last executing test programs:

2.251775756s ago: executing program 0 (id=212):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1100})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x478400, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, 0x0}, 0x10}], 0x0, 0x0, 0x0})

2.251298126s ago: executing program 0 (id=213):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xdc, 0x0, 0x4})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000004fd000000000000a05f689ee5703f65889434e6"])
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000440)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x200081, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x4c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x51, 0x0, &(0x7f0000000700)="93ca2efc9445b68c079d41dcfff066e61c4d8f1021949c8c75c29113ed78c691e4a88534e71804ab594c9c0cea97e979adb05f81276775d60f54e903eb87a57f7cbe1f97039cb9d611ffa16ca4582a68cd"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r5, &(0x7f0000000040), 0x2, 0x0)
close_range(r4, 0xffffffffffffffff, 0x2)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r6, 0x2000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r6, 0xc2a4a000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x5, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0})

2.037833889s ago: executing program 0 (id=218):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x101000, 0x0)
ioctl$TUNGETFEATURES(r1, 0x5452, &(0x7f0000001740)) (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1, 0x1}})
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'tunl0\x00', 0x2000}) (async)
close(0x3) (async)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000200)={0x2, 0xd3e, 0x389, 0x0, 0xe})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) (async)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs2\x00', &(0x7f0000000040), 0x4800, &(0x7f0000000000))

2.037403299s ago: executing program 0 (id=219):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2002, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001000/0x1000)=nil})
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000002340))
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x8000, 0x5, 0x7, 0x1, 0x9, 0x3, 0xbf, 0xb8, 0x3, 0xf, 0x5, 0x6}, {0x804, 0x5, 0x1, 0x5, 0x7, 0x2, 0xff, 0x5, 0x9, 0x4, 0xb, 0x7f, 0x3}, {0x4, 0x6, 0x38, 0x6, 0x84, 0x7, 0x0, 0x50, 0x2, 0x70, 0x3, 0xa, 0x400000000006}], 0xffffffff})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002480), 0x440a80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x5)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000280)={0xeeee8000, 0x8000})
r8 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000002c0), 0x181882, 0x0)
read$FUSE(r8, &(0x7f0000000300)={0x2020}, 0x2020)
write$FUSE_CREATE_OPEN(r8, 0x0, 0x0)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
ioctl$BLKPG(r9, 0x1269, &(0x7f00000000c0)={0x1, 0x0, 0x98, &(0x7f0000000000)={0x8000, 0x8000, 0x40000d}})
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xdc, 0x0, 0x4})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1})
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)

1.708510204s ago: executing program 0 (id=223):
r0 = openat$binfmt_register(0xffffff9c, &(0x7f0000000180), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x5, 0x3a, '/^', 0x3a, ']$@K-^{', 0x3a, './file0'}, 0x30)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x1000, &(0x7f0000000000))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0300002300000000510b000000000059c70600000000ff0f000000000000670900000000000000000000000000013a00000000000000000005ffffffffff"])
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'netpci0\x00', 0x2})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000380)=ANY=[@ANYBLOB="01000004"])
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x1113, r2, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
write$selinux_access(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[], 0x5f)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x400, 0x40)
unlinkat(r4, &(0x7f0000000080)='./file1\x00', 0x0)
ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f0000000180)={0x2, 0x0, 0x1, 0x0, 0x0, [{{r4}, 0x293}]})
openat(r4, &(0x7f0000000240)='./file0\x00', 0x0, 0x9a)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/rcu_normal', 0xc000, 0x79)
unlinkat(r4, &(0x7f0000000000)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x50a41, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000d260ef0f00000000803d67f83d0500ff00"/40])
openat(r5, &(0x7f00000000c0)='./file0\x00', 0x2041, 0x2)

1.657656275s ago: executing program 2 (id=225):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x80401, 0x0)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/kernel/fscaps', 0x2200, 0xe0)
ioctl$FS_IOC_RESVSP(r1, 0x4030582b, &(0x7f0000000300)={0x1100, 0x2, 0x75, 0x2a40})
ioctl$BLKRRPART(r0, 0x125f, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x0)
openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x43, 0xda1, 0x8, 0x2004cb, 0x0, 0x100001000000, 0xfffffffffffffffe, 0x1, 0x8000, 0x3], 0x3000, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000400)={0x54, 0x0, &(0x7f0000000300)=[@increfs, @transaction_sg={0x40486311, {0x8002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
getpid()
syz_clone(0x2000, &(0x7f0000000380)="a13f772d0b6e41787dc18e4f6a64ea6848d74e513c4de3003c883573aa55b4a01a8d9d82fd14ce83ce1828516c572905f1aa2fab95780ac31dc9a1ade9769c1cb01caded331016ade5b6745a4858b938b9cd538d0a", 0x55, &(0x7f00000002c0), &(0x7f0000000440), &(0x7f0000000480)="8906b9a5989da32eb12ac2445ec45e18132fc873de4eae7fe0702d9d9034059e502e20c1be4f54ecb5d21feb3e2f9b6c35034186754d8f062175d1abdc30251266d0d083ad3db618553594923e29779b02a2fa4f6e666745faf364606ed967ef34a83e9d9e89f696c5ec4cab1221dfbb26d52e5f51cbc84720c987a56e782468d2398db9d1d4869916a076283754ff007a7b745482393356918a000c4ffdff0c9411785dc1d158484d94feb6a7d676264e6c7f5a7b455eea8447bb22ed57a53957a0f337a81981644ac74354e533a276342846d130487ccca1a473bfa923bbe7825776779a5e0d2bfbca")
r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
read(r5, &(0x7f0000000100)=""/3, 0x3)
syz_clone3(&(0x7f00000007c0)={0x1650a4400, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600), {0x15}, &(0x7f0000000640)=""/153, 0x99, &(0x7f0000000700)=""/71, &(0x7f0000000a00)}, 0x58)
syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
openat$cgroup_procs(r1, &(0x7f0000000180)='cgroup.threads\x00', 0x2, 0x0)
read(r6, &(0x7f0000002a40)=""/4096, 0x1000)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r8, 0x0)

1.091221764s ago: executing program 0 (id=235):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x84}, {0x6}]})
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000040)=0x93f)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000100)={0x4800000000000000, 0x8000000, 0x5, 0x9, 0x1c})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

