last executing test programs: 2.950799796s ago: executing program 0 (id=32): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002640), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x4) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) 2.932896286s ago: executing program 0 (id=34): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x800, 0x0) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) mmap$binder(&(0x7f0000fef000/0x11000)=nil, 0x11000, 0x1, 0x11, r0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x1, 0x1, 0x3}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) close(r3) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xc0010010}]}) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0) 2.850994657s ago: executing program 0 (id=35): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000005, 0x4010, r0, 0xa3c3c000) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000000000000014d564b00000000ff"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='/dev/ashmem\x00') 2.746147859s ago: executing program 0 (id=37): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x7) (async) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) (async) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000740)=0xffffffffffffffff) (async) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000600)) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x600, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100ffe10200000080000000f9ffffffaa0e000480000000ac0a22d0e7c71b33c16fe9357dc8d5eadd9e6ac9f173ffa1e75e7224fa923f8b49e4acdb4f3109ecfd2eabd4"]) ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b442606838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb026fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e1533135fee831df925e9baabdb846b5bf66855e3f8b751ca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf900"}) (async) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x8400ae8e, &(0x7f0000000140)=@x86={0xff, 0x0, 0x0, 0x0, 0xfffffff7, 0xff, 0xb, 0x2, 0x0, 0x3, 0xfc, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd8}) (async) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (async) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000013c0), 0x80080, 0x0) ioctl$TIOCMBIC(r8, 0x5417, &(0x7f0000001400)=0xe) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000a80)={0x0, 0x0, @pic={0x0, 0x3, 0xe, 0x1f, 0xf8, 0xfe, 0x42, 0x1, 0x0, 0x8, 0x6, 0x11, 0x0, 0x0, 0xfb, 0x3}}) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @pic={0x7f, 0x30, 0x5, 0x8, 0x7d, 0x5, 0x48, 0x4, 0xff, 0x8, 0xa0, 0x1, 0x40, 0x4, 0xc, 0x7}}) (async) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000380)={0x0, 0x1, 0x0, 0x0, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000100)=0x1) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) r9 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_ro(r9, &(0x7f0000000080)='memory.swap.current\x00', 0x0, 0x0) (async) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x488340, 0x0) ioctl$TCXONC(r10, 0x540a, 0x0) 2.623194501s ago: executing program 0 (id=40): prctl$PR_SET_TSC(0x1a, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xc0010000}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000280)=0x10) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r9, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000008000080", @ANYRESDEC=r8]) mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) 2.423293694s ago: executing program 0 (id=43): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140)=ANY=[], 0x6) (async) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000007c0), 0x101000, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xc) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000300)={0x2020}, 0x2020) (async) write$cgroup_subtree(r3, &(0x7f0000000000)={[{0x2d, 'perf_event'}, {0x2d, 'pids'}, {0x2b, 'rdma'}, {0x2b, 'io'}, {0x2d, 'hugetlb'}]}, 0x25) (async) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB='max=\x00']) 991.216345ms ago: executing program 1 (id=63): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0x800000}, {0x6}]}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4000002a, 0x0, 0x4}]}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x4000, 0x10, 0x3, 0x12, 0x3, 0x2, 0x1, 0xce, 0xfb, 0x40}, {0xd000, 0x2000, 0xc, 0x3, 0x7, 0x6, 0x4, 0x8, 0x20, 0xf, 0x0, 0x81}, {0x1000, 0x10000, 0x8, 0x10, 0x8, 0x3, 0xc, 0xf, 0x81, 0x4, 0x8, 0xa8}, {0x100000, 0xd000, 0xb, 0x9, 0x4, 0x3, 0x7, 0x4, 0x67, 0x4, 0x6, 0x8}, {0x100000, 0x5000, 0xa, 0xa5, 0x0, 0x4, 0xa, 0x3, 0x29}, {0x3000, 0x10000, 0xf, 0x5, 0x30, 0xc, 0xf, 0xc5, 0x0, 0x6b, 0x1b, 0x1}, {0xf000, 0x10000, 0xb, 0x3, 0x3, 0x3, 0x3, 0x7, 0x6, 0x2, 0x3, 0xa}, {0x2, 0x10f000, 0x10, 0x2, 0x4, 0x14, 0x2, 0x56, 0x23, 0x3, 0xf7, 0x5}, {0x100000, 0x401}, {0x4000, 0x1477}, 0x90000010, 0x0, 0x3000, 0x4002, 0x1, 0x901, 0x0, [0x7, 0x9, 0x5]}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0xb03cdf087638818c, 0x3}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x6931b000) r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000100)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000000)={@flat=@binder={0x73622a85, 0x100, 0x1}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000080)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 990.541365ms ago: executing program 3 (id=64): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000011c0), 0x65101, 0x0) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, 0x0) ioctl$BLKGETNRZONES(r0, 0x80041285, &(0x7f0000000040)=0x3c180) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000200), 0x22c00, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x3, 0x4b, &(0x7f0000000140)=0x3}) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f00000000c0)=ANY=[@ANYBLOB="2234735faa379328"]) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @pic={0x2, 0x8, 0x0, 0x3, 0x1, 0x6, 0x1, 0x7, 0x7f, 0x3, 0x5, 0x0, 0x42, 0x0, 0x0, 0x3}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r9 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x30002, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x20e20, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0800000000000000650a000000000000ffffff7fffffffff60a200000000000002000000000000001b020000000000001000000000000000a5090000000000000800000000000000890a0000000000000700000000000000ec0900000000000004000000000000002d08000000000000000000005000000036020000000000000500000000000000669692bc3d8dd61561028c8624735a836b5a804b88ee2ce5326b4c74977dc3e0f5fd087ca622e60cef8ac34e51b1d21daa561e30eab28d3ef1922ef558f4b55e"]) r13 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x0) ioctl$KVM_SET_SREGS(r13, 0x4138ae84, &(0x7f0000000600)={{0x0, 0xd000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x8f}, {0xffff1000, 0xd000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x8, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x3}, {0x10000, 0x4, 0x0, 0x0, 0x20, 0x5, 0x0, 0x8, 0x0, 0x3c}, {0x0, 0x0, 0x15, 0x0, 0x3a, 0xfe, 0x2, 0x2, 0x0, 0x0, 0xaf, 0xfc}, {0x5000, 0xffff1000, 0xe, 0x1, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x80, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26, 0x0, 0x0, 0xff}, {0x80a0000}, {0xf000}, 0x9df8ffd0, 0x0, 0xf000, 0x50, 0xa, 0xf801, 0x0, [0x0, 0xffffffffff7ffffc, 0x1]}) r14 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r14, 0x40305829, &(0x7f0000000240)={0x1100, 0x0, 0x4, 0x7fffffffffffffff}) ioctl$ASHMEM_SET_SIZE(r9, 0x40087703, 0x9250) 795.486968ms ago: executing program 1 (id=65): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom1\x00', 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae03, 0x6) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x100a, 0x1}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x100a, 0x1}) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000001380), 0x2, 