cf543f5f27794b89118d38bd59fc4e26ad1ca28c531b1c2e47965a49eafcd6aa8859dca68c52ff469893c7d1759f838de06280c3bae92f0c46f92b897ad5affb0e61f316f3a772f5f860a407043011c08149d6614902e29d0fdcb2f334473269006dbfbe99c437ec4ad12b2e66c32e72cd77f879b0a963c3191f2958369dc64843d380e4367ea23bc01444236e5b88c9b28e338b7337867d1078a08fc350821af624b0adfbdf8506411229e80f8e6a610977b20f4f1030b87a47c6dbaf621cef706f2303cdd0b38ed24e00cd937b69d03311228e9d313672113acfc2ce6c3aff6375b56ed54c3bf848558ce7c0236d82a987f9bc68c94c282ad0d0bf76f005f917160dbdff9c59635710ee4ae6ca4e346309a6e4ceb50515852625ce2ac1d4dbcc1a2df53fa2e65022759deb4dc163b83ca2690143666edbfdbe78f142c54f24564350f7d2db9d26cc0770f693b19c950c6a6c7052c08820d587f1f543b024dbe688d6b17c351264fac7302a65174ee5492c10861ca7d559d3ccb430ac621e5766044a01728a4216bb9063b3051a7a96567e89ec253448e558c8b521e29ac64bb77ab4e4bfce12ee470dfdfdd150cc4031e593ea1a6fabc3ef93464f819321970bcaadae62130add21bcf64780d11072f64441eff7660cf018b8837972eff8b5ecaa4f03c3a71356adfcfdabf0eea9bc4009e5c76cd1b35f0c508ab21e68e1d0effc69a56a5806c3253cbcf7eb01575b1b99bbc59b33489a64651de1830f93488a4e464f19ba287ee9124f95e0e61db43f8882f350f97590b464e4e1859480e4b4f420d8e8a9e045a9a0b420bfffe7b6d6945065c4bbb9110166752e094c686be94bc983e99e49a9be1e455bf181d6c1e8991529dc985359fb55112b173bc1c74f15d29cd91bee6ded9b9e29d02feffeb9f6c7f4fa9186891fd719ee98b50578f859957d93982a31560cdfc961f45b57859dec0df7925b12bb09f1224503c9dcbdf1942dae424bf6950ab1bd02b015ff1ef4346e57d5d623fc4b152ce5471964567738785e99a1dd146cebe1d50ba9ab341025c24b4a1423df4e8cb10c82f9afd0f0b7d196f1e7f47136489a3088d9eb58920bb8c5ab00811afc186c59f7f0c7ca3e9d79965ec21ad87532a16cecdfc669bcdcd380502c49b9a8d50df21bd58139e4e7584f8ce1cdf6315cb504e3173a6caea099a234d20b268a602b20c5e90edcd45240022e2f0031efb15bf84770db7590209838feb3cedfd3ec601dc66da2ec168e54dcb2e885df99405eec8af40e69b82725f337f7dc2c669cd0ef1f5446421afeaad087c8528090cdbda0254a11e354c9e83e2bc90fc947f2138986c031e06c5f58330a0755d9fb24664983f90308ce77a0d583ac1fb3494b5e1f11077bf35905a6e899ec91b46ffe2a375fdd6fe2d0635dbc978f0a95c99ece8c9b476125e904e5805e386b21cd4c5e11d8d33b8574eac23132b5c787c775ca2d622fd5a5f6306ddbd088223e0143993d7a7ae70c1c2e94efa35edac35bfea5816592bc60a8c0907a93a6da36a754d5ecabc8258b1fac5439f2ebfe1e80e37b2df6c3f736d6541af1a907f747e3725b2c781104a88899fd834ab893754fd1346b8b900b29bbdf4a42616dacd11f69dd562b8a9d3b6f09df4e52539cfac47ac5f37d6fb8f29a811fcfe38d918cd0974cd0d6d63aea9280c35689a8d9c905ced6fa0881335dacd8b38687c5772e0e93f3a56058b8caf5962bf0866402baeb164b921b5b3828db5b50ccb3f189bb41631b8e0f1fc172cb5df0487f130c78de4e86df4cd8c5b9785df6e5e6d8d5076592f0c2d7e2dcff11f6fc87db70f37522ff8161dba5812d19a299148d294ad23974888a33513ed9ea548843a204746d532e28e046ded15e44847d3e91706347af4dc3b13b10c6dc966b1bea9eb78618b3585168e64ba92642e1434611f75d24571b23f3f7d21c99328f19b5f22a22f3504fdc531d3feb334602304c45558118a7f14e213b51f9c7f68f6f9a7ebb1745b62d6be93bbcc47212b7595c201049de47797fb91aa7cc67a3342354a1feb41bfd0bb802c9d5a30f3ce282e18589dac97a61b71e7ae406c38e3511a24a46954b1a7ea1ba031344cf595a62eed90c439bfb4a02c69619c4f040015e88b4901de05822523ad24551ec71662e8800c1a39d468bfeac295ebc1a73608c22bef6a21d09892c879319c3395e7a2a068f314aee998949156adeae5fa4ca781cb0acec941d9783a991bf4497df914d123043b8d46b7d5588cda6b1a1c1924114bd9c163cd67dca6ef8ac46bfd17bfb6a2309e94355116a2a4c11c11e010522860be97f14aa21388623cd8802c9a06afa3e24682436f97d46ce044bf751dae1d3ab2018ed075d82a3c3e7b2a288970a033148e1ce9a9c1a07b15137d42e76f14c482e2edab1b297668d11ee92cbce25dc5ca936979e48383023ce7e2ba92a75cdaa290f2a9abecd42be860db2a2c887831fe727b4b4e7c4dd44a04ea3d93898b54266070806c13d70265f1c5f715fd13216562cfe7794f329011d2ff46d34cca820da8aa96c1d86073d5cbc68f326e713e82624b0a0fd2e8ce04be4c8cf7a6aa07a91ec35f4e52b5460a2f789aaf5872c0e4a582df7291582b963220ff5dfd9bc353cbc9722e24c9251836039ffb88827fd82938bcfd7309251d5ab68a6de03d6eb167f0c42e68335dfdd4eeab0aa29afbf56bbb89922ab6bd762a7726751e41cfeb291bb425fd9b425af52808bdf0973440e77c82adb0ecdc48ab4591d947198cab761a516fc04f0535a778ac561bd1333954285e5e5b68f4899ab2121e58428067f9c96d76a9b55600ef1b43dd976cb233b31a71be8dff894b84df4321252f64e373cedd210d0f08a0922616b3294c8d59c344e71868a5827f2b6bf93a4a47320ca7219fa3fa7cd0ea41c6cd6f02642320b94051b133bf0eb34204a9e14d9316a8d713f2f52b731a0251b3e23325943bcce2de77007abb16e2593378af98e4bcc2c2aa0505963f7d80b4fa3661457ea8de8d9f313119e65f11dade39a8beb372eaf9fad04fc5ec3bc251ef9d2d0d4930835f508858bfbfe147e2ce3a528c6ea4c9beac9501ccc4d2b2bfa7703a4741450b796fd28a7d8975ae7512422ccf3b71f6a3b4e35e53a076a0b4a95d5090e9492a40ac6c6811641122468888ff7e7c8fcb2b9fca71e6bea5cd0ac74c18cdfc24c6ea3c38044b16959bc06538f1fbd11fb3c183904ae9c93e0576ac68b4c25944f3ff5c779ec288241c1ed40d85c7edce70466f60108fd076a0685728db971011c67520062226fcb8b8cdfc5974cbdd06b31263eb3d865ea86e8f6d31315a7f91882422626e4200bd1eed8f466cbf79bb9c3c634a8bd77d2007a8514976c3b94a1e91aa24553826504f7fface832cc88b508923600a918dbc2bd76a11a81afd36d4350409a33794f1f90edde644d815f24f46bf9fda0e05c910c07c7d93c54d524a4c9e1f2659f85a04d2be056dd60b9510d4eb9ef753a3a2acb1150dcaaf4f139b2e60b1576878bdd0563f163d8efe9ab01b05dad49c6f61e511f2932b997a71fb87b431f528a434cf44313d6b599ce74de29e62369f8e708bc4c82229893012063044304036c512ea4a0786b0cd4e05bb0d51cb38eec8bdcc94cb2b2956fb262398a4cebc79845a11527a75801e18780b8fe297afd77dfda8d410d9f0e07d10bace8422783d0faa2c4ed28f5761be62045701446f7e4ba04f44034270b84cd27fe0247cb2305afc4c73a18b94bdf5c5f140314d1ed1081192164d69d0e750e84590dad594caa041fe2f814c5e3b30a50de827f93516519643adf0110cd813e1d42dbebf199624e72344392c1578820f14f551a3b566d7780eff09204aeb7ee923b0061db8ddb3b47d8aeabdcc7e21390d95feaf7743a43a0ebff46c2486bf81fa01a35e9a947db743b44b451f993e432fa81cb6febafa56f377b46b84ad9ea760bdb529dfc0153ce59d06f5f264fa26b6ba14a384e1ac66c793a7581799177946687ab9dd9cffeb04551dcaaaa5e6c752c26315b47a1e5164d89f92437c42df6248c8e6e2c66d18be0d0c02d5c2ff31d23d5fce0b427b1520d9b68651b0a6b16261cf9f07f8a367bf2451890a5d87bc19ef41350b83a7fb65a49b7d23a5cfbb3b114653731b89c1de8e6fc235adee04faa97b175bf3720ed06c60b3a7ddcdb9c9304a963c35d37083d2f45dd08693af1e3878499797b62c8f748eafefcfc2a0a1bf1aa6dbdcb726f809cd8c4d1277cf73471110af469ade8ce89b93d7c9b4f56f119fa1e70b359d49eca5384439780ec8baa17e6c9f5d8e77c031df0b6ceb898fcdc74310f714ff29b27c22429043af7b4c5cac7c8362c1eefaabd1a441789554176c6b0cfd", 0x1000}, {&(0x7f0000000400)="06aae4e71534c8944b434f564cfee4fcf7e849642416e14f06f4593e59aeee9696160becdf6490c101aafe867036f8dc8630368c05d50662166ea004d155655f285f66549fb662bfb32d078ecfb670fc8a4f7adf0683ab55bdbdfdae90ddb84edf1a1c9b3b1dda4b1da8f62bf0193295ef675fa3b3bea9d27ecbf4556b9d9f5ca3fbb7156540d210cb74ba1587d623b4871564151c59129042b42b7af29403a030ff226de594b3e1d20d3977e4ed493d46729e749dfabd5f4d1da5db4f", 0xbd}, {&(0x7f00000004c0)="0d34face086fc2dd970bd4b839", 0xd}], 0x6}, 0x40005)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000080)=0x4b0ffc84, 0x4)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000180)={[{@subsystem='hugetlb'}, {@cpuset_v2_mode}, {@subsystem='cpuacct'}, {@xattr}]}) (async)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000180)={[{@subsystem='hugetlb'}, {@cpuset_v2_mode}, {@subsystem='cpuacct'}, {@xattr}]})
r7 = getpid()
syz_pidfd_open(r7, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_PRIORITY={0x8, 0x1e, 0x400}]}, 0x24}}, 0x0) (async)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_PRIORITY={0x8, 0x1e, 0x400}]}, 0x24}}, 0x0)
r9 = getpid()
sched_setscheduler(r9, 0x2, 0x0) (async)
sched_setscheduler(r9, 0x2, 0x0)
setpgid(r7, r9)
sendmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)
executing program 6:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x104000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 5:
clock_gettime(0x2, &(0x7f0000000000))
executing program 6:
syz_init_net_socket$llc(0x1a, 0x805, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa20d1000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
executing program 5:
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x20d0800, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x111202, 0x0)
r2 = io_uring_setup(0x57cb, &(0x7f00000000c0)={0x0, 0xcff1, 0x400, 0x3, 0x1ef})
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000140)={0x401, 0xffffffffffffffff, 0x0, {0x8, 0xb}, 0xfb}, 0x1)
r3 = socket$inet(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={'wg2\x00', {0x2, 0x4e23, @remote}})
ioctl$SNDCTL_MIDI_PRETIME(r1, 0xc0046d00, &(0x7f0000000240)=0x1)
executing program 6:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0xb00, 0xffffffffffffffff, 0x0, 0x0)
executing program 6:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) (fail_nth: 31)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000804)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac14", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005", @ANYRESDEC=r2], 0x48}, 0x1, 0x0, 0x0, 0xe4601ac1dea65316}, 0x0)
r3 = dup(r2)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r3, 0x3)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
bisect: bisecting 59 programs
bisect: split chunks (needed=false): <58>
bisect: split chunk #0 of len 58 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 13, 30, 20, 30, 10, 12, 12, 6, 30, 3, 29, 2, 2, 2, 23, 2, 16, 2, 9, 6, 29, 7, 11, 2, 16, 14, 3, 6, 3, 38, 16, 2, 1, 3, 10, 3, 3, 19]
detailed listing:
executing program 34:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='6\x00\x00', @ANYRES32], 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xfff3}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x80, 0x4b6, 0x401, 0x0, 0x12, 0xfffffff8}}, {0x4}}]}]}, 0x48}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="090000000300000004000100", @ANYRES32, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 2:
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c643c, &(0x7f0000000300))
mount$9p_virtio(0x0, 0x0, 0x0, 0x14403, 0x0)
close(r1)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0xffffffac, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002600)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="a132", 0x2}], 0x1}}], 0x1, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/206, 0xce, 0x0, 0x0}, &(0x7f0000000540)=0x40)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f00000003c0)={0x28, 0x0, 0x2710, @host}, 0x10)
executing program 2:
r0 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)) (async, rerun: 64)
fchdir(r1) (async, rerun: 64)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) (async, rerun: 32)
sendmmsg$inet(r2, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) (async, rerun: 32)
bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x4eb0, 0x10100, 0x1}, &(0x7f0000000480), &(0x7f0000000040)=<r4=>0x0) (async)
syz_io_uring_setup(0x7b9c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000000340)=<r5=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) (async, rerun: 32)
io_uring_enter(r3, 0x48e9, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f0000000b00)=0x7) (async)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000080)=0x3ff)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000180)=0xef) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (rerun: 64)
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000100)=0x5) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r9, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r10, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') (async, rerun: 64)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x410002, 0x11, 0xb}, 0x18) (async, rerun: 64)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
executing program 2:
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
lseek(r0, 0x9, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f00000001c0)='\x00', 0xfe3d, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0xfd, 0xfe, 0x0, 0x0, 0x5, 0x8b, 0x0, 0x0, 0x80, 0x0, 0x0, 0xfc, 0x3}, 0xe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x14, 0x22, 0x1, 0xfffffffc, 0xfffffffc, {0x2}}, 0x14}, 0x1, 0x0, 0xfcffffff}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg$unix(r3, 0x0, 0x2)
setsockopt$sock_attach_bpf(r3, 0x1, 0x23, &(0x7f0000000000), 0x4)
sendmsg$inet(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180)=0x6, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe1, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x30, 0x0, 0x415e01c18bc11981, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x8, 0x10}, {0x7f, 0x3}, {0xfa, 0x2}, {0xd8, 0x3}], "fd0ee3f6bd3284a7"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x40000a0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00')
read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="03", 0x1, 0x24008844, &(0x7f0000000040)={0xa, 0x2, 0x398, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bic\x00', 0x4)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xb, 0x8000000000002})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$P9_RGETLOCK(r7, &(0x7f00000002c0)=ANY=[], 0x200002e6)
fcntl$setpipe(r7, 0x407, 0x7000000)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r3, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x0, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0x0, r5, r6, 0x2e1, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r8, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r8, r3)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r9 = landlock_create_ruleset(&(0x7f00000000c0)={0x1400, 0x1, 0x2}, 0x18, 0x4)
landlock_restrict_self(r9, 0x0)
r10 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs2/binder1\x00', 0x800, 0x0)