739.478509ms ago: executing program 2 (id=241):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'veth0_to_team\x00', 0x800})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x11, 0x8, 0xc, 0x1a, 0x6, 0x80000000, 0x0, 0x21, 0x1})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000180)=[{0x24}, {0x6}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) (async)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r2, &(0x7f0000000280)={0x8, 0x2d, 0x3ffffe, 0x3a, 0x6, 0x2c}, 0x48) (async)
write$tcp_mem(r2, &(0x7f0000000280)={0x8, 0x2d, 0x3ffffe, 0x3a, 0x6, 0x2c}, 0x48)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000001780), 0x40200, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000001780), 0x40200, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0xc4fea534d284fe21, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x100000001, 0x1, 0x4, 0x3, 0x9, 0x3, 0x9f76000000000000, 0x4, 0x9, 0x20000000000000, 0x8, 0x101, 0x2, 0x3, 0xf], 0xdddd0000, 0x89ead882a190e40e})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r3, 0x45809000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="0500000000e3fef9150001c0"])
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, &(0x7f0000000140)='cpuset.memory_migrate\x00', 0x2, 0x0)
read$FUSE(r9, &(0x7f00000020c0)={0x2020}, 0x3a3) (async)
read$FUSE(r9, &(0x7f00000020c0)={0x2020}, 0x3a3)
r10 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) (async)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f00000004c0)=ANY=[@ANYBLOB="090000000000000004000000000000000000000002000000040080000e0000000800f40000000000000000000000000000000000060000000000000000000000020000008bc040150500000000000000000000000000000001000000050000000a000000ff7f000008000000fdffffffffffff7f000000000000000000000000010000000300000001000000040000007f0000000000000081000000000000000000000000000000000000c0ff07000003000000ffffffff0600000001000000ff0f000000000000000000000000000006000000000000800a000000000000000000000000000000080000800000008007000000040000000700000000000000030000000000000000000000000000000200000000000000010000000101000004000000010000000100000000000000000000000000000000000040000000000700000004000000070000000000000000279098e42b1b04"]) (async)
ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f00000004c0)=ANY=[@ANYBLOB="090000000000000004000000000000000000000002000000040080000e0000000800f40000000000000000000000000000000000060000000000000000000000020000008bc040150500000000000000000000000000000001000000050000000a000000ff7f000008000000fdffffffffffff7f000000000000000000000000010000000300000001000000040000007f0000000000000081000000000000000000000000000000000000c0ff07000003000000ffffffff0600000001000000ff0f000000000000000000000000000006000000000000800a000000000000000000000000000000080000800000008007000000040000000700000000000000030000000000000000000000000000000200000000000000010000000101000004000000010000000100000000000000000000000000000000000040000000000700000004000000070000000000000000279098e42b1b04"])
syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async)
syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

680.71092ms ago: executing program 2 (id=243):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) (async)
r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$tcp_mem(r1, &(0x7f00000001c0)={0xa0000000, 0x20, 0x5, 0x20, 0x1}, 0x48) (async)
write$tcp_mem(r1, &(0x7f00000001c0)={0xa0000000, 0x20, 0x5, 0x20, 0x1}, 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f00000001c0)) (async)
ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f00000001c0))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc00, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000440)={0x1, 0x0, [{0x140, 0x0, 0x1}]}) (async)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000440)={0x1, 0x0, [{0x140, 0x0, 0x1}]})
ioctl$KVM_CAP_X86_DISABLE_EXITS(r3, 0x4068aea3, &(0x7f00000002c0)={0x8f, 0x0, 0x9})
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
ioctl$UI_SET_ABSBIT(r4, 0x40045567, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000840)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x10, 0x6, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xe, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x2, 0xfffffffe, 0x0, 0xffffffff, 0x2, 0x0, 0x3], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x3, 0x0, 0x4, 0x0, 0xffeffffe, 0x0, 0x5], [0x1, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5b2bb47c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r8, 0x405c5503, &(0x7f0000000240)={{0x5, 0x0, 0x3, 0x6}, 'syz0\x00', 0x3a})
ioctl$UI_DEV_CREATE(r8, 0x5501)
close(0x3)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000140)=[@increfs={0x40046304, 0x3}, @acquire_done, @increfs_done], 0x5a, 0x0, &(0x7f0000000000)="1920ffffffffffffffff1fdcc405a82eb9387efc0a80eb2a8e4f6b2dab5b5dd16066dc703442a19d2bd210e45df98d795a638644681df130d3b090cb22265d0b32bd2948c09bc6ec7ec8f6ed9dbd826e000000000000000000"}) (async)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000140)=[@increfs={0x40046304, 0x3}, @acquire_done, @increfs_done], 0x5a, 0x0, &(0x7f0000000000)="1920ffffffffffffffff1fdcc405a82eb9387efc0a80eb2a8e4f6b2dab5b5dd16066dc703442a19d2bd210e45df98d795a638644681df130d3b090cb22265d0b32bd2948c09bc6ec7ec8f6ed9dbd826e000000000000000000"})
mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0)

675.9338ms ago: executing program 1 (id=244):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000003c0), 0x1a000, 0x0)
mkdirat(r1, &(0x7f0000000940)='./file0\x00', 0x15)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0xa, 0x2})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x52, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"})

595.667831ms ago: executing program 1 (id=245):
r0 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)='cpu.pressure\x00', 0x2, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x131580)
close(r1)
ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000080)={0x10, 0x0, "1b57e248c717408c1433ff3b9118673f"})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000002b80)={'geneve1\x00', @local})
ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@dont_hash}]})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$TCGETS2(r3, 0x802c542a, &(0x7f00000000c0))

592.466521ms ago: executing program 1 (id=246):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000240)={0x1, 0x0, [{0x1, 0x0, 0x0, 0x0, 0x0, 0xffff}]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0101000000c8bf9a573540"])
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x7fffffffffffffff)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r6, 0x0)
ioctl$ASHMEM_SET_NAME(r6, 0x40087708, &(0x7f0000002600)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80`4/\xe9\x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\x16\\n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x04;\xc5[\nja\xb9\'\xc9#\xfcx\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00B\x05\xd4\xea\xea\x7f=\xc6:\\N\xc3\xb7Vw\xc6\x9c\x96s\xaaHL\x96\xc72\n\x18Ynj\xceTS\xfbl\x0f\x9f8M\f\x89\xa1\xd2Hs`\x8bp\x8a\xc4%\xf8\x1d3\nV\x9a\xaf\x1f\xf96^\x93\xc1\xaf)\rg\x86\xd6\xea\xa9\x0f\x9a\xf1V\x1b\xbf\x8b\'-\xab\x8e\t7\xd3\xf7\xa9v\xfbY\xe6\x9b^d\x8c\xb1\xdd')
ioctl$ASHMEM_SET_NAME(r6, 0x40087708, &(0x7f0000000300)='\x00\x00\x00\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00')
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x4, 0x8, 0x1e, 0x7f, 0x4, 0x2f, 0x9e, 0xf3, 0x1, 0xd4, 0x9, 0x3, 0xd, 0x6, 0x14}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r7, 0xc008ae09, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x36, 0xd, 0xffffffffffffffff)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x4a)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000500)={0x44, 0x0, &(0x7f0000000400)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