0x0) (async) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000001380), 0x2, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001440)={0x4, 0x0, &(0x7f00000013c0)=[@enter_looper], 0x1f, 0x0, &(0x7f0000001400)="78e4649e273daa4fc7de84471357775236dc91d835258ece6ef7b770985f07"}) prctl$PR_MCE_KILL_GET(0x3d) (async) prctl$PR_MCE_KILL_GET(0x3d) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) (async) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7fff, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000}) (async) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7fff, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wake_unlock', 0x242, 0x2a1) write$FUSE_GETXATTR(r9, &(0x7f00000000c0)={0x18, 0x0, 0x0, {0x8}}, 0x18) ioctl$BTRFS_IOC_RM_DEV_V2(r4, 0x5000943a, &(0x7f0000000380)={{r0}, r8, 0x14, @inherit={0x80, &(0x7f0000000300)={0x0, 0x7, 0x4, 0x80000001, {0x20, 0x0, 0x8000000000000000, 0x100, 0x6}, [0x4, 0x6, 0x9, 0x2, 0x8, 0x0, 0x5]}}, @name="31c28c6772029419e44aa5684d781ade3b17b797f9ca802a9dbd7897ec82f1569be33ee93fa0dd1959b5a4e995c4327fa56de255888aadc50c85f3c663841a99c3ebb3c5b366e004df84edf987dff87a98b8fec62432e4bb2329b6ec6ac22b772f4b119be52f53fa421ae1e84c27174c9369468c71e4c8d7e106bae08d3a2e628b9961cbb2fb982c6b0b0b9637c14dd301775aa1098b9ffa839832d9df431c3596c7b41bbf6f532c1f10c346e4ffe9f73915dbd53e501068bfaf1d26eb64776d84f18ffd08ce0dbb6f64e89b468cff4f8cf96ff74b8c7b60cf977b2753f43c0a5f89a5b5fdd54c12a4b5943a8ca1eaaf75a128fb19d825196d2c484bc76e0caf935a17f1be0a6b4e0a974c666a60c7e19bad2d78b9c3363e12cdb2d083937ed6fe1f399a4f02c591c5b1a18dbd32afe471efe1ab853656e8fd62a17cb36a1f01dc8df0d44cd27824d4f095c1e6f05e58b914153f02dd0a4b219a50410d4a00587c905b27c5461b72893703b7a7d5c7c0fd2728ae025a40eca86cc520a2f93ac264f1e412fada5290cdf4391ad2705c006e05bacafb2baa8b608841f0f393820768114341219f0b436abaf791862748a5a69ce545b64b072964ed583aaa44ffcc4297a937f25d8a7b2e3e90bed8cb9ad7f6d4f97f9f401c56bae084c8d9ef48f55205ee3aa2545cbf96da9e784376f34ace54ed501f6e703f41ae12006f51d27a78e20b086ea81ba40276c13ebfeb4164a05be010888d59c33f9d3a9fd9647a6bb97feda808589b9cc3e71e91006a93c8c7ac1e5349fc4d446b58c003b00d8f69215d2f02a34864e7fb2ee4fe7cf5b7a046fafae34683cdef327bc93fbf809a901b467c884196f6ef95c6039eba28293c6f342855f14670b82f01ceef3a992b63a33c10684edf7399a24c565ae5d479df2f46466d9ca79f5f15c0ba9d9eed091fec22cb6d31dc308a104d82c8cfeb0e1ac066d86874065b2f6d20a66253b19e77f1b837ca740a45494345d6a562c191923588241b1cba346c82e91e1ef8072e257158a0ac7a376d8762c676bc8a27c3496cada7f7c5414fe058c9b47ebb60ac8a128270acc0739b8f4f04f4f7ff59490b9053b849597e11da531f9cada23759c5552f58e9de9549c8282739812bd9b306642876383484b86b343e0f72863d74f3516d621c28960ef2f900934da59abd050a4a5949dbc861d2134479ab6c88a44afb5decb9eeb2d1d7867ee2339f8761353d48bf354b78d509bd4796873239fe275ca9cf7857b7d7366ad08f8b22ea7d9d5385e7969ea5c870fc43c909c505d6556d1f1b933f14cc744fab82a18dfc45c3340161ce4a3c275125618f8f12d0438aab1c8e9eae8f78e46670d84e381b719b9e19673a24b5f6eeb60865799f9c83f5841a9b1ff56e4a0160bb03f18e54089c2b2b239bd825c3cd10a3b76a500c2f2c5bb0efc997d185b99a4f5a3aa503065226f7c826f7c79dff7da83f9f3cfe258ba3398baaa6e3fa3f18e4dd75783c0f4f994faef82afbec03a9adf0137173ce060c5363198d91434f45d3b752e87a8742483ebd828a99d54fa00c01039e771435e81653c7f1f66c6449d5823997aeed45a6dc6d744647751074c11dbb9819f21bb52af1c88ee61599f1dbd997f1c601c5d47bfd1874a5fc438e2ad43f99b1539efa83878bde038dc39fe04245ff7ca51c50680361160c03ffef18ea4121288c6009b089a364412bbd1829ff49b73b0db3bed47180e41f47a8e6356013e7637e15d7af82b619984e993a0c634b4d187cb33ccb8737c694ce60c21a58a1de9874f4bef799547708afd41b926c86565e26ef92341863d0f201f2da41b2aeeb447bf70b5ec23d303d11e044544da161ce915b14c854a765db4f7c283702d67da66280a839fc293097824fca1f6a7a3a35bd3ab4b44b295bdc719b18fa5272b295059ac5b8eb7ef5252924549504005ce883a589a05fac4502d1bf83e5822470f0734274ffc54b0a8f109e38ae4349944c2057442c63264c475149d7004e60d465b95332369726ae8397f64422787ada56b75ee953cc635340d5a107198cafcea4c7a17a3c22f113e8e48a7dd14c8ac8825ecaa9c8e6d51b3a4be805aeb03282b6636a5d8d4cc937bc55b17976c182fd6500d19abf45205be2094bdd03162850236dead3575fc74c93091e0b44bbe69d235ba8f520c5e3909f5ad535ab227f579ae9d20c21d2c7f349d76763b390eac95de019117399e7f2272bc7e9aacded3ee5c31575afe74916afddb0382b28912b85438dabcbd5d44ef36593f2818aba866a6118eba37ee2fbe0960ceb7334f876b8e72b918ddfe3459324a7cd933541ff827327de144a068f4042eaa4615bfa6080400d9223f7f047f793b94b28c1b4bd62522daaa745f0b78f96971d8e5237da5ca80191f0b821bf84d33803462517f2ee8c9f743c1bbd5abfa41e768952245dbbe96d7de8b1683989f9594b9b8de4a4bb9d13f49b9074bb30d33cc4de46a1f8847c37e55aa6c06e3400e4dc4db65a345104fb54224a2323e8a5a82c1f4916a4f640bd53d6b876d35092f836f585dc0e2a8364587fc42a25bc5c72fe35f5d9bb654da7a67ea1b7e63af1bd9dc3c6784d4773b7c89329b27f41c166d44cf61b05bb98ffe1fde7aedee50f9fca91cd06299f790285451f4dddfec781255f08e019ad59f44c04074ed4fcd3714d9e21203cf1aff38a54cb1021567369fb1a35960f90de87f033bcafe1dfbc6b21a638d9a1c300e8478e4c2788ca465dd9b5a2fbea7a9d07e1f6d0a0cc292baf916f0105ccdff66dba7d6eae46e8a827cd074682ff75941540d4e861c02b7f2804f8aec314d1fe5e6c4334bcf8492731078ee42130c412e13f57c1dcbb0d7aab3c133e1b07b2d7af6e7c805444062a450654c790b1ebb0ed4f21869d63f989adc1b8ce18ba6b97bafa75c8cb5eb8da10ca83804e5f6cf52d2d3f54df6570a46120af6777901ed0ab35f247d9733cec6a345f45c4dd4e190d770eb38494898c9e6aea75463f73a66c5640c43442e8031be386776b2a85486f224b29b0ec37d4fd2d47de607a028066151fcbfa98ab643624de88ea7e1c0bc167233bbd384d1e5d14c908737bd2a65337d87dd35fbf8ff4974a38645ee551acb31c629b1bee5d39de637029654c9389ab5fd8cc8062351722c66878bdb40b88fb9960b4416b8f75ba03484605729d722a8adb78a10316238960f30e4354de908263337bb48b02735ac843a28483f1bd898448796c52a5983a8f4a1977afb4689f269e40d8173e2d8b2c6cb97f3d8b25296adfe05d0818ff3714dc2bd3a4d914a2abde0155581125ac57672409fd80eac8beb3101038ad6940675060fb0c55b506dbb3b60d7420c9b8eaba7a15e14a6e30c131d76d3a31b8bdb4001a3c7f31f9420fb69884d4e13a1069638696aee9a1eee6754e6d49a9d332222199c5c8a926e4b7d6b235896901f9eb56d632f1d4d45490d6bbfff9b3f2aa0ae40d2e14d288501e875cb86f5e5a8664506104d8e7d6f1d3693f9ae2708399e74389d7bf40e08db2aeadc854d483b643e6a56a6da896dcc6aa810bb5d58b90ef9957d7e3fa8da6e63abc585d6e37cac23995d2443c251ecf8bbc45fae9db29fdc42d1c228ad3b35a2514a2980136083c9417f96d1d6ee60ed5e429813e0c35d2af6b2f1353cbf911cc9f0bdd301df8e5d8f1fdd1034558d668d64b7d8a18b4917998e81cdfbf428a9b6f1d8be4e97c7f825712d3bbc332872ff7bc38b9261e807a6b65c5cf9a8fb65f95d1f7e8f3718cccbb86d33a2b6f0bdb15505fe5abbd91b7c3f38bdb17e042c6dabf11abca829a99b2b79673de192b904aef22f49d603faf34254bfe4ce208156b448b971edd1f512480d48029c81552c944bb8a41e1fecf7ae64c470a221a8456776edf9dca7747bd8c572556ff59ad47592c8af8613e2e64c1762e0fba1884e2ce2913ea549863152a7e37316623b99a7ce75205810226987a23f0f041816ba6aaa234c83e9a262a79afab36338b26a677d7b023fc70b452cb05f5180846c21750b8f7f90f7d18b4ddcd867d56d48a6da22201b97decf41b45db6286a98b521c624ef0e4e0f733fe1cdad968448a0307c1c2231e79c799f907c73c5bead0c7080ffb6644538a3af9a9f1eaf8056e96bd9de9f71f084eb79f605fe8ddd74d0d306e6185910324b5c1c07375a3d59452d7136c7beb31d2fa95be0d4c7abacde29ebe0febac871ab9c41670ba2f0e14e083a6764454d2dd398da4b2cec3397fadd79e25f59bab45846528d0ed36f19769f19f204112bfec110d85367e090ed60ce3d1c32d84e4b8156055964a829f91d484db821cbdf439a69229fd06884fed7f7209da42d969d2642a7161fae1c3abc105891a25ceaf8224fee9ba9039e9e239eefa4b5a6667e3151ebf749bd2dfb2c7cdcd264388e9a9d5f098d75b2c639191e2cb105acc7cb781c66082018055354897174c291ae1a4244f20a7ad8cc26a9ea5a0c2f92b5b0dde926724352269c0b5f08a4e079b1702f56a0cfcbde40ad10ea29bce06ef04e03fb57163a540b4402458adf87a39227dbd9ddd9f33b72d70037062f756f76bb42a0d687ad17e01e9c59ed778360a2d02861f8ae50a4ae56eaab17a8e6ab5e19e99bf61dedd3dce1495fd3683d1b22c620878f003e8ce79b77228034aebc3ac589ec9a3f91498359f20fb05c5608ec493ec3aac54e32d8bb5fc180f72a0f9dd455d2766aa26cf9da2b7c42d941c23d7394d4b76b86c1cfc4701387468b7f045f63fb0550f108f939629921a8544bca59548d794ed8355eb649496f7e01098214cbe006ecf08c14f1d2b0dca1e16dccfa24ffbea50724301c1dbf2394c1468b408