dup3(r2, r1, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x50, 0x24, 0xf0b, 0x2, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xffff}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x8}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x6}]}}]}, 0x50}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x68, 0x2, 0x9, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFCTH_TUPLE={0x1c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @NFCTH_STATUS={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x5}, 0x800)
r4 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f0000000080)={0x0, 0x6})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2d, 0x100, 0x72bd26, 0x25dfdbfc, {0x6}, [@nested={0x4, 0xd}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x0)
executing program 2:
socket(0x10, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000c, 0x31, 0xffffffffffffffff, 0x80000000)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
executing program 35:
socket(0x10, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000c, 0x31, 0xffffffffffffffff, 0x80000000)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
executing program 7:
ioprio_set$uid(0x3, 0x0, 0x4007)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 15)
executing program 7:
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="1700000056"], 0x1c}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7fff, 0xf3})
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="1201b9000000", 0x0, 0x0, 0x1, 0x0, 0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$AUDIT_GET_FEATURE(r5, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4040}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x10, 0x3fb, 0x2, 0x70bd27, 0x25dfdbfc, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000480), 0xffffffffffffffff)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
signalfd(r1, &(0x7f00000004c0)={[0x200]}, 0x8)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000ac0)={'wpan1\x00', <r10=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x50, r8, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_DEVKEY={0x2c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x57}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x50}, 0x1, 0x0, 0x0, 0x10040}, 0x4)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r8, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4040090)
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@random="8580f83288e1", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x1, 0x5, 0x1c, 0x67, 0x0, 0x2, 0x2, 0x0, @private=0xa010102, @broadcast}, {0x11, 0x81, 0x0, @remote}}}}}, 0x0)
bind$can_j1939(r5, &(0x7f0000000380)={0x1d, r6, 0x2, {0x1, 0x0, 0x3}, 0xfd}, 0x18)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_CHANNEL(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r12, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r13}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x20000000)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r9)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, 0xc0c1}, 0x840)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000004100), r3)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000440)={0x1, 0x0, [{0x2ee, 0x0, 0x8000000000000000}]})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0x7000000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0xa1ffffffffffffff, 0x0, 0x840}, 0x0)
executing program 7:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 36:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 8:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private0, 0x1, 0x0, 0x1, 0x0, 0xffff, 0x6}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0x8}})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0), 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20020, &(0x7f0000000240)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB="2c00570d9431f9d867dad023a4b66eaca765a7be2827b0b9f4fa47fc9f32070000b1928ec9621965e68ff46f3b2e94ccfde49466450600582631ec3f3baf3c3a6dd0a2bd44"])
listen(r2, 0x0)
r4 = gettid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000080027bd7000fbdbdf25cf21b417", @ANYRES32=0x0, @ANYBLOB="00000000234000001400030076657468305f766972745f776966690008001300", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="7472616e0f0066642c7266646e6f3d7f1c1f68a431d45c9f777392b537a941bcff6e3edf073bca5255ecdd597f2303e16475676951419216b1fc0a62010b00f5f4c7a335e4c13c1cbe26d70443c97773d9a1d66d7094dbfe614e3e964dbc96c44cbe79c8c0686acdf73a95a1ec23135910731eddf572d4b60759c5932c4c7f8c04a1d4dc6dadbdbbc7d895050000003b904591c7a4c81e", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',\x00'])
executing program 8:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x1100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 8:
ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, 0x0)
openat$kvm(0x0, 0x0, 0x2382, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa4, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002680)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xfff2, 0xa}, {0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syslog(0x9, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syslog(0x3, 0x0, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa07, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
executing program 8:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c00010000ffffff9e00000007", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 8:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000011c0)='./file0\x00', &(0x7f00000004c0), 0x1440b, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141082, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 83)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001980)={0x1, 0x0, [{0x4, 0xd8, &(0x7f0000001a80)=""/216}]})
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000280)=0x4000000)
r5 = fcntl$dupfd(r3, 0x0, r4)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000080))
umount2(0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000000c0)={0x1, r5})
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000640)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
preadv(r9, &(0x7f00000000c0)=[{&(0x7f00000004c0)=""/127, 0x7f}], 0x1, 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r10, 0x4004ae8b, 0x0)
ioctl$VHOST_VDPA_GET_VRING_GROUP(r5, 0xc008af7b, &(0x7f0000000040)={0x0, 0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x9, 0x3, &(0x7f0000000000)=@framed={{0x1e, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x30}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r11=>0x0})
r12 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r12, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x78, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME={0x5b, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @initial, {}, @value=@ver_80211n={0x0, 0x64, 0x2, 0x0, 0x0, 0x2}}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x60, 0x1}]}, @void, @val={0x4, 0x6, {0x0, 0x0, 0x1, 0x2000}}, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x1, 0x2, 0xa, 0x60}}, @void}}]}, 0x78}}, 0x0)
userfaultfd(0x80801)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x7fffffff)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
executing program 4:
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x33, 0x2, @tid=0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002600)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x18)
r1 = io_uring_setup(0x3226, &(0x7f0000000240)={0x0, 0x60fc, 0x200, 0x3, 0xf3})
r2 = syz_io_uring_setup(0x82e, &(0x7f0000000500)={0x0, 0xcd1d, 0x10100, 0xfffffffb, 0x0, 0x0, r1}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
r5 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$CDROMVOLCTRL(r5, 0x5392, &(0x7f00000004c0)={0xa, 0x5, 0x18, 0x10})
syz_io_uring_submit(r3, r4, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
io_uring_enter(r2, 0x26c3, 0xdffffffb, 0x4c, 0x0, 0x0)
executing program 4:
r0 = socket(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000280)="7800000018002507b9409b14ffff00000214ae04020206050a02040c430009003f00040510000000370085a168d0bf46d389516a9069921a4b0005000a00000049935ade4a460c89b6ec0cff3959547f5000000000c902007a00004a324004001600040000d5808bd3e30a37e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000b40)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xdf, 0x17ef, 0x60ee, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3c, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x2, 0x4, {0x9, 0x21, 0x7, 0x8, 0x1, {0x22, 0x564}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x10, 0xf3, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x10, 0x1, 0x4}}]}}}]}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000b80)={0xa, 0x6, 0x250, 0x1, 0x3, 0x7, 0x10, 0xc0}, 0x5, &(0x7f0000000bc0)={0x5, 0xf, 0x5}, 0x3, [{0x61, &(0x7f0000000c00)=@string={0x61, 0x3, "fc2d5ec17db00226c08c5d69ed913726c1b2800501893790b737fe1612c0256b5fd273473b5d8c02cb35dafa7ef41da79a737361f8c9d8c0d35fed4ac381d2f78b65c2a53c6c4cb37de8fdc9d28ce714566579f40811cfaeb5c84741d21159"}}, {0x4, &(0x7f0000000c80)=@lang_id={0x4, 0x3, 0x402}}, {0xd2, &(0x7f0000000cc0)=@string={0xd2, 0x3, "ed3166834713853f932237f560aefb4f03700b7083424addefcdc7d5393ee527cc210ef26ceb481f334c4c059598a2f9ddd1104a9a6828d17bbc571522fb1c708d07479673ac8f558a7e1fc1a80d0198cdf0ee6d0933b8a0283bd501262d8afe6fc9191787287712d1f62eece28507e445e795da718975118f08b132515ca53cec43dc83f26d262eedf3b911c8930541a1d0f7f56a02b8d3ae909ff23e7957a9d21ce4c51ee6a376046b9cf180333e80e242996f166aef07e4ec16c2a10dd3f9726a918ad2b21a5763f1f7ad103020f7"}}]})
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000000c0)={<r1=>0x0, 0xfffffffc}, &(0x7f0000000200)=0x8)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0xfffffffffffffffc)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000b00)={r1, 0x10, 0x7fff}, 0x8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x6c, 0x30, 0x48b, 0x1, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @loopback, @multicast2, 0xff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000140)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000000000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff})
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r4, 0x7ac, &(0x7f0000000000)={&(0x7f00000006c0)={{@any, 0xf}, {@hyper, 0xff}, 0x400, "a0bef8f809fdbd794a5876812ecdc0f431e2e967134102e29601a109e8d6a5ea253fda100493f73e13d658b12a3dd0ee2619b2e158b8c1b070c4557ee3d7af4aa2bee609c235eee770aaee45497f554467c6e9d3f26475cfcac907d6b9d7846c4a66e178b7e711e1aa3c48463161dc313e13c58b5b22e077b23a647b4dbba9d052b703693008e1f49a92569615441c37e65f33c121efe1792557ebe6005581e24f47c1ea78ff928b49608b7e9b9e13903f343c17be0054fe54f0d8d7ec55847f847cc5bc5f54ffb48cdd6c4e992054759f155c47cf89fc8a0f48cfcea4ffe70b9fe7385805918d66fec51601c1ecbbd2d4968fa2ee1cb00bb49ae093b25d39cd0010349f9c63e8fe096e6f8afd79a91d6d0d16e0437fb9e342342795b94ceefe593cbf02d29e96b1f24b13cd77a1846e1bb48e2598c86b2c792fdda2200ebc4e4dd451afd893f7d56431141b1a3a783274db59e9b6e0433ef25a2bddb33a27bce4efdca9d10025d6dd659e7f2a57d3388cf7586814d510bb27139a7354ae00d731bfd4ef92d07469a83000d1850e84c47be45cfa6ddc6a85d6f733a6a2c952966ab3ed2a577de6dba67623b3f0e95ec21f0f7f8f8ffa4214f82dc15951b8186335578ce37d126681210eab215969b3d288e68dccb9772dfc9ae4c64b5ee5e120e90ba3685b2c7f83dedfcea4a974cc5720ed4eafa2b32bf03ae60cc716fff174a71a2ff4398e7d311303752c6b60572a9d4c50bea69e11f8ad4313677866073ae7780e58284e50e2a96e3d1b7c5ed63c9ca828961448d6d0240a7fbb458fd4ae04f42af11fb5a724be40a5ab6cc51eebd1d06cc1bb000e875db0030cc7c28a19f06dd362e774598e9669db5aaa732e589ecd57efebd3e3bbd87e6e8755cf41f97867085cfc0c13249180c5c4b0259c26f0e3a02da75480e52efeaee4a83458268362ee1e305cc3da30c43c7d25f80eba5d5386e08ecc4cb0a5ae4ddc8a7555a92800873676a1dcec504174f2bb2dea5776fbe3e8055d8918bb8589f9dd023a058a8b4fbed59a6cc78ef07bdb8f7b1dc77f1dcdc5583ca5a5dac9c5cff92a561b9ee1d8c7af343e7550c565a766299030a8e431edf48d8cd122ecda6182efe0dba76208af12a5539ed51991ad88cddca65043c0dde225d8602a783de11b636a7624d5002e27a2aed5963b0c40a80162a9449396190dd0c15bbf9fd35808a6921efb066f0924a4fe18f5cc3b008671dff827064e16e1a0589cc2bdff95a7987287955ecf2a8e8184d506ec4be628d93d5dad068ca02567388c536e23e5d36c74e9fa429279c09e29e5164219c81e2167cd01dc4ca5ff739ab6355ba1f0b84db5f2a939fd58e0b3a32a15432d77335eaee2a081699c0c865c03ffebb4c9a1bb041b164bea76b87ac63248bb570f0761c7b6eae686bd9a3f1f42bfc2961da5e11288"}, 0x418, 0x6})
close(r2)
setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000000), 0x4)
ioctl$FS_IOC_GETFSLABEL(r2, 0x541b, &(0x7f0000000100))
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)={0x7c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x5f, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @initial, {}, @value=@ver_80211n={0x0, 0x64, 0x2, 0x0, 0x0, 0x2}}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @val={0x4, 0x6, {0x0, 0x0, 0x1, 0x2000}}, @void, @val={0x5, 0x3}, @val={0x25, 0x3, {0x1, 0x78, 0x9}}, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x1, 0x2, 0xa, 0x60}}, @void}}]}, 0x7c}}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
userfaultfd(0x80801)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x1f, 0x19, 0x7, 0x12, 0x3, 0x7, 0x1, 0x58, 0xffffffffffffffff}})
executing program 5:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) (fail_nth: 30)
executing program 5:
ioprio_set$uid(0x3, 0x0, 0x4007)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 30)
executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0xfffffff0}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 6:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e) (async)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r1, 0x40043d14, &(0x7f0000000500)={0x15})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x42, 0x5c})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r5, r4, 0x0) (async)