575.805462ms ago: executing program 3 (id=247):
ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f00000000c0)="c82d58eea93375eb162386e1f7479c3979e67fe05230eb09b4d81b27f7af922416ed966e3a55212c405b05959d10c9c8ff82bd6659dabf93d56a64667e6197128e5c163f5433216c0c2c1202a9a473668c2225f0525242789c27e97398c4419fd55270912614ba3482c8f70cf037673c8ccb0a4a7e1ec5152933679b3c1a3f4d28ed75e8c982364b9493a6a3452f36d4891827d724a7aa1a5c21a6ea45f40bd60b904f10ffcdc9caf6447044210a46a257546f6e4851ee4f5ed8c466af20aec8b5cd9b3d62a9bea4f191019407841703c8523538144f22cf2285597e872f716fea4aef2c6c6d1e1bf46b13759338959775c29761866155007349fcd464b1f739")
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000700)={0x2, 0x0, [{0x4, 0x77, &(0x7f0000000600)=""/119}, {0xdddd0000, 0x9e, &(0x7f0000000780)=""/158}]})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000200)=0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c9801288363"], 0xffdd)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000009902"])
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0xfffffffffffffffc, 0x180, 0x200000004, 0x8, 0xf1, 0x2000, 0x7fffffffffffe, 0xa27, 0x0, 0x5, 0x40000000000f0, 0x80000001, 0x8, 0xbdb], 0xeeee8000, 0x1e5211})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @pic={0xb, 0x4, 0x10, 0x0, 0x10, 0xfc, 0x2, 0x4, 0x8, 0x9, 0x4, 0xb3, 0x7d, 0x3e, 0x7, 0x60}})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$UI_SET_PROPBIT(r6, 0x4004556e, 0x1e)
mount$binderfs(&(0x7f00000000c0), 0x0, 0x0, 0x105840, 0x0)
ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, &(0x7f00000001c0)=""/215)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000400), 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