ce9effccdde018e910167d50e6f69c0f5faa975d3d3d682cd706a98147171930b7d337927913b9943eb0c49d8784dbf8fc8490d4ea4ecc065c87a69edc5b30567bd978b60878413178c4338616cfbe04ad31d4a5d5bc4fc9f2d59a3dbd899467fb2f1175de0fb97c2b489b71ad7203993ef91f4abcb58adc45035fbb15d5d7e123c8ec66a7be62cc8f85957e361c96a6ee5dd6ef73cf65173ddf0af172e8a97e5802ab6684f1426b38a38f54c772d717d301d9356d5f4f4a7955ea2230c7685c9e751b64ef5db46539a159b57a76dd5603c5e6d4191f669f79fa5548092874baf69d6edf7023e6bfe87018149e05d1c7dee8fd745858afcf8f35e80cf77fae33ccc05de43235eec3c6640c5f1ac3ead806b8588f06c6c252d70b62d8b74ed9b12e1f1e332f1df030faa52ced0930c0ef2050ab92bfdda54b7709c11e69043b5dbe5c0791544083149d73d3d0b8be0055a59c802543cbe2e0d618872cb171dd9c9615560ac73f7c05ba7c23a1d8d48c8ad1082cce59e8e0c71fc716a261b152434eaf5dc48b70f5af35f3fbdaf43853957f0068201dd52f653cf17deb75a1d0c0b457d7a86e74b82bb6155741fb9feb309de2e8b5b06a5fec1db231f909a91070d735e0b6723c74e548afd9bcd55c2971d48f7904326815268d3ceb447927cf7b20a6befb6c4fbe869b7fbfb6d7cdbc60f5a2f2510dfcd9e3d7f8e2b90d7b4b2fee45922444f5fa6694bdca0430ceb8fb7f4379c9002e7df0fb3acdc44f60b92a885cc8691f995cece4f290a6945ce32188c30da2881a8184c7f1853d862b7d7eef8e20b4540ffbd1594127d7fa38"}) 692.14865ms ago: executing program 3 (id=66): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x2040, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffeffffffff7fb) (async) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x786d) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x41720, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_FPU(r5, 0x81a0ae8c, &(0x7f0000000100)) (async) mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x13, r0, 0x4758f000) (async) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x200200, 0x0) (async) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x103143, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) ioctl$PPPIOCSACTIVE(r6, 0x40107446, &(0x7f0000000300)={0x4, &(0x7f00000002c0)=[{0x2, 0x17, 0x80, 0x6e}, {0x80, 0x0, 0x9, 0x6}, {0x2, 0x3, 0x9, 0xac0}, {0x6, 0x8, 0x40, 0x2}]}) (async) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000340)={0x2, 0x0, [{0xb, 0x2, 0x1, 0x0, @adapter={0x3ff, 0x3, 0xab4, 0x6, 0x53c}}, {0x9, 0x3, 0x0, 0x0, @msi={0xffff, 0x81, 0x2, 0x400000}}]}) (async) r9 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x6400, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r7, 0x81f8943c, &(0x7f0000000500)={0x0, ""/256, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r9, 0x50009417, &(0x7f00000007c0)={{r2}, r10, 0x16, @inherit={0x50, &(0x7f0000000700)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000ffffffffffffff01040000000000000068dc04000000000008000000000000008508000000000000ffffff7f00000000ac0c000000000000"]}, @devid}) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) ioctl$TUNDETACHFILTER(r7, 0x401054d6, 0x0) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x240641, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r13, 0x8010aebb) (async) r14 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r15 = openat$cgroup_ro(r14, &(0x7f0000000080)='pids.events\x00', 0x275a, 0x0) read(r15, &(0x7f0000000000)=""/83, 0x53) (async) ioctl$TUNSETQUEUE(r11, 0x400454d9, &(0x7f0000000200)={'caif0\x00', 0x400}) (async) write$cgroup_devices(r11, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c9801288363"], 0xffdd) 573.910922ms ago: executing program 1 (id=67): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f0000000040)={0x8000, 0x2}) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1001, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/89, 0x59, 0x2, 0x2}, @fd, @fda={0x66646185, 0x2, 0x1, 0x3f}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 548.405142ms ago: executing program 3 (id=69): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/binder0\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7, 0x6832, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000100)="1455f68aec2ac0994b205853e9992e10affeb00d4cd8b327ce63c8fecc63d88aabcfa49a7da982f3a91a68acb8d946950a9072d0bf692c35df1e795e5cdaabf79df183e689569eda9f8714c2578c574e56a206b150f4ecc6c3fe4febdfd28a790048af048490aadca3", 0x69) mmap$binder(&(0x7f0000379000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700), 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/binder0\x00', 0x2, 0x0) (async) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7, 0x6832, 0xffffffffffffffff, 0x0) (async) write(r0, &(0x7f0000000100)="1455f68aec2ac0994b205853e9992e10affeb00d4cd8b327ce63c8fecc63d88aabcfa49a7da982f3a91a68acb8d946950a9072d0bf692c35df1e795e5cdaabf79df183e689569eda9f8714c2578c574e56a206b150f4ecc6c3fe4febdfd28a790048af048490aadca3", 0x69) (async) mmap$binder(&(0x7f0000379000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1}) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700), 0x0, 0x0, 0x0}) (async) 478.993273ms ago: executing program 2 (id=70): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002140), 0x101000, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x4, 0x0, &(0x7f0000000300)=[@acquire={0x40046305, 0x2}, @decrefs, @exit_looper, @release={0x40046306, 0x3}, @acquire_done={0x40106309, 0x1}], 0xfd, 0x0, &(0x7f0000000340)="54e42d650e78fc8731fedb8308f3bb09a2d00f8ae07df8fa983a6c87cdb0dfb7a6c12a6cef682db693fa3350e1295b56c582677288565c1a9bd3f87101edf598707f02462227baff38531b92efe04d91bd54ef49567b71471e16cb7c561b0ba17a5c2e1e77fb99f72644ed6bcac574698aff3cc23362f73f87db1ae3e15e55f4f67bb1ec2ea61017c9b4da019c2beb09aedcb3fe15161a583b3fc0734511b3101130e303e4fc2f01790c0de2bdf1837af82cce6a36db09eaf5d5352feb34f7ccf09d9f962367726b8274391da6511dd09349a4fcaffd0fd064f2de285a55ef7b8e68d50f8d8201c17ef9a38a1bf6af2cfedcdab74c29602d42a7cb688b"}) 478.512813ms ago: executing program 1 (id=71): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x200040, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000040)={0x0, 0x0, 0xf}) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) (async) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000000, 0x10, r0, 0xf937d000) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(0xffffffffffffffff, 0x8040942d, &(0x7f0000000440)) (async) r1 = syz_clone(0x140000, &(0x7f0000000480)="0ef4733b1797d3d9cb513a44f4bf0f1f5be84caee3cf70d412132bdc913d4c38faee15c270cec3dae3a417cbf4c8357b7c3cef497611fd58fd2eab0527f057f2f751a3705545b8d65d32e4a654390108d83102139d95be5230dd46ddcf2c31861e1f235c3da5be51ae4843783f4bcbfd312fbc268480a5645c5affeb6371e6b73d5c56f45f95b413185220c1bf545c0c7c8dca9a49ec8a7f0e62a083ecd538ea5521f8194bce03b6dcdd844b4e73afa756d59b57c794e0d84d888093668f021e4ea3ef16941a7bb428c5497c178666fa56dc44251aa256409b74b324155e5ad465e4c010f8454acc", 0xe8, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="b3a849505e0ecc9c6631eb39f90eab29f64b9bffe38990eb4631669c601fe6f7c3b3a608cd71db6907d66ca84880efd4ee3cfa7ac45c612383e3f62d9a68964b739659999711367e852916df82e13b8efb13d9f507231899a1f69ecdc09db1397e819b933a4050e947eae57d72265aa7a5aab4695f3df87fea03778e3b801f610795d5c27636231ab46c09530d1662e0f4") mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x80010, r0, 0xf9677000) (async) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000700)={0x200, 0x18, '\x00', 0x0, &(0x7f00000006c0)=[0x0, 0x0, 0x0]}) (async) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000740)=r1) (async) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) (async) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000007c0)={0x0, 0x1, 0x5, 0x2}) (async) r3 = openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$VHOST_VDPA_GET_IOVA_RANGE(r3, 0x8010af78, &(0x7f0000000840)) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000880)=0x800000) (async) ioctl$FITHAW(r3, 0xc0045878) ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f00000008c0)={0x7, 0x70, 0x1, 0x1, 0x7, 0x1}) (async) ioctl$TIOCEXCL(r0, 