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
sendmsg$kcm(r6, &(0x7f0000000a40)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)='}!', 0x2}, {&(0x7f0000000340)="f9a0549cf662e946b8f574a2378c21d2b59f99c203d404c92806", 0x1a}, {&(0x7f0000000380)="37295c9d448ae9e58e146a23c1a2c29e3409c78e9f168891b16689a17be4812746e33820a97f302a490149ac613afabab70c2b", 0x33}, {&(0x7f00000010c0)="bf8673f93c9e8e0fcd1df8608b208112f11f0a185d1f021f65a1a48613690bc9d20c5cbc7f40d4c21d3777c508fca4fd3c93c3f8f4d9c4ab4beb62e898b12d1f5f394714ed18cdaa9783802008f4b7eae635901cd25ab35cdc4d96247c3d18d1221a808106ae1fa3a68985f8fa47c076143ca3e58826781e105e261e9adb40b92fe8e7c33fdd21476f33daef386367ef340c3a1d89da4042c96cb303edb91f948e1d9975bcfbef79548e110ba28748974d923720397ff60a3048a0fe5851686bf2ce8ad8ce76a2c46dbd954d80eb7df68450fb9b959f8e2662197966686299015eda6eb5e5394b1bab8cc727023664ec0387905b6151a550d170491b9391ea54dd1eff86b51693c9ec9a05b9fe052d5a28a0c9137dea02178eaceb8f4e4123b60e2043f190efdd69de76c5d5124a48694700f979fbbceca2ef2558f7bf5ddf99104d78d5df3f6b606fbb4190682ef203e214c0942e90a1b255450b2c99fdaf10bcfc2854bc2b80175aa1655e9bcefd2daad45378e70187f2df32d0c0fbc30df592dd89af16ac8528c84c64011323813fc82879564b780a6fc8ad98c91387781d06f928a0592a5399d9cd8d02632ae462312264bf3172191e4ec4d3c41e82e3d870e635252941686f8990261ce522474e905bef9d0cba4af98cf1a8adb787e9241dc22bd84ef1a4b4db89acd10ff2e62b015881d1116956d7a1053a1be9383d7ca4d28d2c38d25322714555641533e5864a4007453faa8a350078bcd86f9e9ef05efda5933c84af454bc5d6472c93cc0c9c9d35ad155192a00712808d64b260d0fbf967821b76a16dca3509901869dd0fc35a4fc1824179661b26c86d03e65ab28a560efc33bda06ecf4ea5964c1a0fa02fc7158573bf4be5b8fe2878c8a798d03a0791d3b9bbc3a42a57f8d8bda0c0498956d67e89da57d1142a35fcb34043e0790f3d666e1922a1f249cea1bdcb725e539615fbfa0c862fe670f20a407cfc077db1a36b6e5016bfa7d3bcce0bdef8f81514cbbe4ba26079cdb0aec0f726dc7636771e2f7b2e01ba2c66e1e1111e771d3158dfb4b28f336d218f8c998b2f8775489ace3dcc01e3aa66b310dda331d08a0edbf3c7ac2edc836a1244adb67d9fd755d519d6bbe26ef7f396c63dc3ed94234159983a33caab125ec52c3faac6942ae70a521ae6606d3d2ccf3a83c4c89e64578b54c8d4c1c672de13519d2103bdbb2ec3e104d7150a660120e0c67231408352536a8be735d52e1bbbdef4d76fd11dc173b9a5745128295c7ed43ac31011e0d033818c90a55eb3ca834eb7369c39d197012cb5bdf53bc68c55bb9d2ba64426f439a46cf710cb78e6fe76679e6ddb2f5a7bebd2267a23e0d04cce8dd83eaaa7dbd12a8a6cf543f5f27794b89118d38bd59fc4e26ad1ca28c531b1c2e47965a49eafcd6aa8859dca68c52ff469893c7d1759f838de06280c3bae92f0c46f92b897ad5affb0e61f316f3a772f5f860a407043011c08149d6614902e29d0fdcb2f334473269006dbfbe99c437ec4ad12b2e66c32e72cd77f879b0a963c3191f2958369dc64843d380e4367ea23bc01444236e5b88c9b28e338b7337867d1078a08fc350821af624b0adfbdf8506411229e80f8e6a610977b20f4f1030b87a47c6dbaf621cef706f2303cdd0b38ed24e00cd937b69d03311228e9d313672113acfc2ce6c3aff6375b56ed54c3bf848558ce7c0236d82a987f9bc68c94c282ad0d0bf76f005f917160dbdff9c59635710ee4ae6ca4e346309a6e4ceb50515852625ce2ac1d4dbcc1a2df53fa2e65022759deb4dc163b83ca2690143666edbfdbe78f142c54f24564350f7d2db9d26cc0770f693b19c950c6a6c7052c08820d587f1f543b024dbe688d6b17c351264fac7302a65174ee5492c10861ca7d559d3ccb430ac621e5766044a01728a4216bb9063b3051a7a96567e89ec253448e558c8b521e29ac64bb77ab4e4bfce12ee470dfdfdd150cc4031e593ea1a6fabc3ef93464f819321970bcaadae62130add21bcf64780d11072f64441eff7660cf018b8837972eff8b5ecaa4f03c3a71356adfcfdabf0eea9bc4009e5c76cd1b35f0c508ab21e68e1d0effc69a56a5806c3253cbcf7eb01575b1b99bbc59b33489a64651de1830f93488a4e464f19ba287ee9124f95e0e61db43f8882f350f97590b464e4e1859480e4b4f420d8e8a9e045a9a0b420bfffe7b6d6945065c4bbb9110166752e094c686be94bc983e99e49a9be1e455bf181d6c1e8991529dc985359fb55112b173bc1c74f15d29cd91bee6ded9b9e29d02feffeb9f6c7f4fa9186891fd719ee98b50578f859957d93982a31560cdfc961f45b57859dec0df7925b12bb09f1224503c9dcbdf1942dae424bf6950ab1bd02b015ff1ef4346e57d5d623fc4b152ce5471964567738785e99a1dd146cebe1d50ba9ab341025c24b4a1423df4e8cb10c82f9afd0f0b7d196f1e7f47136489a3088d9eb58920bb8c5ab00811afc186c59f7f0c7ca3e9d79965ec21ad87532a16cecdfc669bcdcd380502c49b9a8d50df21bd58139e4e7584f8ce1cdf6315cb504e3173a6caea099a234d20b268a602b20c5e90edcd45240022e2f0031efb15bf84770db7590209838feb3cedfd3ec601dc66da2ec168e54dcb2e885df99405eec8af40e69b82725f337f7dc2c669cd0ef1f5446421afeaad087c8528090cdbda0254a11e354c9e83e2bc90fc947f2138986c031e06c5f58330a0755d9fb24664983f90308ce77a0d583ac1fb3494b5e1f11077bf35905a6e899ec91b46ffe2a375fdd6fe2d0635dbc978f0a95c99ece8c9b476125e904e5805e386b21cd4c5e11d8d33b8574eac23132b5c787c775ca2d622fd5a5f6306ddbd088223e0143993d7a7ae70c1c2e94efa35edac35bfea5816592bc60a8c0907a93a6da36a754d5ecabc8258b1fac5439f2ebfe1e80e37b2df6c3f736d6541af1a907f747e3725b2c781104a88899fd834ab893754fd1346b8b900b29bbdf4a42616dacd11f69dd562b8a9d3b6f09df4e52539cfac47ac5f37d6fb8f29a811fcfe38d918cd0974cd0d6d63aea9280c35689a8d9c905ced6fa0881335dacd8b38687c5772e0e93f3a56058b8caf5962bf0866402baeb164b921b5b3828db5b50ccb3f189bb41631b8e0f1fc172cb5df0487f130c78de4e86df4cd8c5b9785df6e5e6d8d5076592f0c2d7e2dcff11f6fc87db70f37522ff8161dba5812d19a299148d294ad23974888a33513ed9ea548843a204746d532e28e046ded15e44847d3e91706347af4dc3b13b10c6dc966b1bea9eb78618b3585168e64ba92642e1434611f75d24571b23f3f7d21c99328f19b5f22a22f3504fdc531d3feb334602304c45558118a7f14e213b51f9c7f68f6f9a7ebb1745b62d6be93bbcc47212b7595c201049de47797fb91aa7cc67a3342354a1feb41bfd0bb802c9d5a30f3ce282e18589dac97a61b71e7ae406c38e3511a24a46954b1a7ea1ba031344cf595a62eed90c439bfb4a02c69619c4f040015e88b4901de05822523ad24551ec71662e8800c1a39d468bfeac295ebc1a73608c22bef6a21d09892c879319c3395e7a2a068f314aee998949156adeae5fa4ca781cb0acec941d9783a991bf4497df914d123043b8d46b7d5588cda6b1a1c1924114bd9c163cd67dca6ef8ac46bfd17bfb6a2309e94355116a2a4c11c11e010522860be97f14aa21388623cd8802c9a06afa3e24682436f97d46ce044bf751dae1d3ab2018ed075d82a3c3e7b2a288970a033148e1ce9a9c1a07b15137d42e76f14c482e2edab1b297668d11ee92cbce25dc5ca936979e48383023ce7e2ba92a75cdaa290f2a9abecd42be860db2a2c887831fe727b4b4e7c4dd44a04ea3d93898b54266070806c13d70265f1c5f715fd13216562cfe7794f329011d2ff46d34cca820da8aa96c1d86073d5cbc68f326e713e82624b0a0fd2e8ce04be4c8cf7a6aa07a91ec35f4e52b5460a2f789aaf5872c0e4a582df7291582b963220ff5dfd9bc353cbc9722e24c9251836039ffb88827fd82938bcfd7309251d5ab68a6de03d6eb167f0c42e68335dfdd4eeab0aa29afbf56bbb89922ab6bd762a7726751e41cfeb291bb425fd9b425af52808bdf0973440e77c82adb0ecdc48ab4591d947198cab761a516fc04f0535a778ac561bd1333954285e5e5b68f4899ab2121e58428067f9c96d76a9b55600ef1b43dd976cb233b31a71be8dff894b84df4321252f64e373cedd210d0f08a0922616b3294c8d59c344e71868a5827f2b6bf93a4a47320ca7219fa3fa7cd0ea41c6cd6f02642320b94051b133bf0eb34204a9e14d9316a8d713f2f52b731a0251b3e23325943bcce2de77007abb16e2593378af98e4bcc2c2aa0505963f7d80b4fa3661457ea8de8d9f313119e65f11dade39a8beb372eaf9fad04fc5ec3bc251ef9d2d0d4930835f508858bfbfe147e2ce3a528c6ea4c9beac9501ccc4d2b2bfa7703a4741450b796fd28a7d8975ae7512422ccf3b71f6a3b4e35e53a076a0b4a95d5090e9492a40ac6c6811641122468888ff7e7c8fcb2b9fca71e6bea5cd0ac74c18cdfc24c6ea3c38044b16959bc06538f1fbd11fb3c183904ae9c93e0576ac68b4c25944f3ff5c779ec288241c1ed40d85c7edce70466f60108fd076a0685728db971011c67520062226fcb8b8cdfc5974cbdd06b31263eb3d865ea86e8f6d31315a7f91882422626e4200bd1eed8f466cbf79bb9c3c634a8bd77d2007a8514976c3b94a1e91aa24553826504f7fface832cc88b508923600a918dbc2bd76a11a81afd36d4350409a33794f1f90edde644d815f24f46bf9fda0e05c910c07c7d93c54d524a4c9e1f2659f85a04d2be056dd60b9510d4eb9ef753a3a2acb1150dcaaf4f139b2e60b1576878bdd0563f163d8efe9ab01b05dad49c6f61e511f2932b997a71fb87b431f528a434cf44313d6b599ce74de29e62369f8e708bc4c82229893012063044304036c512ea4a0786b0cd4e05bb0d51cb38eec8bdcc94cb2b2956fb262398a4cebc79845a11527a75801e18780b8fe297afd77dfda8d410d9f0e07d10bace8422783d0faa2c4ed28f5761be62045701446f7e4ba04f44034270b84cd27fe0247cb2305afc4c73a18b94bdf5c5f140314d1ed1081192164d69d0e750e84590dad594caa041fe2f814c5e3b30a50de827f93516519643adf0110cd813e1d42dbebf199624e72344392c1578820f14f551a3b566d7780eff09204aeb7ee923b0061db8ddb3b47d8aeabdcc7e21390d95feaf7743a43a0ebff46c2486bf81fa01a35e9a947db743b44b451f993e432fa81cb6febafa56f377b46b84ad9ea760bdb529dfc0153ce59d06f5f264fa26b6ba14a384e1ac66c793a7581799177946687ab9dd9cffeb04551dcaaaa5e6c752c26315b47a1e5164d89f92437c42df6248c8e6e2c66d18be0d0c02d5c2ff31d23d5fce0b427b1520d9b68651b0a6b16261cf9f07f8a367bf2451890a5d87bc19ef41350b83a7fb65a49b7d23a5cfbb3b114653731b89c1de8e6fc235adee04faa97b175bf3720ed06c60b3a7ddcdb9c9304a963c35d37083d2f45dd08693af1e3878499797b62c8f748eafefcfc2a0a1bf1aa6dbdcb726f809cd8c4d1277cf73471110af469ade8ce89b93d7c9b4f56f119fa1e70b359d49eca5384439780ec8baa17e6c9f5d8e77c031df0b6ceb898fcdc74310f714ff29b27c22429043af7b4c5cac7c8362c1eefaabd1a441789554176c6b0cfd", 0x1000}, {&(0x7f0000000400)="06aae4e71534c8944b434f564cfee4fcf7e849642416e14f06f4593e59aeee9696160becdf6490c101aafe867036f8dc8630368c05d50662166ea004d155655f285f66549fb662bfb32d078ecfb670fc8a4f7adf0683ab55bdbdfdae90ddb84edf1a1c9b3b1dda4b1da8f62bf0193295ef675fa3b3bea9d27ecbf4556b9d9f5ca3fbb7156540d210cb74ba1587d623b4871564151c59129042b42b7af29403a030ff226de594b3e1d20d3977e4ed493d46729e749dfabd5f4d1da5db4f", 0xbd}, {&(0x7f00000004c0)="0d34face086fc2dd970bd4b839", 0xd}], 0x6}, 0x40005) (async)
sendmsg$kcm(r6, &(0x7f0000000a40)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)='}!', 0x2}, {&(0x7f0000000340)="f9a0549cf662e946b8f574a2378c21d2b59f99c203d404c92806", 0x1a}, {&(0x7f0000000380)="37295c9d448ae9e58e146a23c1a2c29e3409c78e9f168891b16689a17be4812746e33820a97f302a490149ac613afabab70c2b", 0x33}, {&(0x7f00000010c0)="bf8673f93c9e8e0fcd1df8608b208112f11f0a185d1f021f65a1a48613690bc9d20c5cbc7f40d4c21d3777c508fca4fd3c93c3f8f4d9c4ab4beb62e898b12d1f5f394714ed18cdaa9783802008f4b7eae635901cd25ab35cdc4d96247c3d18d1221a808106ae1fa3a68985f8fa47c076143ca3e58826781e105e261e9adb40b92fe8e7c33fdd21476f33daef386367ef340c3a1d89da4042c96cb303edb91f948e1d9975bcfbef79548e110ba28748974d923720397ff60a3048a0fe5851686bf2ce8ad8ce76a2c46dbd954d80eb7df68450fb9b959f8e2662197966686299015eda6eb5e5394b1bab8cc727023664ec0387905b6151a550d170491b9391ea54dd1eff86b51693c9ec9a05b9fe052d5a28a0c9137dea02178eaceb8f4e4123b60e2043f190efdd69de76c5d5124a48694700f979fbbceca2ef2558f7bf5ddf99104d78d5df3f6b606fbb4190682ef203e214c0942e90a1b255450b2c99fdaf10bcfc2854bc2b80175aa1655e9bcefd2daad45378e70187f2df32d0c0fbc30df592dd89af16ac8528c84c64011323813fc82879564b780a6fc8ad98c91387781d06f928a0592a5399d9cd8d02632ae462312264bf3172191e4ec4d3c41e82e3d870e635252941686f8990261ce522474e905bef9d0cba4af98cf1a8adb787e9241dc22bd84ef1a4b4db89acd10ff2e62b015881d1116956d7a1053a1be9383d7ca4d28d2c38d25322714555641533e5864a4007453faa8a350078bcd86f9e9ef05efda5933c84af454bc5d6472c93cc0c9c9d35ad155192a00712808d64b260d0fbf967821b76a16dca3509901869dd0fc35a4fc1824179661b26c86d03e65ab28a560efc33bda06ecf4ea5964c1a0fa02fc7158573bf4be5b8fe2878c8a798d03a0791d3b9bbc3a42a57f8d8bda0c0498956d67e89da57d1142a35fcb34043e0790f3d666e1922a1f249cea1bdcb725e539615fbfa0c862fe670f20a407cfc077db1a36b6e5016bfa7d3bcce0bdef8f81514cbbe4ba26079cdb0aec0f726dc7636771e2f7b2e01ba2c66e1e1111e771d3158dfb4b28f336d218f8c998b2f8775489ace3dcc01e3aa66b310dda331d08a0edbf3c7ac2edc836a1244adb67d9fd755d519d6bbe26ef7f396c63dc3ed94234159983a33caab125ec52c3faac6942ae70a521ae6606d3d2ccf3a83c4c89e64578b54c8d4c1c672de13519d2103bdbb2ec3e104d7150a660120e0c67231408352536a8be735d52e1bbbdef4d76fd11dc173b9a5745128295c7ed43ac31011e0d033818c90a55eb3ca834eb7369c39d197012cb5bdf53bc68c55bb9d2ba64426f439a46cf710cb78e6fe76679e6ddb2f5a7bebd2267a23e0d04cce8dd83eaaa7dbd12a8a6cf543f5f27794b89118d38bd59fc4e26ad1ca28c531b1c2e47965a49eafcd6aa8859dca68c52ff469893c7d1759f838de06280c3bae92f0c46f92b897ad5affb0e61f316f3a772f5f860a407043011c08149d6614902e29d0fdcb2f334473269006dbfbe99c437ec4ad12b2e66c32e72cd77f879b0a963c3191f2958369dc64843d380e4367ea23bc01444236e5b88c9b28e338b7337867d1078a08fc350821af624b0adfbdf8506411229e80f8e6a610977b20f4f1030b87a47c6dbaf621cef706f2303cdd0b38ed24e00cd937b69d03311228e9d313672113acfc2ce6c3aff6375b56ed54c3bf848558ce7c0236d82a987f9bc68c94c282ad0d0bf76f005f917160dbdff9c59635710ee4ae6ca4e346309a6e4ceb50515852625ce2ac1d4dbcc1a2df53fa2e65022759deb4dc163b83ca2690143666edbfdbe78f142c54f24564350f7d2db9d26cc0770f693b19c950c6a6c7052c08820d587f1f543b024dbe688d6b17c351264fac7302a65174ee5492c10861ca7d559d3ccb430ac621e5766044a01728a4216bb9063b3051a7a96567e89ec253448e558c8b521e29ac64bb77ab4e4bfce12ee470dfdfdd150cc4031e593ea1a6fabc3ef93464f819321970bcaadae62130add21bcf64780d11072f64441eff7660cf018b8837972eff8b5ecaa4f03c3a71356adfcfdabf0eea9bc4009e5c76cd1b35f0c508ab21e68e1d0effc69a56a5806c3253cbcf7eb01575b1b99bbc59b33489a64651de1830f93488a4e464f19ba287ee9124f95e0e61db43f8882f350f97590b464e4e1859480e4b4f420d8e8a9e045a9a0b420bfffe7b6d6945065c4bbb9110166752e094c686be94bc983e99e49a9be1e455bf181d6c1e8991529dc985359fb55112b173bc1c74f15d29cd91bee6ded9b9e29d02feffeb9f6c7f4fa9186891fd719ee98b50578f859957d93982a31560cdfc961f45b57859dec0df7925b12bb09f1224503c9dcbdf1942dae424bf6950ab1bd02b015ff1ef4346e57d5d623fc4b152ce5471964567738785e99a1dd146cebe1d50ba9ab341025c24b4a1423df4e8cb10c82f9afd0f0b7d196f1e7f47136489a3088d9eb58920bb8c5ab00811afc186c59f7f0c7ca3e9d79965ec21ad87532a16cecdfc669bcdcd380502c49b9a8d50df21bd58139e4e7584f8ce1cdf6315cb504e3173a6caea099a234d20b268a602b20c5e90edcd45240022e2f0031efb15bf84770db7590209838feb3cedfd3ec601dc66da2ec168e54dcb2e885df99405eec8af40e69b82725f337f7dc2c669cd0ef1f5446421afeaad087c8528090cdbda0254a11e354c9e83e2bc90fc947f2138986c031e06c5f58330a0755d9fb24664983f90308ce77a0d583ac1fb3494b5e1f11077bf35905a6e899ec91b46ffe2a375fdd6fe2d0635dbc978f0a95c99ece8c9b476125e904e5805e386b21cd4c5e11d8d33b8574eac23132b5c787c775ca2d622fd5a5f6306ddbd088223e0143993d7a7ae70c1c2e94efa35edac35bfea5816592bc60a8c0907a93a6da36a754d5ecabc8258b1fac5439f2ebfe1e80e37b2df6c3f736