515.517223ms ago: executing program 3 (id=248):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$BTRFS_IOC_BALANCE(r0, 0x5000940c, 0x0) (async)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$VT_WAITACTIVE(r1, 0x5607)
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000040)={0x2, 0x7, {0x8, @usage=0x4, 0x0, 0x3, 0x5, 0x9, 0x100000001, 0x4, 0x9, @struct={0x7fffffff, 0xe}, 0x7fffffff, 0xfff, [0xffffffffffffffc5, 0x4db62ad3, 0x6, 0x5, 0x4, 0x7]}, {0x40, @struct={0x7, 0xc}, <r2=>0x0, 0xb2, 0xffffffffffff161d, 0x1, 0x7fffffff, 0x2, 0x20, @usage=0x5, 0xfff, 0x4, [0xff, 0x100, 0x5, 0x1dbb, 0x3, 0x8]}, {0x9, @usage=0x8, 0x0, 0x39, 0x401, 0x8, 0xe961, 0x1, 0x408, @usage=0x7f, 0xffff, 0x3, [0x8, 0x9, 0x3, 0x2, 0x7, 0x3ff]}, {0x0, 0x7, 0x80000000}}) (async)
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000440)={<r3=>0x0, "a07f97e1f3b69f12ca14c3c9297ae55a"}) (async)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000001440)={<r4=>0x0, 0x5, 0x5, 0x6aa72046e1a9c1e5})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000001840)={0x3, 0x1, {0x75a5c24000000000, @usage=0xd, r2, 0x4, 0xfffffffffffffff9, 0x0, 0x5c1, 0xb, 0x1, @usage=0x8, 0x4, 0xfffffff8, [0x5, 0x8, 0x0, 0x4, 0x8, 0xff]}, {0x5, @struct={0x1, 0x5}, r3, 0xbadf, 0x8, 0x3, 0x6, 0x80000000, 0x25, @usage=0x40, 0x2, 0xb, [0x2, 0xd, 0x7f, 0x2, 0x8001, 0xc]}, {0x5, @struct={0x9ece, 0xffffffff}, r4, 0xffffffff, 0xfffffffffffffffe, 0x800, 0xcf1, 0x1, 0x1c, @usage=0x1, 0xfffffff7, 0x7, [0x3, 0x5, 0x1000, 0x98, 0x34, 0x1]}, {0x5, 0xb3, 0x6566}}) (async)
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000001c40)={0x9, 0x0, [{0x968, 0x0, 0x1ff}, {0x20}, {0x680}, {0x84c, 0x0, 0x9}, {0xa86, 0x0, 0x7fff}, {0x48c, 0x0, 0xffff}, {0xa90, 0x0, 0x1}, {0x9ad, 0x0, 0x8}, {0x2c4, 0x0, 0xc921}]}) (async)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000001d00)=<r6=>0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000001dc0)={{r5}, r6, 0x0, @inherit={0x50, &(0x7f0000001d40)={0x1, 0x1, 0x5b05, 0x6, {0x11, 0x9, 0x4526, 0x6, 0x6}, [0x4]}}, @subvolid=0x627bf65d})
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r7, 0x4068aea3, &(0x7f0000002dc0)={0xdf, 0x0, 0x3000}) (async)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0xf503, 0x0) (async)
r8 = openat$cgroup(0xffffffffffffffff, &(0x7f0000002e40)='syz0\x00', 0x200002, 0x0)
openat$cgroup_freezer_state(r8, &(0x7f0000002e80), 0x2, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000002ec0), 0x400800, 0x0)
ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000002f80)={0x9, &(0x7f0000002f00)=[{0x5, 0xa6, 0xfb, 0x10000}, {0x4, 0x6, 0xf, 0x4}, {0x8001, 0x9, 0x2, 0xfffffff8}, {0x8, 0x7, 0x10, 0x7}, {0x9, 0x3, 0xfc, 0x7}, {0x5, 0x3, 0x4, 0x6}, {0x8, 0x0, 0xe, 0x8}, {0x8, 0x6d, 0x40, 0x3}, {0x70d0, 0x4, 0x9, 0xfffffffc}]})
ioctl$TCSBRK(r1, 0x5409, 0x4) (async)
r10 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000002fc0)={0xb26f, 0x4})
ioctl$BTRFS_IOC_GET_FEATURES(r10, 0x80189439, &(0x7f0000003000)) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000003040)={0x2, 0x10b000})
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r9, 0x8008f512, &(0x7f0000003080)) (async)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000030c0)={0x4ae3, 0x7f, 0x7, 0x2, 0x6, 0x0, [{0xffffffffffffffeb, 0x5, 0x6, '\x00', 0x800}, {0x5, 0x126, 0x6, '\x00', 0x2685}, {0x0, 0x10e8, 0x59, '\x00', 0x2}, {0x3, 0x759, 0x4, '\x00', 0x1c03}, {0x5, 0x0, 0x0, '\x00', 0x1201}, {0x3, 0x5, 0x3, '\x00', 0x4}]}) (async)
ioctl$BTRFS_IOC_SPACE_INFO(r9, 0xc0109414, &(0x7f0000003240)={0x6ff, 0x8, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) (async)
r11 = openat$uhid(0xffffffffffffff9c, &(0x7f000000da40), 0x2, 0x0)