0x540c) syz_clone(0x200, &(0x7f0000000900)="c4329d037133d8a285d30b2f53477075d896a22f25eee16e1a9e01e775e132669090077658e8bc20b637b7b71a19b7c5069cb60e21c7f0bf168bb918125dae4090c3d739a6f2dd8f50ae6ad90b2a156fa3174ffcbdca29052b265a30", 0x5c, &(0x7f0000000980), &(0x7f00000009c0), &(0x7f0000000a00)="79614fc8ee98efb188b4a676129dbb35") r4 = openat$cgroup(r3, &(0x7f0000000a40)='syz0\x00', 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000a80)='cpu.stat\x00', 0x0, 0x0) (async) ioctl$KDSKBLED(r0, 0x4b65, 0x1) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x7000) (async) ioctl$F2FS_IOC_GET_PIN_FILE(r3, 0x8004f50e, &(0x7f0000000ac0)) (async) ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000b40)={0x0, 0x8, [0x72, 0x2, 0x4, 0x3], &(0x7f0000000b00)=[0x0]}) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000b80), 0x2000, 0x0) (async) ioctl$FICLONE(r5, 0x40049409, r4) 435.397044ms ago: executing program 2 (id=72): openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xdc, 0x0, 0x4}) (async) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xdc, 0x0, 0x4}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x80401, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000a73e"]) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000a73e"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) (async) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1}) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4000002a, 0x0, 0x4}]}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0x7f) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) (async) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x1812c0, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r7, 0x40087705, &(0x7f0000000080)={0x1, 0x1}) 416.825314ms ago: executing program 1 (id=73): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000003d00)=ANY=[@ANYBLOB="010000000f000000d00400"]) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000e00)='cpuset.mems\x00', 0x2, 0x0) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0xfffffffffffffffe) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x4, 0x804, 0x7, 0xf, 0x120000, 0x6, 0x0, 0x7, 0x8000000000000001, 0x7, 0xfffffffffffffffc, 0x101, 0x3, 0x1], 0x8000000, 0x141382}) write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0x0, 0x0, 0xc98f, 0x3, 0x40, 0x0, 0xc07}}, 0x120) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_REGS(r12, 0x4090ae82, 0x0) (async) r13 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x101) read(r13, &(0x7f0000000080)=""/1, 0x1) (async) write$cgroup_pid(r13, &(0x7f00000000c0), 0x12) (async) read$FUSE(r13, &(0x7f0000000ac0)={0x2020}, 0x2020) read(r13, &(0x7f00000001c0)=""/91, 0x5b) (async) mount$binderfs(0x0, &(0x7f0000000580)='./binderfs\x00', 0x0, 0x4008024, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000036f6261dffb00"]) (async) read(r6, 0x0, 0xb) (async) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYRES32=0x0]) 355.220695ms ago: executing program 3 (id=74): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x3c403, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r1, 0xc4c03d09, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000001c0)={0x0, 0xbe4, &(0x7f0000000000)="40269895550f3e4ad6465b7325b96e44dd471faa7915dd9b03e26036ec3bc28b3058c5cc813f90b44ea6ddc8e8536c72e711375d0851a71caac980c118b122230274e30ce73f9e4989b3acdc7a24d752c88bf330bf881e66c8045928b1eab38bc0a847219689ee5c7e564c91052bf028dc9027b675248ddc930e2bbd487063492c30d8f569164e9ac2680f8971f1be1f896cb9acfd", &(0x7f00000000c0)="47b3be37bb7cd19de44b704f60337a2664be48251e9f181c56eae038235ca078410aed4030480ca2f0a0c170ea026fd4335eb53dae76674bece8e50a9cf9615c54ed67340d9762abf943994ec1c9eefcad4b566b13282686adf856087d8cd834eb48cf39113e3692fcbc122bc4406eedb5f66cbce6ce936b80d8ca0c7ecf5bc9ca718ce201137254fa95be3d546091e84d48b965d6545d392f70e81c354bcec4172d7f6f5c469802b7552b9088235749f7824232ea4bb180b8239c318f6937f25334f28048822b2a24b17296ec004b1b427edb6493022341e7e9517639ad284468", 0x95, 0xe1}) 354.945665ms ago: executing program 3 (id=75): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x7) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100a}) mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,st']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000440)={0xbe, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000004"]) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000000540)=""/190, &(0x7f0000000140)=""/83, 0x3000}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r3, 0xae80, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r4, 0x8008af26, 0xffffffffffffffff) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000fd3000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) 169.074438ms ago: executing program 2 (id=76): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0xffffffff, 0x12) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)={0x0, 0x0, {0x30, 0x0, 0x13, 0x19, 0x5, 0xffff, 0x0, 0x8a}}) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc0046209, 0xfffffffffffffffe) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) 165.624918ms ago: executing program 3 (id=77): prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x401, 0x9, 0x7fffffff, 0x3, 0x5, 0x7f, 0x1, 0x9, 0xa80, 0x10000, 0x7, 0x6, 0x2, 0x4, 0x3, 0x4], 0xdddd0000, 0x20c084}) r1 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000240)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0x6a) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, 0x0) openat$cgroup_int(r3, &(0x7f00000001c0)='cpu.idle\x00', 0x2, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000180)) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) prctl$PR_SET_MM_EXE_FILE(0x39, 0xd, 0xffffffffffffffff) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="4f14b9889bf1e27b"]) ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000200)=ANY=[@ANYRESOCT=r8]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000003780), 0x240, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x20000000000005}) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r13, 0x4400ae8f, &(0x7f0000000600)={"3ff6bb967a158926e0d45f9a4e85c53d873f815ae2bfd65085ff677bcd035c43c23b8a83249cdb3138ce2e544626d0a228dd65e70642029b38f70f9a8653bc6cdf708c9797d18127b3cdb99b2e8c08880080bf7265c2e0533b00fe5da866653824e1f9806cdcbcd0c34abc3178128e99ec55564e049b283deba3df410afb94a39e493653203444f241f7bb4095dd447673de9bddbc6f158b7cef9f2eae35a27ad7284328c5a4da648b2d3d6b1e4d45166f471a74b593a0e1544a069e5f83e802abe95c3660abf974acc42f7199d2780417559551eb09279ba244e2e62c8207f036240beea9e7c4d1ea05b49e56ed70561bf33301ba355da833ad4f76de6ed78319fe0f9ea8746c60b7dc9d52a4c06dde98a9c8ab6fbe4d8b1b3a1d82c26d7163f4733a2df0b4df085782e0ba85ab384bb2b81ddff291fe74390b0ed0a19109a8811395ecd8ad603b74c0db19d12a104064f018b4a0a7a62824177413fa6e18112b83547c10307e1cb5ea0e688727a81d551b719ffeb7a0ab8ec60efd05fd522d9f8fb639c617fa7aaded585164f0ae89f2bd4f52ef51aa592788e4998a953fe86e4adcf58a5e386dcf4276d6ffdce363a0e4f429b8e8abe78534481e7610fc79cb026a31d83bea3d08828babd902baa28ed5cf67c326a32e755a32996b1074df14248ef649af69c4a8b529b94f90ab4ba4a2dba431ee06876dc30ace0a9d2ac516ef0cabca1b36aed282886150f7f1b918f023f96e8a806ed6080a5892354778c7cf7c17d586a8bcd9af620adc66050653236a4b2ca2c8819c47cf9ee0844dc6e928c1917c440a0e25d720f966e497a9f00326321f26f19cff38afd6368a324f37208793ca29ce87fd83b1c398bfab9f51acdd373be680041c1d66dc6ce46a6b59e09f963cdae8d879bc1b5524d5a07a0b0477bc7cc9b33372bd88dfa4205d8dfa7e54e62370795d27e0231325921d3f682dbc42b86bb1736ecd9f1e3c651407459964600574b86f314265c13004aae9ce22506fcc0078d5e0e7c496a76da558ebc428ef9c0718e425309bc777af86e8bdaf024b655e3ae6b447e4d7eef20a8373e8caa1490b5391b4aa2e281b50b3990d3163c23f6afc8bf8d921e7e438f99da2752683a468fe2c32067aa42a0b3a5fcd5c206821fd224a00bb958f8ce4573b2b5f111332f074b38751e5268b50da69b91c297bc6d9ec3dbc754efe683e67b0a800a2cfa78b86a8789d8b5396a469cbf900cbf65218b5eac11a0674300a23a0138cd9cdeb1aefd886fdd7eb87a4301d2376c092283a4f22e3888dbce72d7d228da1f05069dc0528f34ed75a09b461c17e1333f58eca999d759bf31e823da449c2bca9cc723788675e7c362645e5826a23b7386217a52046353f3f6bbf82314a79855b1786c77b26c33938288655f797153b17184146613f6d0ac9255db698f4"}) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) 