d6541af1a907f747e3725b2c781104a88899fd834ab893754fd1346b8b900b29bbdf4a42616dacd11f69dd562b8a9d3b6f09df4e52539cfac47ac5f37d6fb8f29a811fcfe38d918cd0974cd0d6d63aea9280c35689a8d9c905ced6fa0881335dacd8b38687c5772e0e93f3a56058b8caf5962bf0866402baeb164b921b5b3828db5b50ccb3f189bb41631b8e0f1fc172cb5df0487f130c78de4e86df4cd8c5b9785df6e5e6d8d5076592f0c2d7e2dcff11f6fc87db70f37522ff8161dba5812d19a299148d294ad23974888a33513ed9ea548843a204746d532e28e046ded15e44847d3e91706347af4dc3b13b10c6dc966b1bea9eb78618b3585168e64ba92642e1434611f75d24571b23f3f7d21c99328f19b5f22a22f3504fdc531d3feb334602304c45558118a7f14e213b51f9c7f68f6f9a7ebb1745b62d6be93bbcc47212b7595c201049de47797fb91aa7cc67a3342354a1feb41bfd0bb802c9d5a30f3ce282e18589dac97a61b71e7ae406c38e3511a24a46954b1a7ea1ba031344cf595a62eed90c439bfb4a02c69619c4f040015e88b4901de05822523ad24551ec71662e8800c1a39d468bfeac295ebc1a73608c22bef6a21d09892c879319c3395e7a2a068f314aee998949156adeae5fa4ca781cb0acec941d9783a991bf4497df914d123043b8d46b7d5588cda6b1a1c1924114bd9c163cd67dca6ef8ac46bfd17bfb6a2309e94355116a2a4c11c11e010522860be97f14aa21388623cd8802c9a06afa3e24682436f97d46ce044bf751dae1d3ab2018ed075d82a3c3e7b2a288970a033148e1ce9a9c1a07b15137d42e76f14c482e2edab1b297668d11ee92cbce25dc5ca936979e48383023ce7e2ba92a75cdaa290f2a9abecd42be860db2a2c887831fe727b4b4e7c4dd44a04ea3d93898b54266070806c13d70265f1c5f715fd13216562cfe7794f329011d2ff46d34cca820da8aa96c1d86073d5cbc68f326e713e82624b0a0fd2e8ce04be4c8cf7a6aa07a91ec35f4e52b5460a2f789aaf5872c0e4a582df7291582b963220ff5dfd9bc353cbc9722e24c9251836039ffb88827fd82938bcfd7309251d5ab68a6de03d6eb167f0c42e68335dfdd4eeab0aa29afbf56bbb89922ab6bd762a7726751e41cfeb291bb425fd9b425af52808bdf0973440e77c82adb0ecdc48ab4591d947198cab761a516fc04f0535a778ac561bd1333954285e5e5b68f4899ab2121e58428067f9c96d76a9b55600ef1b43dd976cb233b31a71be8dff894b84df4321252f64e373cedd210d0f08a0922616b3294c8d59c344e71868a5827f2b6bf93a4a47320ca7219fa3fa7cd0ea41c6cd6f02642320b94051b133bf0eb34204a9e14d9316a8d713f2f52b731a0251b3e23325943bcce2de77007abb16e2593378af98e4bcc2c2aa0505963f7d80b4fa3661457ea8de8d9f313119e65f11dade39a8beb372eaf9fad04fc5ec3bc251ef9d2d0d4930835f508858bfbfe147e2ce3a528c6ea4c9beac9501ccc4d2b2bfa7703a4741450b796fd28a7d8975ae7512422ccf3b71f6a3b4e35e53a076a0b4a95d5090e9492a40ac6c6811641122468888ff7e7c8fcb2b9fca71e6bea5cd0ac74c18cdfc24c6ea3c38044b16959bc06538f1fbd11fb3c183904ae9c93e0576ac68b4c25944f3ff5c779ec288241c1ed40d85c7edce70466f60108fd076a0685728db971011c67520062226fcb8b8cdfc5974cbdd06b31263eb3d865ea86e8f6d31315a7f91882422626e4200bd1eed8f466cbf79bb9c3c634a8bd77d2007a8514976c3b94a1e91aa24553826504f7fface832cc88b508923600a918dbc2bd76a11a81afd36d4350409a33794f1f90edde644d815f24f46bf9fda0e05c910c07c7d93c54d524a4c9e1f2659f85a04d2be056dd60b9510d4eb9ef753a3a2acb1150dcaaf4f139b2e60b1576878bdd0563f163d8efe9ab01b05dad49c6f61e511f2932b997a71fb87b431f528a434cf44313d6b599ce74de29e62369f8e708bc4c82229893012063044304036c512ea4a0786b0cd4e05bb0d51cb38eec8bdcc94cb2b2956fb262398a4cebc79845a11527a75801e18780b8fe297afd77dfda8d410d9f0e07d10bace8422783d0faa2c4ed28f5761be62045701446f7e4ba04f44034270b84cd27fe0247cb2305afc4c73a18b94bdf5c5f140314d1ed1081192164d69d0e750e84590dad594caa041fe2f814c5e3b30a50de827f93516519643adf0110cd813e1d42dbebf199624e72344392c1578820f14f551a3b566d7780eff09204aeb7ee923b0061db8ddb3b47d8aeabdcc7e21390d95feaf7743a43a0ebff46c2486bf81fa01a35e9a947db743b44b451f993e432fa81cb6febafa56f377b46b84ad9ea760bdb529dfc0153ce59d06f5f264fa26b6ba14a384e1ac66c793a7581799177946687ab9dd9cffeb04551dcaaaa5e6c752c26315b47a1e5164d89f92437c42df6248c8e6e2c66d18be0d0c02d5c2ff31d23d5fce0b427b1520d9b68651b0a6b16261cf9f07f8a367bf2451890a5d87bc19ef41350b83a7fb65a49b7d23a5cfbb3b114653731b89c1de8e6fc235adee04faa97b175bf3720ed06c60b3a7ddcdb9c9304a963c35d37083d2f45dd08693af1e3878499797b62c8f748eafefcfc2a0a1bf1aa6dbdcb726f809cd8c4d1277cf73471110af469ade8ce89b93d7c9b4f56f119fa1e70b359d49eca5384439780ec8baa17e6c9f5d8e77c031df0b6ceb898fcdc74310f714ff29b27c22429043af7b4c5cac7c8362c1eefaabd1a441789554176c6b0cfd", 0x1000}, {&(0x7f0000000400)="06aae4e71534c8944b434f564cfee4fcf7e849642416e14f06f4593e59aeee9696160becdf6490c101aafe867036f8dc8630368c05d50662166ea004d155655f285f66549fb662bfb32d078ecfb670fc8a4f7adf0683ab55bdbdfdae90ddb84edf1a1c9b3b1dda4b1da8f62bf0193295ef675fa3b3bea9d27ecbf4556b9d9f5ca3fbb7156540d210cb74ba1587d623b4871564151c59129042b42b7af29403a030ff226de594b3e1d20d3977e4ed493d46729e749dfabd5f4d1da5db4f", 0xbd}, {&(0x7f00000004c0)="0d34face086fc2dd970bd4b839", 0xd}], 0x6}, 0x40005)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000080)=0x4b0ffc84, 0x4)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000180)={[{@subsystem='hugetlb'}, {@cpuset_v2_mode}, {@subsystem='cpuacct'}, {@xattr}]}) (async)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000180)={[{@subsystem='hugetlb'}, {@cpuset_v2_mode}, {@subsystem='cpuacct'}, {@xattr}]})
r7 = getpid()
syz_pidfd_open(r7, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_PRIORITY={0x8, 0x1e, 0x400}]}, 0x24}}, 0x0) (async)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_PRIORITY={0x8, 0x1e, 0x400}]}, 0x24}}, 0x0)
r9 = getpid()
sched_setscheduler(r9, 0x2, 0x0) (async)
sched_setscheduler(r9, 0x2, 0x0)
setpgid(r7, r9)
sendmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)
executing program 6:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x104000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 5:
clock_gettime(0x2, &(0x7f0000000000))
executing program 6:
syz_init_net_socket$llc(0x1a, 0x805, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa20d1000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
executing program 5:
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x20d0800, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x111202, 0x0)
r2 = io_uring_setup(0x57cb, &(0x7f00000000c0)={0x0, 0xcff1, 0x400, 0x3, 0x1ef})
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000140)={0x401, 0xffffffffffffffff, 0x0, {0x8, 0xb}, 0xfb}, 0x1)
r3 = socket$inet(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={'wg2\x00', {0x2, 0x4e23, @remote}})
ioctl$SNDCTL_MIDI_PRETIME(r1, 0xc0046d00, &(0x7f0000000240)=0x1)
executing program 6:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0xb00, 0xffffffffffffffff, 0x0, 0x0)
executing program 6:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) (fail_nth: 31)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000804)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac14", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005", @ANYRESDEC=r2], 0x48}, 0x1, 0x0, 0x0, 0xe4601ac1dea65316}, 0x0)
r3 = dup(r2)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r3, 0x3)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=34s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 29, 7, 11, 2, 16, 14, 3, 6, 3, 38, 16, 2, 1, 3, 10, 3, 3, 19]
detailed listing:
executing program 4:
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141082, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 83)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001980)={0x1, 0x0, [{0x4, 0xd8, &(0x7f0000001a80)=""/216}]})
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000280)=0x4000000)
r5 = fcntl$dupfd(r3, 0x0, r4)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000080))
umount2(0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000000c0)={0x1, r5})
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000640)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
preadv(r9, &(0x7f00000000c0)=[{&(0x7f00000004c0)=""/127, 0x7f}], 0x1, 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r10, 0x4004ae8b, 0x0)
ioctl$VHOST_VDPA_GET_VRING_GROUP(r5, 0xc008af7b, &(0x7f0000000040)={0x0, 0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x9, 0x3, &(0x7f0000000000)=@framed={{0x1e, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x30}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r11=>0x0})
r12 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r12, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x78, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME={0x5b, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @initial, {}, @value=@ver_80211n={0x0, 0x64, 0x2, 0x0, 0x0, 0x2}}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x60, 0x1}]}, @void, @val={0x4, 0x6, {0x0, 0x0, 0x1, 0x2000}}, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x1, 0x2, 0xa, 0x60}}, @void}}]}, 0x78}}, 0x0)
userfaultfd(0x80801)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x7fffffff)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
executing program 4:
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x33, 0x2, @tid=0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002600)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x18)
r1 = io_uring_setup(0x3226, &(0x7f0000000240)={0x0, 0x60fc, 0x200, 0x3, 0xf3})
r2 = syz_io_uring_setup(0x82e, &(0x7f0000000500)={0x0, 0xcd1d, 0x10100, 0xfffffffb, 0x0, 0x0, r1}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
r5 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$CDROMVOLCTRL(r5, 0x5392, &(0x7f00000004c0)={0xa, 0x5, 0x18, 0x10})
syz_io_uring_submit(r3, r4, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
io_uring_enter(r2, 0x26c3, 0xdffffffb, 0x4c, 0x0, 0x0)
executing program 4:
r0 = socket(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000280)="7800000018002507b9409b14ffff00000214ae04020206050a02040c430009003f00040510000000370085a168d0bf46d389516a9069921a4b0005000a00000049935ade4a460c89b6ec0cff3959547f5000000000c902007a00004a324004001600040000d5808bd3e30a37e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000b40)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xdf, 0x17ef, 0x60ee, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3c, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x2, 0x4, {0x9, 0x21, 0x7, 0x8, 0x1, {0x22, 0x564}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x10, 0xf3, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x10, 0x1, 0x4}}]}}}]}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000b80)={0xa, 0x6, 0x250, 0x1, 0x3, 0x7, 0x10, 0xc0}, 0x5, &(0x7f0000000bc0)={0x5, 0xf, 0x5}, 0x3, [{0x61, &(0x7f0000000c00)=@string={0x61, 0x3, "fc2d5ec17db00226c08c5d69ed913726c1b2800501893790b737fe1612c0256b5fd273473b5d8c02cb35dafa7ef41da79a737361f8c9d8c0d35fed4ac381d2f78b65c2a53c6c4cb37de8fdc9d28ce714566579f40811cfaeb5c84741d21159"}}, {0x4, &(0x7f0000000c80)=@lang_id={0x4, 0x3, 0x402}}, {0xd2, &(0x7f0000000cc0)=@string={0xd2, 0x3, "ed3166834713853f932237f560aefb4f03700b7083424addefcdc7d5393ee527cc210ef26ceb481f334c4c059598a2f9ddd1104a9a6828d17bbc571522fb1c708d07479673ac8f558a7e1fc1a80d0198cdf0ee6d0933b8a0283bd501262d8afe6fc9191787287712d1f62eece28507e445e795da718975118f08b132515ca53cec43dc83f26d262eedf3b911c8930541a1d0f7f56a02b8d3ae909ff23e7957a9d21ce4c51ee6a376046b9cf180333e80e242996f166aef07e4ec16c2a10dd3f9726a918ad2b21a5763f1f7ad103020f7"}}]})
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000000c0)={<r1=>0x0, 0xfffffffc}, &(0x7f0000000200)=0x8)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0xfffffffffffffffc)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000b00)={r1, 0x10, 0x7fff}, 0x8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x6c, 0x30, 0x48b, 0x1, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @loopback, @multicast2, 0xff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000140)={@local})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000000000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff})
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r4, 0x7ac, &(0x7f0000000000)={&(0x7f00000006c0)={{@any, 0xf}, {@hyper, 0xff}, 0x400, "a0bef8f809fdbd794a5876812ecdc0f431e2e967134102e29601a109e8d6a5ea253fda100493f73e13d658b12a3dd0ee2619b2e158b8c1b070c4557ee3d7af4aa2bee609c235eee770aaee45497f554467c6e9d3f26475cfcac907d6b9d7846c4a66e178b7e711e1aa3c48463161dc313e13c58b5b22e077b23a647b4dbba9d052b703693008e1f49a92569615441c37e65f33c121efe1792557ebe6005581e24f47c1ea78ff928b49608b7e9b9e13903f343c17be0054fe54f0d8d7ec55847f847cc5bc5f54ffb48cdd6c4e992054759f155c47cf89fc8a0f48cfcea4ffe70b9fe7385805918d66fec51601c1ecbbd2d4968fa2ee1cb00bb49ae093b25d39cd0010349f9c63e8fe096e6f8afd79a91d6d0d16e0437fb9e342342795b94ceefe593cbf02d29e96b1f24b13cd77a1846e1bb48e2598c86b2c792fdda2200ebc4e4dd451afd893f7d56431141b1a3a783274db59e9b6e0433ef25a2bddb33a27bce4efdca9d10025d6dd659e7f2a57d3388cf7586814d510bb27139a7354ae00d731bfd4ef92d07469a83000d1850e84c47be45cfa6ddc6a85d6f733a6a2c952966ab3ed2a577de6dba67623b3f0e95ec21f0f7f8f8ffa4214f82dc15951b8186335578ce37d126681210eab215969b3d288e68dccb9772dfc9ae4c64b5ee5e120e90ba3685b2c7f83dedfcea4a974cc5720ed4eafa2b32bf03ae60cc716fff174a71a2ff4398e7d311303752c6b60572a9d4c50bea69e11f8ad4313677866073ae7780e58284e50e2a96e3d1b7c5ed63c9ca828961448d6d0240a7fbb458fd4ae04f42af11fb5a724be40a5ab6cc51eebd1d06cc1bb000e875db0030cc7c28a19f06dd362e774598e9669db5aaa732e589ecd57efebd3e3bbd87e6e8755cf41f97867085cfc0c13249180c5c4b0259c26f0e3a02da75480e52efeaee4a83458268362ee1e305cc3da30c43c7d25f80eba5d5386e08ecc4cb0a5ae4ddc8a7555a92800873676a1dcec504174f2bb2dea5776fbe3e8055d8918bb8589f9dd023a058a8b4fbed59a6cc78ef07bdb8f7b1dc77f1dcdc5583ca5a5dac9c5cff92a561b9ee1d8c7af343e7550c565a766299030a8e431edf48d8cd122ecda6182efe0dba76208af12a5539ed51991ad88cddca65043c0dde225d8602a783de11b636a7624d5002e27a2aed5963b0c40a80162a9449396190dd0c15bbf9fd35808a6921efb066f0924a4fe18f5cc3b008671dff827064e16e1a0589cc2bdff95a7987287955ecf2a8e8184d506ec4be628d93d5dad068ca02567388c536e23e5d36c74e9fa429279c09e29e5164219c81e2167cd01dc4ca5ff739ab6355ba1f0b84db5f2a939fd58e0b3a32a15432d77335eaee2a081699c0c865c03ffebb4c9a1bb041b164bea76b87ac63248bb570f0761c7b6eae686bd9a3f1f42bfc2961da5e11288"}, 0x418, 0x6})