write$UHID_INPUT(r11, &(0x7f000000da80)={0x8, {"014ddb2962f3b82003937c805ef9d9eeee464fbd5774223dc2a0c24bcd77e53c93e0b642e6e40c264c745a832fbc518c58b8966c576df1d2916be077d38b085e4d93a5aa210194bcfe460c0b072c8de7e3cc888acc20f838bc6f04de06946279a903e7a7d09d33dc49b11fd3636cfcdb36d6410f7700a3b1852d0cc669af26424a117fb26c22f75faa45c9023e4eaa02ace912cbb9923af50a58a3de0cf71b10cda2377bb265648b6fc0a2fbe55b511fbea3de49f7cf7a3649c74d4e56adf23a1fca843230586d92cda75fc4a2721661c02aad81997c3f84ebede63ee25e428660f1082170de0654a3077e3371c2ae535418d95e336f416a44af624af985554b566073608ac32a45838db720512d67dd4fd30a608e4301f2fea317370a6b2eb74499758d1109a10c386255a4ef87200a9bf5f5d5a4332373798cc68f96f308e13ee24fe7fa1a942ba9f04eacc13a27f418d2666e0def60c1b5ab74c747553383fdeb49185fe1ac8d1a1072e89f1700b2f1edd1d042ec53adb3f7da26f2df91eb2f7397357b11bd925cbc2d000d49f2ba8fb10ed99b17b55b7a73ce8f452b4542aa63c06eddc90109a3bc0a3c07e311d74cb630e7a742e2a63b1e219fe951d13500ff89d5b42299fcf802a1124c8df4a5298b935b27bfbd59e2b5872d7e2d82d9623353741f65ac7187c8137990e9632d25f459ce6d1fb363f366b774c211dc9e3167f99fa75fc9a62488997d4e001e05f2fd4f3d672137916ac36f46bbf283e72d254872b18a26482674f522e988351ffebef0c83f9dfd21f779466eaa16d0ee2826d0fd48a4642469afc0c375801d135c8149c419b15d4f4668c2590e43fd2841f3fbc862c6106455322bd2c1204321ca4ca9a18c821e6e2edd5b3f5f84549393a82fb8b44e12a0220e7a09e2446ce9a3c6e0efa36de34efe3d34018c16a73f4d355b2fdb2fd4b3a2867fd5bcd213280e33ee8c8ed502be78a79a10d0695dbbda335e0085da1e2b575bf1840ce62d070b420f01d657d41f2904c90ac172cf3fb6a93e007e1f1f679facb8c67b29302fc274ff0d065a5bb6ca2aa62070abfa30d05d6f0b33d2aa222396619ccf14309a4110b1f06e2195126d71d6ef2b413a3ed0762f7f96d4b40439c98811b9d1544412dba6e2eff00e11350cb3d8802b0e961006df60a645f2a02875acb830596a25070185046c8a0fa9d3ccfaba49cacc7473cfe1d38744f7e0ddfd88148776214cfb4c538a0b63b80f076c6a363eefd888ba40d9baaa2e8e56d184814ac7808fef88897dd4ebd8c18c2ce99d11fdea25abccf3addb0938988d3e4ce9f53bb40ac011b3a4681f3bf18a5f164ec62aef561014584b4d6d3b631dceeb8f3928d11c4ea8ac03a0ecd888d2223281e4639ed15d7ba2788a1294ea30db5605d754b42c5ef0c482d918347a99db6d3cfdf1c16bdb9282e2dcd70863fe73d466ad03828246e60045164d1578e64145364beea149319acbe56613071e8e150f84227c20e664ca63d2573e532e96bac0f6063f3cabb677664fc5479b6295d9498543c2e459348b6ad44d7f5aa8e606e0ea6fc90df79b8c00a02c63353033316d4948ba67d0be72c30c48f5bfd561a34c4443060b5e4e7244be051432acde83fd8e53be740fd646aa081958a84f85d018f22b61986fb7165986c67950fc2b3bedac13921bfd822c15b7c68c6688dff501a6f73839dc4cb30d7b062f2fa046bd8ae90fe76e11215dbdf9d8d08ca991fa2a2befbe7d65aff7d764b7efff79aae09d3c6328d08775235b911cf8f6e2e96d0f5791edfcf47a944cf45d08ede81d205a43f8d004e9790e810f71b2d9c6dca50ee53717603d5d794500caf16c41d04133c942321ca85573a9ccbcbee7264792df1946954c5f9d0e086450775ebace437286722f706b6e2a7673561fa2522cc07f69f6eebc142991fb75081f2a7ccc7c687cb983faa739ab3ef10e4ef9489ea5085c7589f5a5a035a242a21da9c30e2b2b5efd155a4f702a1826adf62243e1eb36d50f7fcc0b20dd260baf5f4a4978fb7dd02385cbbd77b89c5ef25088fad0f736a7f6dd5e8f71520de93f0b844665dc7e152e6d5986d89807978769e73ea8b227c127febff6cb613778a4075ee37a157b74f3704d6ded3874ac508fb08ba5937eae394e4e7b5468d0369a549183213657059346f8bc062d38b51399fa7847336e206ee82715fdd25acf7dac15f795c835480d0833afe50a7de5eda3793e6402c2182de1047924f8eb34de50a817029e97b66dfac2ab506291e17d84f2f7963c7f7078339a4bfef10c534b5e83a1c501272c6d787103fb2ad611c21e9810be11b2b46a5bcd2b420491a404156c875ead292bd995705a6f0407f981f64c407dcf22329e39c010c7d679dd6e4959b81c2b717997f3d801968ab2748b0907304f58e5ec9a307c674a7858c9c12881bc2c3d417e625dae1c01345f56dffee0e5e9b220c11b39cba8f81d560cacb916c5c2a5417b7f9c0e963d766a50d04c56e4b39308a7d68be0048447bf3b25a08cdcc793409140544bd0a76a1f97c301dc707923dc4e3dcc22446f13a93ee443394035d21c7e08dcf94872bbcc329f0955a7f1bff325068b6de3a7bd6e34d4ec1c241e023e2640fd68799c808a072cd533918512f529a469ef3c3f9d57efea6b6d0f17f07f78407d1d14597f007e0525255f46d4e65e44ceb5cf7d402ba0032e5f6952f1dbf5e68604229eebd04e62ec3cb41a3ec66fc025f40e6877685870dfb11a83f05695610ea52e3b3e4ad0fc119b85789b9467685408029291ffbb94b586d4adb8d49f7094d8b51388696617bb711f61349ab60858034e51a377017488c2ee1115111ed776893cd210440403cffcf8b1f97b51fa4ca82e7464811aaf1b95cedf30632c2ca24857bc20a5b18bae9b5cd3fd3a366f9fe4bd22b5535fa24747424cf7380bbc9752fbdd77ab30a8cb82e1f35d93447cc7d3c5aaa9337039feecd