52.699309ms ago: executing program 2 (id=78): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x0, 0x2, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000040)=@x86={0xba, 0x5, 0x9, 0x0, 0xe408, 0x9, 0xcb, 0x1, 0x0, 0xfd, 0x9, 0x7, 0x0, 0x7fffffff, 0x7f, 0x9, 0x2, 0x8, 0x4, '\x00', 0x0, 0x2}) (async) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000080)=@arm64={0x9, 0x1, 0x9, '\x00', 0x5}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000000c0)={[0x3b2b, 0x1000, 0x7, 0x0, 0x6, 0x1, 0x7f, 0x7fff, 0x2413cef, 0x1641, 0x800000000000000, 0x8, 0x1, 0x273, 0xc17c, 0x6], 0x2, 0x140000}) (async) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000180)={[{0x57899a2e, 0x0, 0x6, 0x6, 0x9, 0x4, 0x3, 0x9, 0x0, 0x9, 0x15, 0x26, 0x40}, {0x2, 0x2, 0x8, 0x1, 0x80, 0x2f, 0xf, 0x5, 0x5, 0x7, 0x9, 0x1, 0xffffffffffffffff}, {0x8, 0xd6, 0xe8, 0xc, 0x81, 0x3, 0x0, 0x40, 0x4, 0x8, 0xfb, 0x8, 0xff}], 0x5}) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000200)=@arm64={0x8, 0x80, 0x9, '\x00', 0x3ff}) (async) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x0, 0x1000000, 0x12, r2, 0x0) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000280)={0x50001, 0x0, [0x5, 0x7, 0x8, 0x2, 0x5, 0x2, 0x10001, 0x1]}) (async) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000300)={0x5, 0x0, [{0xc033, 0x1, 0x0, 0x0, @sint={0x1b, 0x1}}, {0x12, 0x5, 0x0, 0x0, @sint={0xa279, 0x7}}, {0x9, 0x2, 0x0, 0x0, @irqchip={0x2, 0x8}}, {0x7, 0x3, 0x0, 0x0, @adapter={0x401, 0x101, 0x80, 0x6}}, {0x10000, 0x1, 0x1, 0x0, @msi={0x3, 0x7, 0xa487, 0x3}}]}) (async) ioctl$KVM_NMI(r2, 0xae9a) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000400)=@x86={0x4d, 0x7, 0x8, 0x0, 0x4, 0x7, 0x3, 0x2, 0xfe, 0xca, 0x3, 0x5, 0x0, 0x7, 0x6, 0x4, 0x4, 0x4, 0x8, '\x00', 0x6, 0x2}) (async) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000440), 0x44202) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000480)={{0xffffffffffffffff, 0x0, 0xeb, 0x0, 0x9}}) (async) write$UHID_INPUT(r3, &(0x7f00000004c0)={0x8, {"acbf9020b5beb4cc2e63af7ed99ffe59a141f7c6ac5bd16dd752137ab8c86f397ef82ae91682edcae664be31032ad7621a120fb7336ec740b0f996af8cc2aae16f29d2cb517e4acf4ea9787430d9249d2ec47200f1089b63bbb68bbd4e4da4496c27a1a0a585d2503edbbf54041f01eb3850e34452fc0501c5cd970b9aece440349d1b1cb9e332a5de84620c060e2a86ba4a570c1f8bd9b6ddfd08dc9381086452b4280b83d2fd298870ae23f94a615f7cd3bda84d4c906283e93b75dc5beb620e2ea3e7e86dfb6e5584648438b82f9c2aab56032e440720a3f8a96eb051631e846c6c1fddaea7e43ca9fdba3140c376c8d5f2de2f58e014801d8895f425fb62e5fb8d268ee9a567830e57117fee664fec5825e4b448d6a5c3f7e95da40a7541ab55aa1c2214660a233a2980bb5eaeff4ce78973141a41fe3bf6829611e2bb7ffd03f1462bbbbb0260fac98da07ae43656b6ac1b0aa2055c2b577c4c00170c73b44e1eb8bb1efb43defef3be658ece6fb09fcd4a939590e02f46cecf4ff34120a4d821f357d705cb8af8c9267903f7e0129854387343aecb561cfa7e96e85e856b2d26e3acc3c202f9b3884b42ad722a1d35692fa13179c2451ae4a05af42245733e4109cf924a45999850eb2002984db6465d85468680ac7718dcbfd64fae5aef03e42edfb5b12f52f90a5fd51a7715417bc8d314ef386cfd762e2ba105d71318cfa638bae81a38c47f3d9a2b5dd5aeb73ff7fb6a1be105968ce5a2f018ebbf8effd0cd584b2f572d8019482fdd24a109baaa760219188ef8935c3c55dcf3068bca380385871a84f768e1e45a796385c51e41b151d14ac713a0bf8cc61f8891f5e6d761dabf6e34bfdbd656ebfe71adb5ab15cb148d8cd296f179ab86d4c74c67da89e3cc81607645ed77d1fa26565c32b38f55621e18b5c420a855e823e56709e463a5b7bd13fd74ce912b58bb858c49de2e17eb48277db88470d798e7f6df52bed50eb57482b79e046fe8c05bdf5b9556829406d494101231a3ead80543ccead1621669782b5f30da25e2cd00d668a5470f04bab86c8e2d5bd59ee0dd7ecac96a864ba51218c0ddab992775036453e6d677f4844b4b9d2100f419f617bfe4dd5b26df686689378afb101d5a20b4166be403ff12606cd24fd7eec99993fba80d75d98825a9fe5438f64e8d7c1852bbdc7da8685b669b9ba27ffdd50a56db49805245d09af739ced66ab13e7b2d6f74ea1bcb8baab065322ca9387b6061401c035fc837e07a97af0cbf72340a35d41334f04e9dfe0e809b6dc78388b4b6a5535f24f9bb111d2079b08ead48cfcd593b1eb5006e48bc1a3f55f11b9142652e39da6897ea36e68b057cab43d6656757a77e1f0969a34555b1fe6cd4bedc017c8433b74ad96c0b9f1e09db581cedd0e656653f0ad55a1843827b2b59bbcb2b864296cb2abbc87cba6541b5a6184c53089bff3299287d1fd45edbc24bf31c9848d89228e04786cf90e43671eb151c8e65752a3be16d65e912014f66bae66d097ba4195013e2b4c48fbecb5a36c4e311a83d24d548ee785d16fbca6621f092542b6b8a82b56350769e601bdf192933e0059388774eb0eb7cfdd05abb0da25666edfd74bae924d6d90792b245f16858840349d6aed5cb51f809904369fcc711fd3c5fde6cf3d324199377034fabde01173b6b72a1d54b8d5ce533196f1a7468585e4f22f517db2eb6f0d91b2c47078fb313e3e5ef33ab77c2b822f7f556c9ab2cb3bf820703d5eb03bc9a9f753ecfe4335daf37c30dadf784c1643fb1304040d337f03bc9e4c1936e15b8510c56b17750b8cf20c5e31503f0fa72e9b28c3f0043325a5ad5404f9d00d773634bab0b4ffcf3de2e14bde61b1adfa316d95bc41a605b50478d524ae5914943db754988e7447220ec2955cd9a2053bd1aa1f916a162db71a7ab21ee00911ef4a7638e96f3f7a8124202763aae9b14bf610ff90f40f2c4e2efaf56b71775b387cb6bd968c30b7d58e277b9fb8443ab576aa10f8bfb542d10beb037fb754f4c418692f679df64b918dd87d54f3ac0b435f70124b634dd60bbbeb8717042c62abc9ecbae96a1d7cd486bed80c18b93e91c8353a7a868cfd01643ae2714260f72c5e2692a61ff7f40e8b0d0a501e46c9f2a6223fef2858a87bcd3307e1ecb18fd71f3edfa000d9a0e55a53b382c7eadae6ba96c9e9916a68a9337b7b019fc8ff5761d2c88f2a657ebb079633fe495f2b1d5df370a870ccb80269679ee29f2bb39e87e6ef6499400b6c18f5163ac632914c46e353114b46d8609ec16e51e4a55859472c0ba4669aafddba340d49f0dd5eff9b6f257ab2f3ccf3a3a224afd093f804a314c24169ea668ef1dd01cbca1297603ed865147713eb097a8f55a6dc0140277b2a065f29ca39152e6079eaf588c4a17a8a78289cd0bcf449a92ea25c5d821cf14102a57963971e9330d695dec3f978478ab6d05fd8ed541035411579b93269b6275bbff2d6b19a7c5197a780d2f9fb62ede303b5e3bdf1f54a3a4c91a77e4a2790d01ff0ac1f6fa5ea87c0c7ab14c16e00e6163586cea314bbd1767e36f87c997f1732e4d298a70836a6328dcb5b1ed6b74f6341e59176db87d392ae8518c514a1e06eebb6a7ab7e9a326e6adb320789aafaf371ccbf0f18a7312f71b78e166d1c4e6a8646c3da7cecf2ce80e45c76f47ffffba899b0457b0e490719fe448524461fea6a7221bfe4ff8096617e9e297238c113f76f9f6b07d6f1b024eea6c5278370e398be45e9cc0fec3f48e13d11c19abb70754781538fd08f59f407680f17b373e7681761d124710cd99c1da9882df0d206b4a5b1c609989c580d29fc662ef521330107ae7b7b9bd50969a47ea903c7100b6545a7cd757fc14efc8597026482557109f1753bca629f3de89cfacdba39ec436dd6a7db5b2cf19bed2a46deae28fa4033b25b5551fcb7fa2facc8b0b1c3e9adcfe1d40cd1eaa7f89374e7a945695d5f6b45f42c73e5d7e1d97877cee7448118c7942264de868c2f2feab24136694b0bcd22b21962dc3a091a4c9e38bd26f5efd4eef00745e7ee9287803bbe59cd0f1a512754c7ebbf0c9256351b9288a4ee90b712749b1773d21fb2151d261061ad6a53f2dba8601e01c7e2b62afdb87a94bc2a712ed4ab3a61c0e4a14a844dcd3f221b15253b879d1a70275307037e4d2e26eb250b05834910dd7d84224c9cf0424be11b34a3a31b54666a949a2b4e84199856fc01290ad132a10aa9cbe9d31a2649d5ae6ad62def6ac6c7b137119cecaae251b6f5bee4f914fb9b7ab9fc1eccef55a704f54b0c31c2d05fd6a29e5954f94a1921067b8a931231a362168ee80d83dc74817c406e698238cb8d705a87287d13431937e966be32799957b2af5fc76481b4d703c85f664743da34ac20521c7f80929bc5c6c53442a84002c927a7d469dab27d85f83dfc2a7c5dd2af12759930410ff29e205fbf41ab177f0a30446913da475ecdf32559e23cfae42ca6c11b551f270301e45fa14d738f70dc981a06e51b02fe4b9bb1adf8e2a531183ef44dc8d7cbdb5aa049d0a4347e7bd83b599e2798990cd4f00503ef725c0bbda4756e0439ab80863c7aa4cb89551169b1bebf77b2569ce5dd38e7108b9237cb9d748e8a9b9156f1eaa6ad496ece3fc05ec500d412f9b3981a2ff1c2a11934f2d7fcf0c3940b58db0ed3a889cffa5c4cc1938a980a51c7ac72075f9c7be6120b1a55f818f9222c4ee1c03fb88ebe629fe4dcdca97704b855025c05ec1b0684156cd93c1ad2685cb26ef540f2247e21134a494c5cb332fde117c38d2e725508c38afb817239bc968a67d2e5e4bde1458be47bd2f89b87041f020627912b239f3df174c571eb7e79c3ac79b1891227bd3553001c271231d92c74c099aa