close(r2)
setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000000), 0x4)
ioctl$FS_IOC_GETFSLABEL(r2, 0x541b, &(0x7f0000000100))
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)={0x7c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x5f, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @initial, {}, @value=@ver_80211n={0x0, 0x64, 0x2, 0x0, 0x0, 0x2}}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @val={0x4, 0x6, {0x0, 0x0, 0x1, 0x2000}}, @void, @val={0x5, 0x3}, @val={0x25, 0x3, {0x1, 0x78, 0x9}}, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x1, 0x2, 0xa, 0x60}}, @void}}]}, 0x7c}}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
userfaultfd(0x80801)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x1, {0x1f, 0x19, 0x7, 0x12, 0x3, 0x7, 0x1, 0x58, 0xffffffffffffffff}})
executing program 5:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) (fail_nth: 30)
executing program 5:
ioprio_set$uid(0x3, 0x0, 0x4007)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 30)
executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0xfffffff0}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 6:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e) (async)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r1, 0x40043d14, &(0x7f0000000500)={0x15})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x42, 0x5c})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r5, r4, 0x0) (async)
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
sendmsg$kcm(r6, &(0x7f0000000a40)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)='}!', 0x2}, {&(0x7f0000000340)="f9a0549cf662e946b8f574a2378c21d2b59f99c203d404c92806", 0x1a}, {&(0x7f0000000380)="37295c9d448ae9e58e146a23c1a2c29e3409c78e9f168891b16689a17be4812746e33820a97f302a490149ac613afabab70c2b", 0x33}, {&(0x7f00000010c0)="bf8673f93c9e8e0fcd1df8608b208112f11f0a185d1f021f65a1a48613690bc9d20c5cbc7f40d4c21d3777c508fca4fd3c93c3f8f4d9c4ab4beb62e898b12d1f5f394714ed18cdaa9783802008f4b7eae635901cd25ab35cdc4d96247c3d18d1221a808106ae1fa3a68985f8fa47c076143ca3e58826781e105e261e9adb40b92fe8e7c33fdd21476f33daef386367ef340c3a1d89da4042c96cb303edb91f948e1d9975bcfbef79548e110ba28748974d923720397ff60a3048a0fe5851686bf2ce8ad8ce76a2c46dbd954d80eb7df68450fb9b959f8e2662197966686299015eda6eb5e5394b1bab8cc727023664ec0387905b6151a550d170491b9391ea54dd1eff86b51693c9ec9a05b9fe052d5a28a0c9137dea02178eaceb8f4e4123b60e2043f190efdd69de76c5d5124a48694700f979fbbceca2ef2558f7bf5ddf99104d78d5df3f6b606fbb4190682ef203e214c0942e90a1b255450b2c99fdaf10bcfc2854bc2b80175aa1655e9bcefd2daad45378e70187f2df32d0c0fbc30df592dd89af16ac8528c84c64011323813fc82879564b780a6fc8ad98c91387781d06f928a0592a5399d9cd8d02632ae462312264bf3172191e4ec4d3c41e82e3d870e635252941686f8990261ce522474e905bef9d0cba4af98cf1a8adb787e9241dc22bd84ef1a4b4db89acd10ff2e62b015881d1116956d7a1053a1be9383d7ca4d28d2c38d25322714555641533e5864a4007453faa8a350078bcd86f9e9ef05efda5933c84af454bc5d6472c93cc0c9c9d35ad155192a00712808d64b260d0fbf967821b76a16dca3509901869dd0fc35a4fc1824179661b26c86d03e65ab28a560efc33bda06ecf4ea5964c1a0fa02fc7158573bf4be5b8fe2878c8a798d03a0791d3b9bbc3a42a57f8d8bda0c0498956d67e89da57d1142a35fcb34043e0790f3d666e1922a1f249cea1bdcb725e539615fbfa0c862fe670f20a407cfc077db1a36b6e5016bfa7d3bcce0bdef8f81514cbbe4ba26079cdb0aec0f726dc7636771e2f7b2e01ba2c66e1e1111e771d3158dfb4b28f336d218f8c998b2f8775489ace3dcc01e3aa66b310dda331d08a0edbf3c7ac2edc836a1244adb67d9fd755d519d6bbe26ef7f396c63dc3ed94234159983a33caab125ec52c3faac6942ae70a521ae6606d3d2ccf3a83c4c89e64578b54c8d4c1c672de13519d2103bdbb2ec3e104d7150a660120e0c67231408352536a8be735d52e1bbbdef4d76fd11dc173b9a5745128295c7ed43ac31011e0d033818c90a55eb3ca834eb7369c39d197012cb5bdf53bc68c55bb9d2ba64426f439a46cf710cb78e6fe76679e6ddb2f5a7bebd2267a23e0d04cce8dd83eaaa7dbd12a8a6cf543f5f27794b89118d38bd59fc4e26ad1ca28c531b1c2e47965a49eafcd6aa8859dca68c52ff469893c7d1759f838de06280c3bae92f0c46f92b897ad5affb0e61f316f3a772f5f860a407043011c08149d6614902e29d0fdcb2f334473269006dbfbe99c437ec4ad12b2e66c32e72cd77f879b0a963c3191f2958369dc64843d380e4367ea23bc01444236e5b88c9b28e338b7337867d1078a08fc350821af624b0adfbdf8506411229e80f8e6a610977b20f4f1030b87a47c6dbaf621cef706f2303cdd0b38ed24e00cd937b69d03311228e9d313672113acfc2ce6c3aff6375b56ed54c3bf848558ce7c0236d82a987f9bc68c94c282ad0d0bf76f005f917160dbdff9c59635710ee4ae6ca4e346309a6e4ceb50515852625ce2ac1d4dbcc1a2df53fa2e65022759deb4dc163b83ca2690143666edbfdbe78f142c54f24564350f7d2db9d26cc0770f693b19c950c6a6c7052c08820d587f1f543b024dbe688d6b17c351264fac7302a65174ee5492c10861ca7d559d3ccb430ac621e5766044a01728a4216bb9063b3051a7a96567e89ec253448e558c8b521e29ac64bb77ab4e4bfce12ee470dfdfdd150cc4031e593ea1a6fabc3ef93464f819321970bcaadae62130add21bcf64780d11072f64441eff7660cf018b8837972eff8b5ecaa4f03c3a71356adfcfdabf0eea9bc4009e5c76cd1b35f0c508ab21e68e1d0effc69a56a5806c3253cbcf7eb01575b1b99bbc59b33489a64651de1830f93488a4e464f19ba287ee9124f95e0e61db43f8882f350f97590b464e4e1859480e4b4f420d8e8a9e045a9a0b420bfffe7b6d6945065c4bbb9110166752e094c686be94bc983e99e49a9be1e455bf181d6c1e8991529dc985359fb55112b173bc1c74f15d29cd91bee6ded9b9e29d02feffeb9f6c7f4fa9186891fd719ee98b50578f859957d93982a31560cdfc961f45b57859dec0df7925b12bb09f1224503c9dcbdf1942dae424bf6950ab1bd02b015ff1ef4346e57d5d623fc4b152ce5471964567738785e99a1dd146cebe1d50ba9ab341025c24b4a1423df4e8cb10c82f9afd0f0b7d196f1e7f47136489a3088d9eb58920bb8c5ab00811afc186c59f7f0c7ca3e9d79965ec21ad87532a16cecdfc669bcdcd380502c49b9a8d50df21bd58139e4e7584f8ce1cdf6315cb504e3173a6caea099a234d20b268a602b20c5e90edcd45240022e2f0031efb15bf84770db7590209838feb3cedfd3ec601dc66da2ec168e54dcb2e885df99405eec8af40e69b82725f337f7dc2c669cd0ef1f5446421afeaad087c8528090cdbda0254a11e354c9e83e2bc90fc947f2138986c031e06c5f58330a0755d9fb24664983f90308ce77a0d583ac1fb3494b5e1f11077bf35905a6e899ec91b46ffe2a375fdd6fe2d0635dbc978f0a95c99ece8c9b476125e904e5805e386b21cd4c5e11d8d33b8574eac23132b5c787c775ca2d622fd5a5f6306ddbd088223e0143993d7a7ae70c1c2e94efa35edac35bfea5816592bc60a8c0907a93a6da36a754d5ecabc8258b1fac5439f2ebfe1e80e37b2df6c3f736d6541af1a907f747e3725b2c781104a88899fd834ab893754fd1346b8b900b29bbdf4a42616dacd11f69dd562b8a9d3b6f09df4e52539cfac47ac5f37d6fb8f29a811fcfe38d918cd0974cd0d6d63aea9280c35689a8d9c905ced6fa0881335dacd8b38687c5772e0e93f3a56058b8caf5962bf0866402baeb164b921b5b3828db5b50ccb3f189bb41631b8e0f1fc172cb5df0487f130c78de4e86df4cd8c5b9785df6e5e6d8d5076592f0c2d7e2dcff11f6fc87db70f37522ff8161dba5812d19a299148d294ad23974888a33513ed9ea548843a204746d532e28e046ded15e44847d3e91706347af4dc3b13b10c6dc966b1bea9eb78618b3585168e64ba92642e1434611f75d24571b23f3f7d21c99328f19b5f22a22f3504fdc531d3feb334602304c45558118a7f14e213b51f9c7f68f6f9a7ebb1745b62d6be93bbcc47212b7595c201049de47797fb91aa7cc67a3342354a1feb41bfd0bb802c9d5a30f3ce282e18589dac97a61b71e7ae406c38e3511a24a46954b1a7ea1ba031344cf595a62eed90c439bfb4a02c69619c4f040015e88b4901de05822523ad24551ec71662e8800c1a39d468bfeac295ebc1a73608c22bef6a21d09892c879319c3395e7a2a068f314aee998949156adeae5fa4ca781cb0acec941d9783a991bf4497df914d123043b8d46b7d5588cda6b1a1c1924114bd9c163cd67dca6ef8ac46bfd17bfb6a2309e94355116a2a4c11c11e010522860be97f14aa21388623cd8802c9a06afa3e24682436f97d46ce044bf751dae1d3ab2018ed075d82a3c3e7b2a288970a033148e1ce9a9c1a07b15137d42e76f14c482e2edab1b297668d11ee92cbce25dc5ca936979e48383023ce7e2ba92a75cdaa290f2a9abecd42be860db2a2c887831fe727b4b4e7c4dd44a04ea3d93898b54266070806c13d70265f1c5f715fd13216562cfe7794f329011d2ff46d34cca820da8aa96c1d86073d5cbc68f326e713e82624b0a0fd2e8ce04be4c8cf7a6aa07a91ec35f4e52b5460a2f789aaf5872c0e4a582df7291582b963220ff5dfd9bc353cbc9722e24c9251836039ffb88827fd82938bcfd7309251d5ab68a6de03d6eb167f0c42e68335dfdd4eeab0aa29afbf56bbb89922ab6bd762a7726751e41cfeb291bb425fd9b425af52808bdf0973440e77c82adb0ecdc48ab4591d947198cab761a516fc04f0535a778ac561bd1333954285e5e5b68f4899ab2121e58428067f9c96d76a9b55600ef1b43dd976cb233b31a71be8dff894b84df4321252f64e373cedd210d0f08a0922616b3294c8d59c344e71868a5827f2b6bf93a4a47320ca7219fa3fa7cd0ea41c6cd6f02642320b94051b133bf0eb34204a9e14d9316a8d713f2f52b731a0251b3e23325943bcce2de77007abb16e2593378af98e4bcc2c2aa0505963f7d80b4fa3661457ea8de8d9f313119e65f11dade39a8beb372eaf9fad04fc5ec3bc251ef9d2d0d4930835f508858bfbfe147e2ce3a528c6ea4c9beac9501ccc4d2b2bfa7703a4741450b796fd28a7d8975ae7512422ccf3b71f6a3b4e35e53a076a0b4a95d5090e9492a40ac6c6811641122468888ff7e7c8fcb2b9fca71e6bea5cd0ac74c18cdfc24c6ea3c38044b16959bc06538f1fbd11fb3c183904ae9c93e0576ac68b4c25944f3ff5c779ec288241c1ed40d85c7edce70466f60108fd076a0685728db971011c67520062226fcb8b8cdfc5974cbdd06b31263eb3d865ea86e8f6d31315a7f91882422626e4200bd1eed8f466cbf79bb9c3c634a8bd77d2007a8514976c3b94a1e91aa24553826504f7fface832cc88b508923600a918dbc2bd76a11a81afd36d4350409a33794f1f90edde644d815f24f46bf9fda0e05c910c07c7d93c54d524a4c9e1f2659f85a04d2be056dd60b9510d4eb9ef753a3a2acb1150dcaaf4f139b2e60b1576878bdd0563f163d8efe9ab01b05dad49c6f61e511f2932b997a71fb87b431f528a434cf44313d6b599ce74de29e62369f8e708bc4c82229893012063044304036c512ea4a0786b0cd4e05bb0d51cb38eec8bdcc94cb2b2956fb262398a4cebc79845a11527a75801e18780b8fe297afd77dfda8d410d9f0e07d10bace8422783d0faa2c4ed28f5761be62045701446f7e4ba04f44034270b84cd27fe0247cb2305afc4c73a18b94bdf5c5f140314d1ed1081192164d69d0e750e84590dad594caa041fe2f814c5e3b30a50de827f93516519643adf0110cd813e1d42dbebf199624e72344392c1578820f14f551a3b566d7780eff09204aeb7ee923b0061db8ddb3b47d8aeabdcc7e21390d95feaf7743a43a0ebff46c2486bf81fa01a35e9a947db743b44b451f993e432fa81cb6febafa56f377b46b84ad9ea760bdb529dfc0153ce59d06f5f264fa26b6ba14a384e1ac66c793a7581799177946687ab9dd9cffeb04551dcaaaa5e6c752c26315b47a1e5164d89f92437c42df6248c8e6e2c66d18be0d0c02d5c2ff31d23d5fce0b427b1520d9b68651b0a6b16261cf9f07f8a367bf2451890a5d87bc19ef41350b83a7fb65a49b7d23a5cfbb3b114653731b89c1de8e6fc235adee04faa97b175bf3720ed06c60b3a7ddcdb9c9304a963c35d37083d2f45dd08693af1e3878499797b62c8f748eafefcfc2a0a1bf1aa6dbdcb726f809cd8c4d1277cf73471110af469ade8ce89b93d7c9b4f56f119fa1e70b359d49eca5384439780ec8baa17e6c9f5d8e77c031df0b6ceb898fcdc74310f714ff29b27c22429043af7b4c5cac7c8362c1eefaabd1a441789554176c6b0cfd", 0x1000}, {&(0x7f0000000400)="06aae4e71534c8944b434f564cfee4fcf7e849642416e14f06f4593e59aeee9696160becdf6490c101aafe867036f8dc8630368c05d50662166ea004d155655f285f66549fb662bfb32d078ecfb670fc8a4f7adf0683ab55bdbdfdae90ddb84edf1a1c9b3b1dda4b1da8f62bf0193295ef675fa3b3bea9d27ecbf4556b9d9f5ca3fbb7156540d210cb74ba1587d623b4871564151c59129042b42b7af29403a030ff226de594b3e1d20d3977e4ed493d46729e749dfabd5f4d1da5db4f", 0xbd}, {&(0x7f00000004c0)="0d34face086fc2dd970bd4b839", 0xd}], 0x6}, 0x40005) (async)
sendmsg$kcm(r6, &(0x7f0000000a40)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)='}!', 0x2}, {&(0x7f0000000340)="f9a0549cf662e946b8f574a2378c21d2b59f99c203d404c92806", 0x1a}, {&(0x7f0000000380)="37295c9d448ae9e58e146a23c1a2c29e3409c78e9f168891b16689a17be4812746e33820a97f302a490149ac613afabab70c2b", 0x33}, {&(0x7f00000010c0)="bf8673f93c9e8e0fcd1df8608b208112f11f0a185d1f021f65a1a48613690bc9d20c5cbc7f40d4c21d3777c508fca4fd3c93c3f8f4d9c4ab4beb62e898b12d1f5f394714ed18cdaa9783802008f4b7eae635901cd25ab35cdc4d96247c3d18d1221a808106ae1fa3a68985f8fa47c076143ca3e58826781e105e261e9adb40b92fe8e7c33fdd21476f33daef386367ef340c3a1d89da4042c96cb303edb91f948e1d9975bcfbef79548e110ba28748974d923720397ff60a3048a0fe5851686bf2ce8ad8ce76a2c46dbd954d80eb7df68450fb9b959f8e2662197966686299015eda6eb5e5394b1bab8cc727023664ec0387905b6151a550d170491b9391ea54dd1eff86b51693c9ec9a05b9fe052d5a28a0c9137dea02178eaceb8f4e4123b60e2043f190efdd69de76c5d5124a48694700f979fbbceca2ef2558f7bf5ddf99104d78d5df3f6b606fbb4190682ef203e214c0942e90a1b255450b2c99fdaf10bcfc2854bc2b80175aa1655e9bcefd2daad45378e70187f2df32d0c0fbc30df592dd89af16ac8528c84c64011323813fc82879564b780a6fc8ad98c91387781d06f928a0592a5399d9cd8d02632ae462312264bf3172191e4ec4d3c41e82e3d870e635252941686f8990261ce522474e905bef9d0cba4af98cf1a8adb787e9241dc22bd84ef1a4b4db89acd10ff2e62b015881d1116956d7a1053a1be9383d7ca4d28d2c38d25322714555641533e5864a4007453faa8a350078bcd86f9e9ef05efda5933c84af454bc5d6472c93cc0c9c9d35ad155192a00712808d64b260d0fbf967821b76a16dca3509901869dd0fc35a4fc1824179661b26c86d03e65ab28a560efc33bda06ecf4ea5964c1a0fa02fc7158573bf4be5b8fe2878c8a798d03a0791d3b9bbc3a42a57f8d8bda0c0498956d67e89da57d1142a35fcb34043e0790f3d666e1922a1f249cea1bdcb725e539615fbfa0c862fe670f20a407cfc077db1a36b6e5016bfa7d3bcce0bdef8f81514cbbe4ba26079cdb0aec0f726dc7636771e2f7b2e01ba2c66e1e1111e771d3158dfb4b28f336d218f8c998b2f8775489ace3dcc01e3aa66b310dda331d08a0edbf3c7ac2edc836a1244adb67d9fd755d519d6bbe26ef7f396c63dc3ed94234159983a33caab125ec52c3faac6942ae70a521ae6606d3d2ccf3a83c4c89e64578b54c8d4c1c672de13519d2103bdbb2ec3e104d7150a660120e0c67231408352536a8be735d52e1bbbdef4d76fd11dc173b9a5745128295c7ed43ac31011e0d033818c90a55eb3ca834eb7369c39d197012cb5bdf53bc68c55bb9d2ba64426f439a46cf710cb78e6fe76679e6ddb2f5a7bebd2267a23e0d04cce8dd83eaaa7dbd12a8a6cf543f5f27794b89118d38bd59fc4e26ad1ca28c531b1c2e47965a49eafcd6aa8859dca68c52ff469893c7d1759f838de06280c3bae92f0c46f92b897ad5affb0e61f316f3a772f5f860a407043011c08149d6614902e29d0fdcb2f334473269006dbfbe99c437ec4ad12b2e66c32e72cd77f879b0a963c3191f2958369dc64843d380e4367ea23bc01444236e5b88c9b28e338b7337867d1078a08fc350821af624b0adfbdf8506411229e80f8e6a610977b20f4f1030b87a47c6dbaf621cef706f2303cdd0b38ed24e00cd937b69d03311228e9d313672113acfc2ce6c3aff6375b56ed54c3bf848558ce7c0236d82a987f9bc68c94c282ad0d0bf76f005f917160dbdff9c59635710ee4ae6ca4e346309a6e4ceb50515852625ce2ac1d4dbcc1a2df53fa2e65022759deb4dc163b83ca2690143666edbfdbe78f142c54f24564350f7d2db9d26cc0770f693b19c950c6a6c7052c08820d587f1f543b024dbe688d6b17c351264fac7302a65174ee5492c10861ca7d559d3ccb430ac621e5766044a01728