0bd6d34e69553f85b1c1c69bec48577c1b89db078748f79bde16db7255bbd5855c7dc17896f9d25f56a77526b88e4e3b4428611ee6167921be6b34e7e2a1b1cbb287c1cf467787d9ad9fa2618437d6dc46c150a08d6ea00281b8a1faf9f0b033f52b1f5346a83d04571fa59e6dd63d747560360cec8fc59a41f4892952f80b26187a0c801dfd957042d69a3c2d92dc645e65f6d3ffa3dbf1abaa52d6e7c8443cfcd8a5f744b79b27352599df9f8c0c840be3347af57978651134ceeb24e5c87192322721245d34d3eb826d80c24b74ce527c51dfe5da90a92cf15e967da0c6ac79a157c9c941dbbe5f2810c325d822d31f56db95444883f4b18348457eabe91458734d813e08a5d103b15f904bc90e2a064c5150a7276587ca3db578e5f50613f54f82ef1cdc05f212701047a26382dd278a42b555692e2950813b536afc22518865e0419ca5ab004d6b2e6ee877fc20e7a1ba1237fd45b2557472ffb0560a28bc6ab3b4a063f649da8a5914c84d39d895148db999d59c00fe2c9e943514a72ef37d67ca14ce611b22420c697ba54dff9356efe0dcf94a9d5455809a7f139961937c15454c6fe605d068bf48f5ab9385d0d94fa209940881bebbbb10ed9a9da4c3014c8a9bdfdc6c1905d1cebc3eae200b4b789db674dd6e0d0b8e16cc2ab8cf99efc648d92355f1e1b397c01234b2ccbfb35cc84f4976c0d88698380bb1f713f46068b90cacec4115b5c388726e7b6423e0285d35f88b9d275bd2fa91f525fc2d1c8f142acbacd159d498de23cfaad353c8f2f9e90b17d82d67b60a6c26d7a7ac9b1afe8eca88dbf0db3445d0231a418751aa381e19e1f5bae0a2220ec74507f7bae02377778307741c006f3817d225a297623afd97ffc450a5fcaed0add28656569d14b37c34e2a863534722734feb47549c4dd09df01f766739ef0b2d7100875526266854d2f82cf6b714d245efd022e41ca2b3fc6267be7263b939b5ef88a0f02c864a46a86f91544a28f71b0f0305091e391a617a1e60922f34b6b764b69a07db969b5bf510349747abb9989f072580b3b5fcb515019c348a7f885661bf9555aa918fda70bbe6726637b40845f30728eb5e2285120d85e4a0f87e4ae00d964b015caa7adc772f84dca53606b378688efc64eebb64d9c2a86b067efa6c1474bb82cc3bb4c976f03e2adbe29f09e6fe78206f4702cf4a6f3910b2e1c93762b4c4e2d840c3fae5b70a80edfb0cf15b44591b975adcff4d353984f6543e3bc77535768f17039a023470edaf02638afa10991be27dd1959573e3c6be3344c4d85137a628f38b9e4d8aa4d61267075e58a231675e23be07287caff6776aec6eac3ad698cd06aa363cf207972bf6638e74ad2ea9c66bd647a69c2fe87f3d9e3a02807cc323077b7cac506cfbaaea04b6f81d79f8a89fe5e94965c531b6bf430a22734ad5f015d2baf56a4b8d702b2bdc3288d507b435885c2f67a19343c251ad090443b3873dfee13b1357a35d271c6aeb591ee8c7c187d8d982adaba8cfeed65d582ec7c58844ad468d6a787d3b21b72bc7d173d215b285920d9876269dd9b2fe5767213d1c3353d4f022c193216d3d6b52dd2228d0dc51124189f512e311092e77c37d366307ae5921ce07a8c5ff018f80683f6f9a3edbb769ea7b59c5ea1b27952b979abd06bd8660a829a6d15d865c3a0b6fc432d571492e2cd6d4e9bc0f46139264eec5a6b58b348d0f2e9f4d021133ad119654f67e86e2eeb677d9d8f9d4db3a436d3290b8f019ef670af28d8981671cca93c0f79af3038a5bf6d85b053e5d43a050fd62de16402cea140c9f132d168fed89ec884a7977cdf4b7360aa48d32b55b41faddf7fd83b1ca8a5ed154b202128cdde8a81d41dd329c6a049bd304f324a57413b6a80d60da4965316ef5fbde1bd4b47a9d46498b07da00d3acd14c817262f3bc866e6c1463c03a3ed3dcba2732c553b23e40d9c9911b3fde017ad3b66429dc93ad5370a71e3f3b29a69961ad64286be1c7d171018cd476a33203863b13346b2453a5cbf594c66df8dfc109afb59aeead7c411cbf716b1b6018b03b111cd3b0882dcb3853bf1ad1e1db0743af2f29cfbbc4f3fac4c973536ccb047756ba2c3899fef8a307c08dc8db54c30a7df72cc13ed8362cd3d0adaa5fc765dab90d35be1f5f351597e9acc2fe26a3b77fc4a1c40f049b4ab636a454f07b4b4e03bf4ce43422c53c811ef9fb2ab48f41bbec8bc7184274842d7c31081898d3d53ed545845965446dbec8ed766ebb83f07eebcd3559fd001dd2a29108a83b916946b41bfa973582b0850888052cafef6a118936a88c18b5d61da7b7928bdbecd10deab9f352a36954316cfe425c48fcc3e29f2beb546c86d62e42b70f29fff3f1807539a0a09f1e6edb7a0a1fa85a5ddb57bee54a2da9f5b3646bcb5437bbce1870d0f2a7120151413f81148c88ad7413084335b48ce9400cc258c20de2eaf97f171c558cc76a1e15c8cc7249426e5a84ef8619b66775a6629d832a53a2f67c68361591d9c7fc5e96d50d777ef7e6139fe628c1789390a863427ece867f0d7cb749e4a3777ab49fdfc7c5553391f29c7efb2555a1eaa2b9a82b3786c3d414995a8c0f49ce57d1328e7394872385921a4ae1f969067be45857f81acfc5d173f9e1342f3ccaa83813404abcb6ada7cb68b7f9243e0882d1af0a8e89cfbe0fd13d122f7ccb217674063987d8220673e09dfef38ab8a2ab6fe53696ddd702de2f4deff898133fa20c79e7b077b7f86e1ffbd20d6539b44df6d8a976b", 0x1000}}, 0x1006)