57c01db999bf0fe6ba09f3059183a0308072e0ff720bf36829ff10a3366f46630a699a1e60e0382edebb1d97fc73d72391977921ce0622c8583c7738e64a8c7cbe3f800f123c436ba233756191079aa7f52cdcbc196ab3b0a5a0b6828987c12d70b1d5333e9bf327bf3804c91b6340df30354b719fc83f3cb4bf300c7e1a381ef46484879b55bd22eef652e0a7534a00a725b20bde347c31eea78cf27cd13af6804ff5742cc187cefb2e0a774a0b61018795b0803429c891b1e75da7ce90b811520b10cf6caf428665e439697bbad5ced1d46b97ab988f6de6bb38e6e8d1652eb03b6190031ce8e63bb4cefd85b038912a72d64e9dc8e95736c282321302c0f55346c3dd876f8f9cb9bdf7aff1a91341ea5a9945516e28ea99379feb438dae1c8e6321f3650b3c44782c9d30f2f5a0f18a7973ca52d9f412763d7900cd4656141e85b41ff2e95b31ef6b3e6b989797fffc3f1c182919116e7ea08f11233ef08d4d36451bb057338b7c70fb66dc6a2bf5abec9a008cccc39bc0bc1cf4ce2f42b33b4be2eff6fddc78d835456c8722e5b16405ce46364acd7f798bdc30198e63d592def14f806cbf07c3459967a92a2a99c4b00044492d959ab8beb614973bde022acc98987d24fd5c9d1ab25c7b671a881bae57e252f7474cd82d80bb70db4741a4e3ef85eda3a17880130a2aa71889e3ed12cb466cefb65ffae409d1499bac53a7be984317c9d3cbbf8374e1375404f573745a1e16d3cc32dfa79f1f638ed79596f31e1440e2d052a73fb1f7ce39725c0dd3ef067f3803d7db8c4b9f472a96dc1529b7754f185bdf90eff1258a8edf783bdbbb17200f007d73c897a33c2231ffc019e8a5d738ffdb6861a61094c37f80f03e25b717a3cf5d8a8d1431c612cd266f35fafaf0c4fba246de540968a542d45aa47db0f619c634a55f7e2bb7039fa3e0e414e08279b67fa2feed7d37a42669027f9b0aaa342d54a889d822ff7a579b4b99e34ed03c5544d2cd77d177d81b0e37764e2860bc51a20bdd273066a3861eeca025f338101a36433b1e281ecaebee7756ffcdba59d590200d15770bd21f0a23d296f817f4aea18df56b53dcbaad23f9683ecc6ce06b95a30d3b3381ef7556f08443c6cd695a322709111aca394db96a029ac9bcd050c70de016aac9235822977f63f213582e3f8c9a79c15f8fcbc14eeb68553e286f8292232204284b8422beffa93286afabba2b6b68895c4f742c4a596f4a03f0139912f85cf99e42effde412218ac243f8377a27ce0727771457afd2f04dc4e4e761dfcfef215fceb9616a1ec4609a415ba59fe3cb06b35f039bd30cfc3e0993d82510220010ac2831739f478b4b61ddcf99d5a3e0a48d2b6ff377d5aa701ba3c81600efc245f0ca9b465a2a6635263d2539e75149ae635c64ea14baf65c4e058f93b22f6b27a672908ecd68a6703a7961a8d5b974bea1266bd3ba3416d025ad8f67504409f29faabcd7e08200bbe16a3cf8a06569a6aa9c7790f5587696be04b6326fa7c481e6118ae29d5998786d6e58d0ea180acdc34317354562c5c0e1c9b81923966bc36cfbd3737fe73e801f11f42f16171459683d30f7a7191dc00642e27b61ca8adc0833d50b2f687db03ce452cac8d4e01b23109efdc1d32890c2c61bc3c3b5b70521ce43298167583f6610c48851c0e579a02f36e53d1525e46faabecf7e3796f738f54ec3a5bba2c366f97f4096c632a4e41bb921b1b4fe92ff213b4a26e9e5b6c75a51cf2972c09b3507461ee464f92aeb43aee5fac7db5c5eec61ca89557d00b1f2f045ce39ab78d5f4852282af9ca2dbdcdb92fe587350b457de1a32adec7428f8b1b76dad72f71c7af25234d82581daa", 0x1000}}, 0x1006) (async) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001500), 0x802, 0x0) close_range(r5, r1, 0x0) ioctl$BLKGETNRZONES(r3, 0x80041285, &(0x7f0000001540)=0x7) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_GET_CLOCK(r3, 0x8030ae7c, &(0x7f0000001580)) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000015c0)={0x6, 0x0, [{0xa5e, 0x0, 0x1000}, {0x337, 0x0, 0x40}, {0xad6, 0x0, 0x7}, {0x0, 0x0, 0x7fffffffffffffff}, {0x26e, 0x0, 0x3}, {0x8cf, 0x0, 0x16f7413e}]}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000001640)={[0xa, 0x7ff, 0x0, 0x7, 0x1, 0x60000, 0x7fffffff, 0x7, 0x9, 0x7, 0x6, 0x8, 0xfffffffffffffffb, 0x7, 0x4, 0x8], 0xeeee0000, 0x7a2856f29da5b0a7}) (async) write$FUSE_STATFS(r3, &(0x7f0000003740)={0x60, 0x0, 0x0, {{0x5, 0x3ff, 0xffffffffffff0dc4, 0x8000000000000001, 0xf8, 0x9, 0x404, 0x5}}}, 0x60) 52.42308ms ago: executing program 2 (id=79): mount$binderfs(&(0x7f00000021c0), &(0x7f0000000000)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0x25) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x17) openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x7950c0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=""/16, &(0x7f0000000180)=""/108, &(0x7f0000000200)=""/23, 0xeeee8000}) read(r3, &(0x7f0000000280)=""/5, 0x5) (async) read(r3, &(0x7f0000000280)=""/5, 0x5) 530.29µs ago: executing program 1 (id=80): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) ioctl$RTC_PLL_GET(r2, 0x80207011, &(0x7f0000000080)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="03000000000000001100"]) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='/selinux/policy\x00') write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x202c) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9250) read$FUSE(r2, &(0x7f00000030c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000000100)={0x10, 0x0, r6}, 0x10) prctl$PR_MCE_KILL(0x35, 0x1, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 0s ago: executing program 2 (id=81): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000340)=ANY=[@ANYBLOB="0100000000000001c0000000000000000000000000a24acb5aa252000000"]) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x20000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x7) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000200)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000180)=0x1d}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x1172c1, 0x0) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000000c0)=0xa) ioctl$FIONREAD(r6, 0x541b, &(0x7f0000000240)) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000008902000000000000090000000000000047f0b84bb91441cb38ba26a9d6a2b05a27eadff60b33b6c6f78fb0a2f8bbfdb95693f39fe21bf8d872ab7dfe6bac9041ca81081c261f17eb9dc22c59852f5c6a0ed66ca66049d025166aeeb398a4f11a259c6a2f69b755ee351ff963be8b01fe746a5ced2d5cd444aff3fc31d41b46074262efe7a30328664c55595d0402bb0ce7287b1018ffce"]) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$FICLONERANGE(r9, 0x4020940d, &(0x7f0000000080)={{r10}, 0x2, 0x1, 0x4}) r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000c00)=ANY=[@ANYBLOB="01010000800000003a000000000000000200000000000000"]) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000440)=@x86={0x5, 0x4, 0x4, 0x0, 0x9, 0x5, 0x2, 0x5, 0x1, 0xac, 0x5, 0x8, 0x0, 0xedc8, 0x8, 0x6, 0xd9, 0x6, 0x6, '\x00', 0xaa, 0x9}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) prctl$PR_MCE_KILL_GET(0x22) ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000080)={0xd000, 0x109000, 0x1}) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0) mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000100), 0x20080, &(0x7f0000000480)=ANY=[@ANYBLOB="6d61783d3030304dd0648d7488303030303030303030300000cb313eadef505df256fd4222302030302c00f8f47155b1107319e7359c1181664f77974948d0f5000000000000effb3653a9881c4ef3e5ce4d30af25c3eec3a27983b63b10a48e5831e2c80a114dbcc2ec939ae1401ae4713abe9ae5631757f66a28fa1bdc54cf2ca07668206578966653d5c17178a1593cbf62135e5261a9486dfcb69815a60e962718dc80da3a0027412669880256f07cf8a9fd7e0388feaf19ad453ba8bce62bfbb33f792f8dda8362e22ad7b031a101d91e05af7e79c879b00bcf8390c72c5a7a72e0391db1362d0b75eb9979e2e99f5b6935fbca78c2f215dec2dbefd16a"]) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.7' (ED25519) to the list of known hosts. [ 22.619963][ T36] audit: type=1400 audit(1750416495.330:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.622778][ T281] cgroup: Unknown subsys name 'net' [ 22.642701][ T36] audit: type=1400 audit(1750416495.340:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.670002][ T36] audit: type=1400 audit(1750416495.360:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.670204][ T281] cgroup: Unknown subsys name 'devices' [ 22.852502][ T281] cgroup: Unknown subsys name 'hugetlb' [ 22.858111][ T281] cgroup: Unknown subsys name 'rlimit' [ 23.034011][ T36] audit: type=1400 audit(1750416495.750:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.057194][ T36] audit: type=1400 audit(1750416495.750:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.082105][ T36] audit: type=1400 audit(1750416495.750:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.097545][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.113975][ T36] audit: type=1400 audit(1750416495.830:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.139453][ T36] audit: type=1400 audit(1750416495.830:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.168822][ T36] audit: type=1400 audit(1750416495.880:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.169339][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.194312][ T36] audit: type=1400 audit(1750416495.880:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.054194][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.061278][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.068334][ T290] bridge_slave_0: entered allmulticast mode [ 24.074722][ T290] bridge_slave_0: entered promiscuous mode [ 24.081083][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.088111][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.095216][ T290] bridge_slave_1: entered allmulticast mode [ 24.101532][ T290] bridge_slave_1: entered promiscuous mode [ 24.131674][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.138831][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.145932][ T288] bridge_slave_0: entered allmulticast mode [ 24.152213][ T288] bridge_slave_0: entered promiscuous mode [ 24.158543][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.165616][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.172777][ T288] bridge_slave_1: entered allmulticast mode [ 24.179017][ T288] bridge_slave_1: entered promiscuous mode [ 24.197525][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.204692][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.211784][ T289] bridge_slave_0: entered allmulticast mode [ 24.217975][ T289] bridge_slave_0: entered promiscuous mode [ 24.236262][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.243441][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.250510][ T289] bridge_slave_1: entered allmulticast mode [ 24.256823][ T289] bridge_slave_1: entered promiscuous mode [ 24.269235][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.276516][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.283645][ T291] bridge_slave_0: entered allmulticast mode [ 24.289948][ T291] bridge_slave_0: entered promiscuous mode [ 24.306132][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.313195][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.320293][ T291] bridge_slave_1: entered allmulticast mode [ 24.326534][ T291] bridge_slave_1: entered promiscuous mode [ 24.467794][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.474869][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.482159][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.489184][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.504066][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.511111][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.518339][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.525371][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.539034][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.546143][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.553393][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.560424][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.572328][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.579370][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.586676][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.593714][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.624038][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.631751][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.638960][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.646168][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.653666][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.660882][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.668014][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.675269][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.700539][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.707597][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.717059][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.724115][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.745459][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.752502][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.761203][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.768231][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.775866][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.782910][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.791583][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.798611][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.814835][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.821877][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.829350][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.836455][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.863861][ T290] veth0_vlan: entered promiscuous mode [ 24.898347][ T290] veth1_macvtap: entered promiscuous mode [ 24.906918][ T289] veth0_vlan: entered promiscuous mode [ 24.914110][ T291] veth0_vlan: entered promiscuous mode [ 24.932421][ T288] veth0_vlan: entered promiscuous mode [ 24.946944][ T289] veth1_macvtap: entered promiscuous mode [ 24.971140][ T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 24.971726][ T288] veth1_macvtap: entered promiscuous mode [ 25.002065][ T291] veth1_macvtap: entered promiscuous mode [ 25.033363][ T308] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.086678][ T318] rust_binder: Write failure EFAULT in pid:2 [ 25.126352][ T326] rust_binder: Write failure EINVAL in pid:2 [ 25.143829][ T329] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 25.149860][ T329] rust_binder: Read failure Err(EFAULT) in pid:7 [ 25.178731][ T333] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.187271][ T333] rust_binder: Write failure EINVAL in pid:7 [ 25.197819][ T336] rust_binder: Write failure EFAULT in pid:11 [ 25.209023][ T336] rust_binder: Error while translating object. [ 25.213434][ T337] rust_binder: Error while translating object. [ 25.218713][ T336] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.222324][ T337] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.235872][ T336] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:11 [ 25.254273][ T337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:11 [ 25.405019][ T361] rust_binder: Error while translating object. [ 25.414808][ T361] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 25.421199][ T361] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:18 [ 25.432055][ T361] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.436917][ T366] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.447755][ T366] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:7 [ 25.503369][ T369] binder: Unknown parameter '' [ 25.541239][ T383] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.541334][ T383] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 25.580026][ T389] binfmt_misc: register: failed to install interpreter file ./cgroup [ 25.773831][ T401] kvm_intel: kvm [400]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 25.802194][ T403] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.802221][ T403] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.825851][ T408] random: crng reseeded on system resumption [ 25.875972][ T408] kvm: user requested TSC rate below hardware speed [ 25.924516][ T418] __vm_enough_memory: pid: 418, comm: syz.2.33, bytes: 281474976845824 not enough memory for the allocation [ 26.130880][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 26.158680][ T435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:39 [ 26.158818][ T435] rust_binder: Write failure EFAULT in pid:39 [ 