a4216bb9063b3051a7a96567e89ec253448e558c8b521e29ac64bb77ab4e4bfce12ee470dfdfdd150cc4031e593ea1a6fabc3ef93464f819321970bcaadae62130add21bcf64780d11072f64441eff7660cf018b8837972eff8b5ecaa4f03c3a71356adfcfdabf0eea9bc4009e5c76cd1b35f0c508ab21e68e1d0effc69a56a5806c3253cbcf7eb01575b1b99bbc59b33489a64651de1830f93488a4e464f19ba287ee9124f95e0e61db43f8882f350f97590b464e4e1859480e4b4f420d8e8a9e045a9a0b420bfffe7b6d6945065c4bbb9110166752e094c686be94bc983e99e49a9be1e455bf181d6c1e8991529dc985359fb55112b173bc1c74f15d29cd91bee6ded9b9e29d02feffeb9f6c7f4fa9186891fd719ee98b50578f859957d93982a31560cdfc961f45b57859dec0df7925b12bb09f1224503c9dcbdf1942dae424bf6950ab1bd02b015ff1ef4346e57d5d623fc4b152ce5471964567738785e99a1dd146cebe1d50ba9ab341025c24b4a1423df4e8cb10c82f9afd0f0b7d196f1e7f47136489a3088d9eb58920bb8c5ab00811afc186c59f7f0c7ca3e9d79965ec21ad87532a16cecdfc669bcdcd380502c49b9a8d50df21bd58139e4e7584f8ce1cdf6315cb504e3173a6caea099a234d20b268a602b20c5e90edcd45240022e2f0031efb15bf84770db7590209838feb3cedfd3ec601dc66da2ec168e54dcb2e885df99405eec8af40e69b82725f337f7dc2c669cd0ef1f5446421afeaad087c8528090cdbda0254a11e354c9e83e2bc90fc947f2138986c031e06c5f58330a0755d9fb24664983f90308ce77a0d583ac1fb3494b5e1f11077bf35905a6e899ec91b46ffe2a375fdd6fe2d0635dbc978f0a95c99ece8c9b476125e904e5805e386b21cd4c5e11d8d33b8574eac23132b5c787c775ca2d622fd5a5f6306ddbd088223e0143993d7a7ae70c1c2e94efa35edac35bfea5816592bc60a8c0907a93a6da36a754d5ecabc8258b1fac5439f2ebfe1e80e37b2df6c3f736d6541af1a907f747e3725b2c781104a88899fd834ab893754fd1346b8b900b29bbdf4a42616dacd11f69dd562b8a9d3b6f09df4e52539cfac47ac5f37d6fb8f29a811fcfe38d918cd0974cd0d6d63aea9280c35689a8d9c905ced6fa0881335dacd8b38687c5772e0e93f3a56058b8caf5962bf0866402baeb164b921b5b3828db5b50ccb3f189bb41631b8e0f1fc172cb5df0487f130c78de4e86df4cd8c5b9785df6e5e6d8d5076592f0c2d7e2dcff11f6fc87db70f37522ff8161dba5812d19a299148d294ad23974888a33513ed9ea548843a204746d532e28e046ded15e44847d3e91706347af4dc3b13b10c6dc966b1bea9eb78618b3585168e64ba92642e1434611f75d24571b23f3f7d21c99328f19b5f22a22f3504fdc531d3feb334602304c45558118a7f14e213b51f9c7f68f6f9a7ebb1745b62d6be93bbcc47212b7595c201049de47797fb91aa7cc67a3342354a1feb41bfd0bb802c9d5a30f3ce282e18589dac97a61b71e7ae406c38e3511a24a46954b1a7ea1ba031344cf595a62eed90c439bfb4a02c69619c4f040015e88b4901de05822523ad24551ec71662e8800c1a39d468bfeac295ebc1a73608c22bef6a21d09892c879319c3395e7a2a068f314aee998949156adeae5fa4ca781cb0acec941d9783a991bf4497df914d123043b8d46b7d5588cda6b1a1c1924114bd9c163cd67dca6ef8ac46bfd17bfb6a2309e94355116a2a4c11c11e010522860be97f14aa21388623cd8802c9a06afa3e24682436f97d46ce044bf751dae1d3ab2018ed075d82a3c3e7b2a288970a033148e1ce9a9c1a07b15137d42e76f14c482e2edab1b297668d11ee92cbce25dc5ca936979e48383023ce7e2ba92a75cdaa290f2a9abecd42be860db2a2c887831fe727b4b4e7c4dd44a04ea3d93898b54266070806c13d70265f1c5f715fd13216562cfe7794f329011d2ff46d34cca820da8aa96c1d86073d5cbc68f326e713e82624b0a0fd2e8ce04be4c8cf7a6aa07a91ec35f4e52b5460a2f789aaf5872c0e4a582df7291582b963220ff5dfd9bc353cbc9722e24c9251836039ffb88827fd82938bcfd7309251d5ab68a6de03d6eb167f0c42e68335dfdd4eeab0aa29afbf56bbb89922ab6bd762a7726751e41cfeb291bb425fd9b425af52808bdf0973440e77c82adb0ecdc48ab4591d947198cab761a516fc04f0535a778ac561bd1333954285e5e5b68f4899ab2121e58428067f9c96d76a9b55600ef1b43dd976cb233b31a71be8dff894b84df4321252f64e373cedd210d0f08a0922616b3294c8d59c344e71868a5827f2b6bf93a4a47320ca7219fa3fa7cd0ea41c6cd6f02642320b94051b133bf0eb34204a9e14d9316a8d713f2f52b731a0251b3e23325943bcce2de77007abb16e2593378af98e4bcc2c2aa0505963f7d80b4fa3661457ea8de8d9f313119e65f11dade39a8beb372eaf9fad04fc5ec3bc251ef9d2d0d4930835f508858bfbfe147e2ce3a528c6ea4c9beac9501ccc4d2b2bfa7703a4741450b796fd28a7d8975ae7512422ccf3b71f6a3b4e35e53a076a0b4a95d5090e9492a40ac6c6811641122468888ff7e7c8fcb2b9fca71e6bea5cd0ac74c18cdfc24c6ea3c38044b16959bc06538f1fbd11fb3c183904ae9c93e0576ac68b4c25944f3ff5c779ec288241c1ed40d85c7edce70466f60108fd076a0685728db971011c67520062226fcb8b8cdfc5974cbdd06b31263eb3d865ea86e8f6d31315a7f91882422626e4200bd1eed8f466cbf79bb9c3c634a8bd77d2007a8514976c3b94a1e91aa24553826504f7fface832cc88b508923600a918dbc2bd76a11a81afd36d4350409a33794f1f90edde644d815f24f46bf9fda0e05c910c07c7d93c54d524a4c9e1f2659f85a04d2be056dd60b9510d4eb9ef753a3a2acb1150dcaaf4f139b2e60b1576878bdd0563f163d8efe9ab01b05dad49c6f61e511f2932b997a71fb87b431f528a434cf44313d6b599ce74de29e62369f8e708bc4c82229893012063044304036c512ea4a0786b0cd4e05bb0d51cb38eec8bdcc94cb2b2956fb262398a4cebc79845a11527a75801e18780b8fe297afd77dfda8d410d9f0e07d10bace8422783d0faa2c4ed28f5761be62045701446f7e4ba04f44034270b84cd27fe0247cb2305afc4c73a18b94bdf5c5f140314d1ed1081192164d69d0e750e84590dad594caa041fe2f814c5e3b30a50de827f93516519643adf0110cd813e1d42dbebf199624e72344392c1578820f14f551a3b566d7780eff09204aeb7ee923b0061db8ddb3b47d8aeabdcc7e21390d95feaf7743a43a0ebff46c2486bf81fa01a35e9a947db743b44b451f993e432fa81cb6febafa56f377b46b84ad9ea760bdb529dfc0153ce59d06f5f264fa26b6ba14a384e1ac66c793a7581799177946687ab9dd9cffeb04551dcaaaa5e6c752c26315b47a1e5164d89f92437c42df6248c8e6e2c66d18be0d0c02d5c2ff31d23d5fce0b427b1520d9b68651b0a6b16261cf9f07f8a367bf2451890a5d87bc19ef41350b83a7fb65a49b7d23a5cfbb3b114653731b89c1de8e6fc235adee04faa97b175bf3720ed06c60b3a7ddcdb9c9304a963c35d37083d2f45dd08693af1e3878499797b62c8f748eafefcfc2a0a1bf1aa6dbdcb726f809cd8c4d1277cf73471110af469ade8ce89b93d7c9b4f56f119fa1e70b359d49eca5384439780ec8baa17e6c9f5d8e77c031df0b6ceb898fcdc74310f714ff29b27c22429043af7b4c5cac7c8362c1eefaabd1a441789554176c6b0cfd", 0x1000}, {&(0x7f0000000400)="06aae4e71534c8944b434f564cfee4fcf7e849642416e14f06f4593e59aeee9696160becdf6490c101aafe867036f8dc8630368c05d50662166ea004d155655f285f66549fb662bfb32d078ecfb670fc8a4f7adf0683ab55bdbdfdae90ddb84edf1a1c9b3b1dda4b1da8f62bf0193295ef675fa3b3bea9d27ecbf4556b9d9f5ca3fbb7156540d210cb74ba1587d623b4871564151c59129042b42b7af29403a030ff226de594b3e1d20d3977e4ed493d46729e749dfabd5f4d1da5db4f", 0xbd}, {&(0x7f00000004c0)="0d34face086fc2dd970bd4b839", 0xd}], 0x6}, 0x40005)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000080)=0x4b0ffc84, 0x4)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000180)={[{@subsystem='hugetlb'}, {@cpuset_v2_mode}, {@subsystem='cpuacct'}, {@xattr}]}) (async)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000180)={[{@subsystem='hugetlb'}, {@cpuset_v2_mode}, {@subsystem='cpuacct'}, {@xattr}]})
r7 = getpid()
syz_pidfd_open(r7, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_PRIORITY={0x8, 0x1e, 0x400}]}, 0x24}}, 0x0) (async)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_PRIORITY={0x8, 0x1e, 0x400}]}, 0x24}}, 0x0)
r9 = getpid()
sched_setscheduler(r9, 0x2, 0x0) (async)
sched_setscheduler(r9, 0x2, 0x0)
setpgid(r7, r9)
sendmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)
executing program 6:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x104000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 5:
clock_gettime(0x2, &(0x7f0000000000))
executing program 6:
syz_init_net_socket$llc(0x1a, 0x805, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa20d1000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
executing program 5:
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x20d0800, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x111202, 0x0)
r2 = io_uring_setup(0x57cb, &(0x7f00000000c0)={0x0, 0xcff1, 0x400, 0x3, 0x1ef})
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000140)={0x401, 0xffffffffffffffff, 0x0, {0x8, 0xb}, 0xfb}, 0x1)
r3 = socket$inet(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={'wg2\x00', {0x2, 0x4e23, @remote}})
ioctl$SNDCTL_MIDI_PRETIME(r1, 0xc0046d00, &(0x7f0000000240)=0x1)
executing program 6:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0xb00, 0xffffffffffffffff, 0x0, 0x0)
executing program 6:
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) (fail_nth: 31)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000804)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac14", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005", @ANYRESDEC=r2], 0x48}, 0x1, 0x0, 0x0, 0xe4601ac1dea65316}, 0x0)
r3 = dup(r2)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r3, 0x3)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 13, 30, 20, 30, 10, 12, 12, 6, 30, 3, 29, 2, 2, 2, 23, 2, 16, 2, 9, 16]
detailed listing:
executing program 34:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='6\x00\x00', @ANYRES32], 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xfff3}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x80, 0x4b6, 0x401, 0x0, 0x12, 0xfffffff8}}, {0x4}}]}]}, 0x48}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="090000000300000004000100", @ANYRES32, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 2:
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c643c, &(0x7f0000000300))
mount$9p_virtio(0x0, 0x0, 0x0, 0x14403, 0x0)
close(r1)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0xffffffac, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002600)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="a132", 0x2}], 0x1}}], 0x1, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/206, 0xce, 0x0, 0x0}, &(0x7f0000000540)=0x40)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f00000003c0)={0x28, 0x0, 0x2710, @host}, 0x10)
executing program 2:
r0 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)) (async, rerun: 64)
fchdir(r1) (async, rerun: 64)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) (async, rerun: 32)
sendmmsg$inet(r2, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) (async, rerun: 32)
bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x4eb0, 0x10100, 0x1}, &(0x7f0000000480), &(0x7f0000000040)=<r4=>0x0) (async)
syz_io_uring_setup(0x7b9c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000000340)=<r5=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) (async, rerun: 32)
io_uring_enter(r3, 0x48e9, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r7, 0xc0045516, &(0x7f0000000b00)=0x7) (async)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000080)=0x3ff)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000180)=0xef) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (rerun: 64)
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000100)=0x5) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r9, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r10, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') (async, rerun: 64)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x410002, 0x11, 0xb}, 0x18) (async, rerun: 64)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
executing program 2:
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
lseek(r0, 0x9, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f00000001c0)='\x00', 0xfe3d, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0xfd, 0xfe, 0x0, 0x0, 0x5, 0x8b, 0x0, 0x0, 0x80, 0x0, 0x0, 0xfc, 0x3}, 0xe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x14, 0x22, 0x1, 0xfffffffc, 0xfffffffc, {0x2}}, 0x14}, 0x1, 0x0, 0xfcffffff}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg$unix(r3, 0x0, 0x2)
setsockopt$sock_attach_bpf(r3, 0x1, 0x23, &(0x7f0000000000), 0x4)
sendmsg$inet(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180)=0x6, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe1, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x30, 0x0, 0x415e01c18bc11981, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x8, 0x10}, {0x7f, 0x3}, {0xfa, 0x2}, {0xd8, 0x3}], "fd0ee3f6bd3284a7"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x40000a0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00')
read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="03", 0x1, 0x24008844, &(0x7f0000000040)={0xa, 0x2, 0x398, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bic\x00', 0x4)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xb, 0x8000000000002})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$P9_RGETLOCK(r7, &(0x7f00000002c0)=ANY=[], 0x200002e6)
fcntl$setpipe(r7, 0x407, 0x7000000)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r3, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x0, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0x0, r5, r6, 0x2e1, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r8, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r8, r3)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r9 = landlock_create_ruleset(&(0x7f00000000c0)={0x1400, 0x1, 0x2}, 0x18, 0x4)
landlock_restrict_self(r9, 0x0)
r10 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs2/binder1\x00', 0x800, 0x0)
dup3(r2, r1, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x50, 0x24, 0xf0b, 0x2, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xffff}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x8}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x6}]}}]}, 0x50}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x68, 0x2, 0x9, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFCTH_TUPLE={0x1c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @NFCTH_STATUS={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x5}, 0x800)
r4 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f0000000080)={0x0, 0x6})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2d, 0x100, 0x72bd26, 0x25dfdbfc, {0x6}, [@nested={0x4, 0xd}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x0)
executing program 2:
socket(0x10, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000c, 0x31, 0xffffffffffffffff, 0x80000000)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
executing program 35:
socket(0x10, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000c, 0x31, 0xffffffffffffffff, 0x80000000)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