439.688144ms ago: executing program 3 (id=249):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0xe511}) (async)
write$cgroup_subtree(r0, &(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRES16=r0, @ANYRES32=r0, @ANYBLOB="92982fa3"], 0xfdef)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x101a00, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000000)={<r2=>r0, 0x38, 0x8, 0x2})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000100)={0x0, 0x1, [@local]}) (async)
write$cgroup_devices(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='a *\x00\x00\x00\x00m\x00'], 0x9) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x12, r1, 0x45809000) (async, rerun: 64)
syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

372.477454ms ago: executing program 3 (id=250):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0x1c8, 0x12)
read(0xffffffffffffffff, 0x0, 0x5b) (async)
read(0xffffffffffffffff, 0x0, 0x5b)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0xba98575a95aeb70d) (async)
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000001240)={'veth0_macvtap\x00', 0x400})
ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000100)={'virt_wifi0\x00'}) (async)
ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000100)={'virt_wifi0\x00'})
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$PTP_SYS_OFFSET(r2, 0x43403d05, &(0x7f0000000740)={0xf})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) (async)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
mmap(&(0x7f00007d4000/0xd000)=nil, 0xd000, 0x2000006, 0x13, 0xffffffffffffffff, 0x25fea000) (async)
mmap(&(0x7f00007d4000/0xd000)=nil, 0xd000, 0x2000006, 0x13, 0xffffffffffffffff, 0x25fea000)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x8480, 0x0) (async)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x8480, 0x0)
ioctl$RTC_UIE_OFF(r3, 0x7004)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r4, 0x40485404, &(0x7f0000000040)={{0x1, 0x0, 0x200}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_PMU_CAPABILITY(r6, 0x4068aea3, &(0x7f0000000140)={0xd4, 0x0, 0x9}) (async)
ioctl$KVM_CAP_PMU_CAPABILITY(r6, 0x4068aea3, &(0x7f0000000140)={0xd4, 0x0, 0x9})
r7 = ioctl$TIOCGPTPEER(r0, 0x5441, 0xffffffffffffff00)
ioctl$TIOCGLCKTRMIOS(r7, 0x5456, &(0x7f00000001c0)={0x9, 0xb9, 0x1, 0x7fffffff, 0x8, "3eeac91aeab34c2dc22fe791a32063d44fba71"})
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x100)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r8, 0xc0145401, 0x0)
r9 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r9, 0x8ae9b000) (async)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r9, 0x8ae9b000)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, 0x0)
mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r9, 0x0)

367.255295ms ago: executing program 2 (id=251):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000001"])
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000040"])
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x20000})

303.691156ms ago: executing program 1 (id=252):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r0, 0x4068aea3, &(0x7f0000000100)={0xed, 0x0, 0x3})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000680)=ANY=[@ANYBLOB="01000000000008007100004050927e2ea32488"])
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010866, &(0x7f0000000040)=ANY=[@ANYBLOB="636f79424c0d56a72269358edd1994c3f9d26e746578743d73797374656d5f752c"])
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r5, 0x40187013, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x17, 0x9, 0x4f})
r6 = openat$binfmt_register(0xffffff9c, &(0x7f0000000180), 0x1, 0x0)
write$binfmt_register(r6, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x4000000000000c1, 0x3a, '\x00', 0x3a, ']\xff\xff\xff\x7f^{', 0x3a, './file0'}, 0x2f)
openat$cgroup_ro(r4, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0)

208.043707ms ago: executing program 2 (id=253):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$selinux_access(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000002a80)={0x1, 0x0, [{0x560, 0x0, 0x800}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async)
write$selinux_access(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000002a80)={0x1, 0x0, [{0x560, 0x0, 0x800}]}) (async)

171.622938ms ago: executing program 3 (id=254):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000001c28907b4b2a1001c000000000900300000000000010cb46252730b9962c17844b2458050f8f103985e741b0000000002000000000000000000000f8d78832c649ce3f8a4ea273c543ac79fa8d466f50a29258ab67b7ba54c030b3c235abcfafdf348ad8fd490b70a2fa70b399057c3a53bc6b1ec41e0aa040e8f20cf4fc637f9681f592ad6b6e7a3c50093b09ec63f8ef18d3a3d4fcb0a22447d5042ae7f6cc0fa4287f19ea7e839351543c66d1c2e411a787aa80433fc24c1623de92abd4ea7033b4bc5fe16414212314e3013c2a26a1cf27e4decb26f7bcd9c491c7593f284a861edf8da38d42"])
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext='])
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'macvtap0\x00', 0x2})
ioctl$TUNATTACHFILTER(r5, 0x800454e0, &(0x7f0000000040)={0x0, 0x0})
ioctl$RTC_ALM_READ(r4, 0x80247008, 0xffffffffffffffff)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8, 0x30, r3, 0x771ce000)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x785000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000001c28907b4b2a1001c000000000900300000000000010cb46252730b9962c17844b2458050f8f103985e741b0000000002000000000000000000000f8d78832c649ce3f8a4ea273c543ac79fa8d466f50a29258ab67b7ba54c030b3c235abcfafdf348ad8fd490b70a2fa70b399057c3a53bc6b1ec41e0aa040e8f20cf4fc637f9681f592ad6b6e7a3c50093b09ec63f8ef18d3a3d4fcb0a22447d5042ae7f6cc0fa4287f19ea7e839351543c66d1c2e411a787aa80433fc24c1623de92abd4ea7033b4bc5fe16414212314e3013c2a26a1cf27e4decb26f7bcd9c491c7593f284a861edf8da38d42"]) (async)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext=']) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'macvtap0\x00', 0x2}) (async)
ioctl$TUNATTACHFILTER(r5, 0x800454e0, &(0x7f0000000040)={0x0, 0x0}) (async)
ioctl$RTC_ALM_READ(r4, 0x80247008, 0xffffffffffffffff) (async)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8, 0x30, r3, 0x771ce000) (async)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x785000, 0x0) (async)