26.341154][ T449] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.348951][ T450] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.355774][ T449] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.365675][ T451] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 26.388769][ T453] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:33 [ 26.406750][ T453] rust_binder: got new transaction with bad transaction stack [ 26.415964][ T453] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:33 [ 26.424292][ T455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.425003][ T456] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:33 [ 26.557490][ T462] rust_binder: Write failure EINVAL in pid:35 [ 26.596683][ T464] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:38 [ 26.715120][ T471] rust_binder: Error while translating object. [ 26.724541][ T471] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 26.732248][ T471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:38 [ 26.782750][ T477] __vm_enough_memory: pid: 477, comm: syz.1.51, bytes: 281474976845824 not enough memory for the allocation [ 27.032778][ T483] binder: Unknown parameter '' [ 27.091413][ T491] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 27.091435][ T491] rust_binder: Read failure Err(EFAULT) in pid:53 [ 27.100049][ T491] rust_binder: Error while translating object. [ 27.106755][ T491] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 27.113131][ T491] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:53 [ 27.521784][ T504] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 27.530901][ T504] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:66 [ 27.541885][ T504] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 27.551133][ T504] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:66 [ 27.638682][ T36] kauditd_printk_skb: 87 callbacks suppressed [ 27.638699][ T36] audit: type=1400 audit(1750416500.350:161): avc: denied { execute } for pid=505 comm="syz.3.61" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 28.081894][ T36] audit: type=1400 audit(1750416500.800:162): avc: denied { block_suspend } for pid=517 comm="syz.1.65" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.200030][ T528] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 28.200055][ T528] rust_binder: Error while translating object. [ 28.200480][ T437] Bluetooth: hci0: command 0x1003 tx timeout [ 28.210812][ T528] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 28.217068][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 28.223707][ T528] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:57 [ 28.337022][ T540] rust_binder: Write failure EFAULT in pid:44 [ 28.657879][ T36] audit: type=1326 audit(1750416501.370:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=563 comm="" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe6ff18e929 code=0x0 [ 28.730213][ T36] audit: type=1400 audit(1750416501.410:164): avc: denied { read write } for pid=566 comm="syz.2.78" name="uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 28.781927][ T36] audit: type=1400 audit(1750416501.410:165): avc: denied { open } for pid=566 comm="syz.2.78" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 28.851975][ T576] ------------[ cut here ]------------ [ 28.852624][ T36] audit: type=1400 audit(1750416501.570:166): avc: denied { load_policy } for pid=575 comm="syz.1.80" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 28.857491][ T576] WARNING: CPU: 1 PID: 576 at mm/page_alloc.c:5157 __alloc_pages_noprof+0xe4/0x6c0 [ 28.886678][ T576] Modules linked in: [ 28.890643][ T576] CPU: 1 UID: 0 PID: 576 Comm: syz.1.80 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 28.903905][ T576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 28.914059][ T576] RIP: 0010:__alloc_pages_noprof+0xe4/0x6c0 [ 28.919986][ T576] Code: 0f 1f 44 00 00 41 83 fd 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d a4 78 ee 05 00 0f 85 c4 00 00 00 c6 05 97 78 ee 05 01 <0f> 0b 31 c0 e9 b6 00 00 00 41 83 fd 0a 0f 87 aa 00 00 00 44 89 6c [ 28.939732][ T576] RSP: 0018:ffffc9000caaf680 EFLAGS: 00010246 [ 28.946002][ T576] RAX: 0000000000000000 RBX: 1ffff92001955ed4 RCX: 0000000000000000 [ 28.954037][ T576] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000caaf728 [ 28.962072][ T576] RBP: ffffc9000caaf7a8 R08: ffffc9000caaf727 R09: 0000000000000000 [ 28.970068][ T576] R10: ffffc9000caaf710 R11: fffff52001955ee5 R12: ffffc9000caaf6c0 [ 28.978163][ T576] R13: 0000000000000016 R14: dffffc0000000000 R15: 0000000000000000 [ 28.986263][ T576] FS: 00007f60ad2ca6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 28.995291][ T576] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.002201][ T576] CR2: 0000200000002000 CR3: 00000001139a4000 CR4: 00000000003526b0 [ 29.010324][ T576] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.018316][ T576] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.026367][ T576] Call Trace: [ 29.029676][ T576] [ 29.032678][ T576] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 29.038425][ T576] ? __kasan_slab_alloc+0x73/0x90 [ 29.043531][ T576] ? hashtab_init+0xdb/0x1f0 [ 29.048157][ T576] ___kmalloc_large_node+0x9c/0x1d0 [ 29.053420][ T576] ? ebitmap_read+0x21d/0x990 [ 29.058131][ T576] ? hashtab_init+0xdb/0x1f0 [ 29.062818][ T576] __kmalloc_large_node_noprof+0x1e/0xe0 [ 29.068486][ T576] ? hashtab_init+0xdb/0x1f0 [ 29.073146][ T576] __kmalloc_noprof+0x26d/0x450 [ 29.078025][ T576] hashtab_init+0xdb/0x1f0 [ 29.082740][ T576] ? policydb_read+0x86f/0x28c0 [ 29.087634][ T576] symtab_init+0x44/0x70 [ 29.091964][ T576] policydb_read+0x8fe/0x28c0 [ 29.096685][ T576] ? kasan_save_alloc_info+0x40/0x50 [ 29.102032][ T576] ? __cfi_policydb_read+0x10/0x10 [ 29.107174][ T576] ? security_load_policy+0x128/0x12f0 [ 29.112710][ T576] security_load_policy+0x162/0x12f0 [ 29.118024][ T576] ? irqentry_exit+0x4a/0x60 [ 29.122683][ T576] ? exc_page_fault+0x66/0xc0 [ 29.127392][ T576] ? asm_exc_page_fault+0x2b/0x30 [ 29.132514][ T576] ? __cfi_security_load_policy+0x10/0x10 [ 29.138272][ T576] ? rep_movs_alternative+0x4a/0xa0 [ 29.143556][ T576] sel_write_load+0x298/0x5e0 [ 29.148269][ T576] ? __cfi_sel_write_load+0x10/0x10 [ 29.153537][ T576] ? bpf_lsm_file_permission+0xd/0x20 [ 29.158950][ T576] ? __cfi_sel_write_load+0x10/0x10 [ 29.164487][ T576] vfs_write+0x3c0/0xe80 [ 29.168774][ T576] ? __cfi_vfs_write+0x10/0x10 [ 29.173611][ T576] ? __kasan_check_write+0x18/0x20 [ 29.178761][ T576] ? mutex_lock+0x92/0x1c0 [ 29.183261][ T576] ? __cfi_mutex_lock+0x10/0x10 [ 29.188144][ T576] ? __fget_files+0x2c5/0x340 [ 29.192880][ T576] ksys_write+0x141/0x250 [ 29.197340][ T576] ? xfd_validate_state+0x68/0x150 [ 29.202587][ T576] ? __cfi_ksys_write+0x10/0x10 [ 29.207467][ T576] ? __kasan_check_write+0x18/0x20 [ 29.212657][ T576] ? fpregs_restore_userregs+0x11d/0x260 [ 29.218319][ T576] __x64_sys_write+0x7f/0x90 [ 29.222958][ T576] x64_sys_call+0x271c/0x2ee0 [ 29.227662][ T576] do_syscall_64+0x58/0xf0 [ 29.232131][ T576] ? clear_bhb_loop+0x35/0x90 [ 29.236854][ T576] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.242901][ T576] RIP: 0033:0x7f60ac38e929 [ 29.247348][ T576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 29.267097][ T576] RSP: 002b:00007f60ad2ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.275586][ T576] RAX: ffffffffffffffda RBX: 00007f60ac5b5fa0 RCX: 00007f60ac38e929 [ 29.283617][ T576] RDX: 000000000000202c RSI: 0000200000000000 RDI: 0000000000000004 [ 29.291649][ T576] RBP: 00007f60ac410b39 R08: 0000000000000000 R09: 0000000000000000 [ 29.299651][ T576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 29.307688][ T576] R13: 0000000000000000 R14: 00007f60ac5b5fa0 R15: 00007ffced4bd4d8 [ 29.315717][ T576] [ 29.318766][ T576] ---[ end trace 0000000000000000 ]--- [ 29.325840][ T576] SELinux: failed to load policy