executing program 7:
ioprio_set$uid(0x3, 0x0, 0x4007)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 15)
executing program 7:
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="1700000056"], 0x1c}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7fff, 0xf3})
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000000)="1201b9000000", 0x0, 0x0, 0x1, 0x0, 0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$AUDIT_GET_FEATURE(r5, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4040}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x10, 0x3fb, 0x2, 0x70bd27, 0x25dfdbfc, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000480), 0xffffffffffffffff)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
signalfd(r1, &(0x7f00000004c0)={[0x200]}, 0x8)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000ac0)={'wpan1\x00', <r10=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x50, r8, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_DEVKEY={0x2c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x57}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x50}, 0x1, 0x0, 0x0, 0x10040}, 0x4)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r8, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4040090)
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@random="8580f83288e1", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x1, 0x5, 0x1c, 0x67, 0x0, 0x2, 0x2, 0x0, @private=0xa010102, @broadcast}, {0x11, 0x81, 0x0, @remote}}}}}, 0x0)
bind$can_j1939(r5, &(0x7f0000000380)={0x1d, r6, 0x2, {0x1, 0x0, 0x3}, 0xfd}, 0x18)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_CHANNEL(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r12, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r13}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20008080}, 0x20000000)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r9)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, 0xc0c1}, 0x840)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000004100), r3)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000440)={0x1, 0x0, [{0x2ee, 0x0, 0x8000000000000000}]})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0x7000000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0xa1ffffffffffffff, 0x0, 0x840}, 0x0)
executing program 7:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 36:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 8:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private0, 0x1, 0x0, 0x1, 0x0, 0xffff, 0x6}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0x8}})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0), 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20020, &(0x7f0000000240)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB="2c00570d9431f9d867dad023a4b66eaca765a7be2827b0b9f4fa47fc9f32070000b1928ec9621965e68ff46f3b2e94ccfde49466450600582631ec3f3baf3c3a6dd0a2bd44"])
listen(r2, 0x0)
r4 = gettid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000080027bd7000fbdbdf25cf21b417", @ANYRES32=0x0, @ANYBLOB="00000000234000001400030076657468305f766972745f776966690008001300", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="7472616e0f0066642c7266646e6f3d7f1c1f68a431d45c9f777392b537a941bcff6e3edf073bca5255ecdd597f2303e16475676951419216b1fc0a62010b00f5f4c7a335e4c13c1cbe26d70443c97773d9a1d66d7094dbfe614e3e964dbc96c44cbe79c8c0686acdf73a95a1ec23135910731eddf572d4b60759c5932c4c7f8c04a1d4dc6dadbdbbc7d895050000003b904591c7a4c81e", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',\x00'])
executing program 8:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x1100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 8:
ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, 0x0)
openat$kvm(0x0, 0x0, 0x2382, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa4, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002680)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xfff2, 0xa}, {0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syslog(0x9, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syslog(0x3, 0x0, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa07, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
executing program 8:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c00010000ffffff9e00000007", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 8:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000011c0)='./file0\x00', &(0x7f00000004c0), 0x1440b, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: global-out-of-bounds Read in fib6_add
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <20>
bisect: split chunk #0 of len 20 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 29, 2, 2, 2, 23, 2, 16, 2, 9, 16]
detailed listing:
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0x7000000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0xa1ffffffffffffff, 0x0, 0x840}, 0x0)
executing program 7:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 36:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 8:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private0, 0x1, 0x0, 0x1, 0x0, 0xffff, 0x6}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0x8}})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0), 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20020, &(0x7f0000000240)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB="2c00570d9431f9d867dad023a4b66eaca765a7be2827b0b9f4fa47fc9f32070000b1928ec9621965e68ff46f3b2e94ccfde49466450600582631ec3f3baf3c3a6dd0a2bd44"])
listen(r2, 0x0)
r4 = gettid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000080027bd7000fbdbdf25cf21b417", @ANYRES32=0x0, @ANYBLOB="00000000234000001400030076657468305f766972745f776966690008001300", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="7472616e0f0066642c7266646e6f3d7f1c1f68a431d45c9f777392b537a941bcff6e3edf073bca5255ecdd597f2303e16475676951419216b1fc0a62010b00f5f4c7a335e4c13c1cbe26d70443c97773d9a1d66d7094dbfe614e3e964dbc96c44cbe79c8c0686acdf73a95a1ec23135910731eddf572d4b60759c5932c4c7f8c04a1d4dc6dadbdbbc7d895050000003b904591c7a4c81e", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',\x00'])
executing program 8:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x1100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 8:
ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, 0x0)
openat$kvm(0x0, 0x0, 0x2382, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa4, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002680)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xfff2, 0xa}, {0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syslog(0x9, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syslog(0x3, 0x0, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa07, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
executing program 8:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c00010000ffffff9e00000007", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 8:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000011c0)='./file0\x00', &(0x7f00000004c0), 0x1440b, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <10>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [23, 2, 16, 2, 9, 16]
detailed listing:
executing program 8:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private0, 0x1, 0x0, 0x1, 0x0, 0xffff, 0x6}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0x8}})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0), 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20020, &(0x7f0000000240)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB="2c00570d9431f9d867dad023a4b66eaca765a7be2827b0b9f4fa47fc9f32070000b1928ec9621965e68ff46f3b2e94ccfde49466450600582631ec3f3baf3c3a6dd0a2bd44"])
listen(r2, 0x0)
r4 = gettid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000080027bd7000fbdbdf25cf21b417", @ANYRES32=0x0, @ANYBLOB="00000000234000001400030076657468305f766972745f776966690008001300", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="7472616e0f0066642c7266646e6f3d7f1c1f68a431d45c9f777392b537a941bcff6e3edf073bca5255ecdd597f2303e16475676951419216b1fc0a62010b00f5f4c7a335e4c13c1cbe26d70443c97773d9a1d66d7094dbfe614e3e964dbc96c44cbe79c8c0686acdf73a95a1ec23135910731eddf572d4b60759c5932c4c7f8c04a1d4dc6dadbdbbc7d895050000003b904591c7a4c81e", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',\x00'])
executing program 8:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x1100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
executing program 8:
ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, 0x0)
openat$kvm(0x0, 0x0, 0x2382, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa4, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002680)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xfff2, 0xa}, {0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syslog(0x9, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syslog(0x3, 0x0, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa07, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
executing program 8:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c00010000ffffff9e00000007", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 8:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000011c0)='./file0\x00', &(0x7f00000004c0), 0x1440b, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 29, 2, 2, 2, 16]
detailed listing:
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0x7000000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0xa1ffffffffffffff, 0x0, 0x840}, 0x0)
executing program 7:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 36:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <5>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 16]
detailed listing:
executing program 7:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 36:
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) (fail_nth: 2)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 29, 2, 16]
detailed listing:
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0x7000000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0xa1ffffffffffffff, 0x0, 0x840}, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 16]
detailed listing:
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}]}}}]}, 0x3c}, 0x1, 0xa1ffffffffffffff, 0x0, 0x840}, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 29, 16]
detailed listing:
executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xfffff7e8, 0x0, 0x7000000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 16]
detailed listing:
executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000002c0)={r8, r9})
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [28, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
close_range(r8, r1, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="eb0f90fdfb49e6e98a361d1bccfc05a5", 0x10)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x6, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xb, 0xa, 0x9, 0xfffffffffffffffe, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x1, 0xd, 0x101}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000100)=[0xffffffffffffffff, r0, r0], &(0x7f0000000140)=[{0x3, 0x4, 0xc, 0x1}, {0x1, 0x3, 0x3, 0x8}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0xb, 0x9}, {0x5, 0x4, 0x1, 0x5}], 0x10, 0x8, @void, @value}, 0x94)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [25, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
socket$inet_smc(0x2b, 0x1, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
readv(r7, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [23, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
fanotify_init(0x200, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [21, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 16]
detailed listing:
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x80000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r1, r0, 0x0, 0x20000023893)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x80000)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x80000)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x80000)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x80000)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x80000)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x80000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x80000)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b, 0x8000000000002})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 16]
detailed listing:
executing program 0:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 16]
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 8:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00020029bd7000fddbdf2507000000", @ANYRES32=r5, @ANYBLOB="800004030a0001000180c20000010000326d231e18b8e1df451911b0cdf86f91dde44ff4e2ef7b18dfb6bdc3a66f466098b3"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4040010)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
minimized 29 calls -> 7 calls
minimizing program #1 before concatenation
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 15]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
getpgrp(0x0)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 14]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 13]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)
read$sequencer(r3, &(0x7f0000000340)=""/117, 0x75)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 12]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r3, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x11, 0x4)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 11]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r3, &(0x7f0000000740)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1, 0x68, 0x0)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 10]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 9]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)

program crashed: KASAN: slab-use-after-free Write in batadv_forw_packet_steal
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 8]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000480)={0x2, 0x2}, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 7]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
socket(0x10, 0x803, 0x0)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000480)={0x2, 0x2}, 0x2)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 6]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
socket(0x10, 0x803, 0x0)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 5]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
socket(0x10, 0x803, 0x0)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 4]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
socket(0x10, 0x803, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000500020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 3]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
socket(0x10, 0x803, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socket$kcm(0x10, 0x2, 0x0)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 2]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
socket(0x10, 0x803, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)

program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 1]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:
socket(0x10, 0x803, 0x0)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 0]
detailed listing:
executing program 7:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
executing program 0:

program crashed: KASAN: slab-use-after-free Write in binder_add_device
minimized 16 calls -> 0 calls
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Write in binder_add_device
bisect: concatenation succeeded
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(0x0, 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400))
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
detailed listing:
executing program 0:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x166)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(0x0)
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
simplifying C reproducer
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binderfs_evict_inode
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program crashed: KASAN: slab-use-after-free Write in binder_add_device
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-mkdir-mkdirat-mkdir-mount$overlay-chdir-syz_clone
program did not crash
reproducing took 1h11m45.988784072s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline]
BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
Write of size 8 at addr ffff888021468808 by task syz-executor383/5945

CPU: 2 UID: 0 PID: 5945 Comm: syz-executor383 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 hlist_add_head include/linux/list.h:1026 [inline]
 binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
 binderfs_binder_device_create.isra.0+0x95f/0xb70 drivers/android/binderfs.c:210
 binderfs_fill_super+0x8d4/0x1360 drivers/android/binderfs.c:730
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1759
 do_new_mount fs/namespace.c:3884 [inline]
 path_mount+0x14d4/0x1f20 fs/namespace.c:4211
 do_mount fs/namespace.c:4224 [inline]
 __do_sys_mount fs/namespace.c:4435 [inline]
 __se_sys_mount fs/namespace.c:4412 [inline]
 __x64_sys_mount+0x28d/0x310 fs/namespace.c:4412
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb39fe4bbca
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 1e 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff61f4e888 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fb39fe91038 RCX: 00007fb39fe4bbca
RDX: 00007fb39fe91609 RSI: 00007fb39fe91038 RDI: 00007fb39fe91609
RBP: 00007fb39fe915d9 R08: 0000000000000000 R09: 00007fff61f4e900
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb39fe91541
R13: 0000000000000003 R14: 0000000000050012 R15: 00007fb39fec4400
 </TASK>

Allocated by task 5942:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 binderfs_binder_device_create.isra.0+0x17a/0xb70 drivers/android/binderfs.c:147
 binderfs_fill_super+0x8d4/0x1360 drivers/android/binderfs.c:730
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1759
 do_new_mount fs/namespace.c:3884 [inline]
 path_mount+0x14d4/0x1f20 fs/namespace.c:4211
 do_mount fs/namespace.c:4224 [inline]
 __do_sys_mount fs/namespace.c:4435 [inline]
 __se_sys_mount fs/namespace.c:4412 [inline]
 __x64_sys_mount+0x28d/0x310 fs/namespace.c:4412
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5970:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2380 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x2b6/0x4d0 mm/slub.c:4841
 binder_free_proc drivers/android/binder.c:5248 [inline]
 binder_proc_dec_tmpref drivers/android/binder.c:1565 [inline]
 binder_proc_dec_tmpref+0x4c3/0x590 drivers/android/binder.c:1558
 binder_deferred_release drivers/android/binder.c:6292 [inline]
 binder_deferred_func+0xe87/0x12c0 drivers/android/binder.c:6319
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888021468800
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 8 bytes inside of
 freed 512-byte region [ffff888021468800, ffff888021468a00)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21468
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b442c80 ffffea00007cad00 dead000000000003
raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801b442c80 ffffea00007cad00 dead000000000003
head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000002 ffffea0000851a01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5359, tgid 5359 (udevadm), ts 24846691100, free_ts 24845159443
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1718
 prep_new_page mm/page_alloc.c:1726 [inline]
 get_page_from_freelist+0x135c/0x3920 mm/page_alloc.c:3688
 __alloc_frozen_pages_noprof+0x263/0x23a0 mm/page_alloc.c:4970
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2301
 alloc_slab_page mm/slub.c:2450 [inline]
 allocate_slab mm/slub.c:2618 [inline]
 new_slab+0x244/0x340 mm/slub.c:2672
 ___slab_alloc+0xd9c/0x1940 mm/slub.c:3858
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3948
 __slab_alloc_node mm/slub.c:4023 [inline]
 slab_alloc_node mm/slub.c:4184 [inline]
 __kmalloc_cache_noprof+0xfb/0x3e0 mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 kernfs_fop_open+0x244/0xda0 fs/kernfs/file.c:623
 do_dentry_open+0x741/0x1c10 fs/open.c:956
 vfs_open+0x82/0x3f0 fs/open.c:1086
 do_open fs/namei.c:3880 [inline]
 path_openat+0x1e5e/0x2d40 fs/namei.c:4039
 do_filp_open+0x20b/0x470 fs/namei.c:4066
 do_sys_openat2+0x11b/0x1d0 fs/open.c:1429
 do_sys_open fs/open.c:1444 [inline]
 __do_sys_openat fs/open.c:1460 [inline]
 __se_sys_openat fs/open.c:1455 [inline]
 __x64_sys_openat+0x174/0x210 fs/open.c:1455
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
page last free pid 5359 tgid 5359 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0x69d/0xff0 mm/page_alloc.c:2725
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4147 [inline]
 slab_alloc_node mm/slub.c:4196 [inline]
 __do_kmalloc_node mm/slub.c:4326 [inline]
 __kmalloc_noprof+0x1d4/0x510 mm/slub.c:4339
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 kobject_get_path+0xd2/0x2a0 lib/kobject.c:161
 kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545
 kobject_synth_uevent+0x7d4/0x8a0 lib/kobject_uevent.c:207
 uevent_store+0x24/0x80 drivers/base/core.c:2776
 dev_attr_store+0x55/0x80 drivers/base/core.c:2440
 sysfs_kf_write+0xef/0x150 fs/sysfs/file.c:145
 kernfs_fop_write_iter+0x351/0x510 fs/kernfs/file.c:334
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888021468700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888021468780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888021468800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                      ^
 ffff888021468880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888021468900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline]
BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
Write of size 8 at addr ffff888021468808 by task syz-executor383/5945

CPU: 2 UID: 0 PID: 5945 Comm: syz-executor383 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 hlist_add_head include/linux/list.h:1026 [inline]
 binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
 binderfs_binder_device_create.isra.0+0x95f/0xb70 drivers/android/binderfs.c:210
 binderfs_fill_super+0x8d4/0x1360 drivers/android/binderfs.c:730
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1759
 do_new_mount fs/namespace.c:3884 [inline]
 path_mount+0x14d4/0x1f20 fs/namespace.c:4211
 do_mount fs/namespace.c:4224 [inline]
 __do_sys_mount fs/namespace.c:4435 [inline]
 __se_sys_mount fs/namespace.c:4412 [inline]
 __x64_sys_mount+0x28d/0x310 fs/namespace.c:4412
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb39fe4bbca
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 1e 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff61f4e888 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fb39fe91038 RCX: 00007fb39fe4bbca
RDX: 00007fb39fe91609 RSI: 00007fb39fe91038 RDI: 00007fb39fe91609
RBP: 00007fb39fe915d9 R08: 0000000000000000 R09: 00007fff61f4e900
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb39fe91541
R13: 0000000000000003 R14: 0000000000050012 R15: 00007fb39fec4400
 </TASK>

Allocated by task 5942:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 binderfs_binder_device_create.isra.0+0x17a/0xb70 drivers/android/binderfs.c:147
 binderfs_fill_super+0x8d4/0x1360 drivers/android/binderfs.c:730
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1759
 do_new_mount fs/namespace.c:3884 [inline]
 path_mount+0x14d4/0x1f20 fs/namespace.c:4211
 do_mount fs/namespace.c:4224 [inline]
 __do_sys_mount fs/namespace.c:4435 [inline]
 __se_sys_mount fs/namespace.c:4412 [inline]
 __x64_sys_mount+0x28d/0x310 fs/namespace.c:4412
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5970:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2380 [inline]
 slab_free mm/slub.c:4642 [inline]
 kfree+0x2b6/0x4d0 mm/slub.c:4841
 binder_free_proc drivers/android/binder.c:5248 [inline]
 binder_proc_dec_tmpref drivers/android/binder.c:1565 [inline]
 binder_proc_dec_tmpref+0x4c3/0x590 drivers/android/binder.c:1558
 binder_deferred_release drivers/android/binder.c:6292 [inline]
 binder_deferred_func+0xe87/0x12c0 drivers/android/binder.c:6319
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888021468800
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 8 bytes inside of
 freed 512-byte region [ffff888021468800, ffff888021468a00)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21468
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b442c80 ffffea00007cad00 dead000000000003
raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801b442c80 ffffea00007cad00 dead000000000003
head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000002 ffffea0000851a01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5359, tgid 5359 (udevadm), ts 24846691100, free_ts 24845159443
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1718
 prep_new_page mm/page_alloc.c:1726 [inline]
 get_page_from_freelist+0x135c/0x3920 mm/page_alloc.c:3688
 __alloc_frozen_pages_noprof+0x263/0x23a0 mm/page_alloc.c:4970
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2301
 alloc_slab_page mm/slub.c:2450 [inline]
 allocate_slab mm/slub.c:2618 [inline]
 new_slab+0x244/0x340 mm/slub.c:2672
 ___slab_alloc+0xd9c/0x1940 mm/slub.c:3858
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3948
 __slab_alloc_node mm/slub.c:4023 [inline]
 slab_alloc_node mm/slub.c:4184 [inline]
 __kmalloc_cache_noprof+0xfb/0x3e0 mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 kernfs_fop_open+0x244/0xda0 fs/kernfs/file.c:623
 do_dentry_open+0x741/0x1c10 fs/open.c:956
 vfs_open+0x82/0x3f0 fs/open.c:1086
 do_open fs/namei.c:3880 [inline]
 path_openat+0x1e5e/0x2d40 fs/namei.c:4039
 do_filp_open+0x20b/0x470 fs/namei.c:4066
 do_sys_openat2+0x11b/0x1d0 fs/open.c:1429
 do_sys_open fs/open.c:1444 [inline]
 __do_sys_openat fs/open.c:1460 [inline]
 __se_sys_openat fs/open.c:1455 [inline]
 __x64_sys_openat+0x174/0x210 fs/open.c:1455
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
page last free pid 5359 tgid 5359 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0x69d/0xff0 mm/page_alloc.c:2725
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4147 [inline]
 slab_alloc_node mm/slub.c:4196 [inline]
 __do_kmalloc_node mm/slub.c:4326 [inline]
 __kmalloc_noprof+0x1d4/0x510 mm/slub.c:4339
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 kobject_get_path+0xd2/0x2a0 lib/kobject.c:161
 kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545
 kobject_synth_uevent+0x7d4/0x8a0 lib/kobject_uevent.c:207
 uevent_store+0x24/0x80 drivers/base/core.c:2776
 dev_attr_store+0x55/0x80 drivers/base/core.c:2440
 sysfs_kf_write+0xef/0x150 fs/sysfs/file.c:145
 kernfs_fop_write_iter+0x351/0x510 fs/kernfs/file.c:334
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888021468700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888021468780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888021468800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                      ^
 ffff888021468880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888021468900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================