115.738138ms ago: executing program 1 (id=255):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="01000010000000007300004000f800009003000000220000"])
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000540)=[@dead_binder_done, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x26, 0x700000000000000, 0x0})

115.105778ms ago: executing program 2 (id=256):
syz_clone(0x1200200, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000083040000005f00000000000000000000301001c0000000000100000000000000"])
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000840)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5360600000000000021a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b69838492000000c8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600b5bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92, 0x80a0000})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000640)={[0xa, 0x7, 0x8000, 0x7, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41847})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r9, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, 0x1})
r10 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000001"])
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x200000000000000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})

89.015749ms ago: executing program 1 (id=257):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async, rerun: 64)
ioctl$KVM_SET_IRQCHIP(r1, 0xae64, 0x0) (rerun: 64)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000001000)=ANY=[@ANYBLOB="4500000000000000000804000000000000f4c5dc5cd72bbe6efa508840dc62368c2b180c55bb7ffd8617c7ed22b9dae61f62c94726803727c97f4af4308e8e898221c7b979a6a55b3b35e1ef80c8eec1840470409106cb69aad897cb5d97f6d1ccd24fcdc541a1a0fd9585c4f759541b2a60a0baaf3667396f0463b7f8efd3a1f5474cf7c8850f319076064ca0754e9d8ce03c97f4dea73ea03950e2ccfaf3f8c4706d4d094d3a6ff851f2dc3b69d40751c823126187be15f5cc15"]) (async, rerun: 32)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c373b8be3e8d2672540e4fff5fe79b18763b68b5c8cde0045f31e73285632c09da90f5451b7f64f1faee49a0d8fa57fb52ecde3cb94c60c97e8a9a4b9e8b8a625ef77381a7fed894b680d2bf18225baa8ac2279e4966b3bc0adb5332c5ecbc6c3da241c9215cfc3c563c3bc0291d5f45f8d56d583cff127e3373ade7df08cc06d94780975eeaf693ffb533a47e615651192042ea01b4f8ef2332d798ff7da5ad85ffcb7bf1c66705a1d0c2dded41131fbd3372527cd58da0761821c610c916e7126d0d9f38da2ea2df4048a4c222ffe5949556b16efbc4c824fda8e92f0647858a31f0cebc12f0a4e88ae8d5d6689e499301a23a6d4452da35cb0e51b1b9dd6be08b7e3430b77a1143db66bd7b77995b08262510df7aa578cb52ccae69b26f74ea7a2f5d38e0e49412165b94b6da07a4e82c25dea5ad36d9517e9b7152d01c9fbed0ff5dcd8a1ffbef5a2bddee07d7369e517b0d42d3815015334fe2e9e81c4c9b4e6215b236030bc9c4b806fa70175d7ce4268448e3599265549b96df63550df8bbc692c84ac97293998f3351766e93112904c8a80a5045d57e827b561127040a09b3025320a51965ce5c4ff115fa8ce879045cb290abe97641435585c7bb98be38985ea23e58d2ad96499a5f0842eee3c7a263ca47809ce99ef11208b7260ea0a3848634c82a47405e9075ea05098752817d682ae52df079d32116ee458586118ca243767cf986b3e89d6470df859f910256a723062a88441e992d2a9b9fa1dadaeac1c630dc17497404323653cb9a5355f88b6aa6fe714f0723b6938d7ebcac44fe717f0084bc34e5f86980520bad4e6ae4b173f1e4325f9c547828232c9aaa560fb99b6946d65f6532afca8501938703042be2933b633db1f63e692679f1ee71294204acd45480aff57491375fa7f9d7f880de291348fd2ee42dbfdbd8cc8b84aaacc6809e06c5a73e9a9db1bbb2c731a8fd6807ddb0f5b900213bae81372e2a4325b9aecc0125b2016c72e40db36d2c91d55eb5bc8c455b7e29a32c0f1b36645e004dc0db7f521c436f735e09402fe38d853a2db74d7a18f68ff28fb38e861efd6f2f92ebcfc13bb10e57026443ba84df1e18041d6f9fd4aead2e87c6980d9fa28e8251a809c88dc25b4f29813436318b59bc8bf80115f15e33387ed955cc4423b49d5a4ae6fb37ddfa1e31d712bd4e7f6cb5d2dbba874337aa235dbeeb38cd9f1469ee02270dc55acfefc27f35c0d067ef3341e111282c139c623af9eb0eb7613c0cc7284e7a9945ad1870cb621e1350cfef3a8526d21b214745aed61d78f834c60afe2403a3280bd2349612761d0692ed8048d1b33a158a2882bafd56012a465a336c12a675adbffa91530cfe1b55ae8b0813403256c148e0d0c7f1056f34be5a1f28275025d48fcf9f12bf21453b2c060a9d05b0fed49799809b631349e2e5e1a6e0461d1cd667e8a4ec1b9b088b7bb0ffda7b6110049036d6139a227c53e3825d71d6cb06e96f0eb67076aa5faf026cd603ee91a7ba9fcb13763721d7bbb7c021e7d2395fa566483942052bd74aac4e9acb4bc3ba1d4ecc3fa4b8e99f5f91f6e9ae598ea225a7a889a8fd50ed8e75c21a93764745a7f2846b8f63590fab912d1f10582a862d5e4af02dd44c410642cce20a3877559d4fd83b962d78a61c84cfcf74f6ba0ccb85a19a505b24875daaa7b7ee3083a0f7a034f66031bdcd2dbf2d56c61e30186dc555ad834d855a055529ee6ecf50586ceb29210b44fa704498b238dd68c1e14b36da172f6febdd67b49d833370247e0a024eab77de4aa5efe7f387a9a4cb573c6e344a3c4d2a45f1df4ee883913bd61cf7a39626244ac64cb0345fccdca1131171031be3c6084e0d2941371afd1c268512133ac68cac0ebdb0502db18340adea29132a1cb667056541f2edd8354d52563458d8ecd18c49d5b9dbe0859a0cff6c2ba5cfa4e8736e7e7eaafa061ef86351d3d52f50410aef8f1df813c29d3fd4080242adecc39a8b9b054eb818116d1ce46096c8c983a09164bbe0262df134af33986e0a12a9eac6268939a1ab2e7efd4376a8ff583b93f226711395b9163e49fbc790f67596f28d341cf36e37d7475c2b09278fa66f5b3cbb4161f017bc49e99d19039aed6d620dc01487ecbe043add02927b88ed4de8e3112ebf9ba837134d8adc36e4beeefc5037dc683b585cdee1e265f1ee47934f558c4c13bafb2a06e9951789f6a2243fa074d7b9489ffe32625cf141cb0ce9353c0c6849695f6a23f1b554b225f9e7d1e73bc4bbee326181144584aaae8e2f004aea46e8d334f65123b93fd945f487d917c485b8b65ce7aa1090a301b96ac664c65101db1bd1d224e1d25f8946a5faa0baf1fcf3fb015445f974d415b8e50e9b55435b26358b517112822d99d9cdf45aea3db255ab72f1ac51fd00d812c2fc484a581c72e8fa39d0a3a5ecff51fca9292267e98ca70b005be53b7f32205acfa59d1f623c03c6625d74ba76f95464f3b0617f87246c298e12e73876549ac765147f928fe3fce378100663a32ccbe312d5458db8e5aecc2bd70bedbfd397157bbc291065332e5988744ba63712753bcded54aab53b82894b8272d5be38943b9c948438271097b061e07e983709703af8c69df1aaeb7cda83e92df304002a03438dc0cf2e4b6492feb9be8379cee7fcb874f22a392e6b6470cc6d1b5dd500693e4d26c8f9e48492fdfabb8294bee57f721572ef9239f519eef9a9f4e59950d252095e6a4229a57e4202302388fe316f4d1300973549ff6bd8a3c747db0686aa5a3e30a41993db467ef0197da3cf7cfa356bc7c802177906f39d22777b1b4f930798b83f5ffc4f444ad564e87e2d1fe4f45a40a36e1b5515347f42d5513ec3d70584151d60ae515e5e3e467fa6816744b22c3a08cc318e2a6176547d0ca285067605fbb6a14e9fc40a74d2d27eb5492d0709f04603d36a05a0e4a055cdc7b9e5970aa9960ba6523fd234208cd95926029daa5498bf14ce9beb3fe31113bff7bd22dbd8ccb04593b3edd074092ae8be18ff94c59d376aa4c070e09b237568167a4b0d003e3df329966b5a6285a4547824a9dec2fd82428483c55f57adc35fcbcfb5af22da38fc98603cdfaffea70b9337a339442226305c06005747b4cd368c616f97fe467f087df5bcfc5d072120fa0d837103b65cd0efc2f08f81bc7e5c39435ffcbcc9a41ee94b2bd5708100c1c14a34c28ab5335bfea389444a38fe36132d7f4a9d9cc9a4a6a78646016f6f2a0cb832f0c2c8720c20430aaf3c4658b943648cfd84577ab42cc8fb051c407c5e9f2e2f996ce542485aa020f0b052059e0f18d3a5295383079acd63159f164f222bac96f98a30bb78d0e152b96d97e074208b171c3ce47cbcf747acf2a2873ddea30992686990b15e11bf8bf8be33ddc2fe3ad429a42ad065c32d35bc86d336eaa4e368a0b8b679c07c7419de2f21bd398f15b92d16e90e19f2e66343f88eb6349ac39553a0ccc6b5d61c4a69d3b3ffd10ed7c56408726e8ac25ac0bfdac182b53345d661c13775eb6deec22a17bbdd2189385baa39fc9be062ecbdac11157b64dcac58d1eb4f029a37d744d5c9551b51941353922dccded9da40a5b967513730a6604180e1d3e5c80f7f4a4e8edd75f5d466f66394dc5c4e529e33242ce016d4b479cf54c5876ff4bb1f651d7c975cccf1a7c7e8d9cce2918ca47684d92e7f258204731448986ed81dce4ca5eaf05512f93031ab16eadf0dd62e209839141847b8d2b7512508160be659be016faf2ac3e51a0e8e1f0bde51231c345dcb3ce926f00544c570a8fe3b6b6412d612549aefcf3bee1137c45dccff4ea9396a087ae33b2cbf0ec6d6fedcb5de2546540b4dadf2bd9f6d1f51125969c4ecbf73fd9bbee90e6b8a0240dd124b333a5ce34f29992f7f53d7a0ff2a9f81d84824afbc0f554532171ea8bb3e1f63274c1459d5744633925c7aac244b9bfb74b6f3d47060ae88374d97b553fc3adfda97ed6d3509c39115f740c760dc63becb7ba856affd700358d7f919f0ac4b10432eb5e0ab3c501713758b1d6aa6583fe7f5d59f7d591e172669519d0d27e03516e8c0bdd7659352024e11b0123c157fa4154e15591a61ca2c20f47489f6ff50e1de5cdf91cd5cac45cf3ca9a0bd42d3e25fda42ec0ec9f215b37b74615338f1430de5b0d1dbf83ec3ab6e19f3b09809cf79b1ed6176c59c66357842f23c2dad510816d14a7d9b6f5249fcf24393f62462d0c8ce92eaf0b7852509fed1b02419f4bdabf250c09af9be3710b4d3a6a03f81f0c12f193acd7d98200b8e1abfa7149ab677466df59e6bff602e08b6d53106c76b44a30f090e0ac9e6fd4772da22b745dd8aa7d3426f864d9c560a23ddbf95a09a72aef0ea3d096877b9773c4c495180f6926333d087a85e0211f6b4d10f38ceef3fca5c1019fc70e561db2004dd3084bcbe2bbbceed316ab8961e7ce60121dbcf5092f4070cf3948230e495da4c94caf3a32b8b4eefc7c18fb4d0d0d7499e83050b3cf56682d57b9995c31894786239ffdc729fb9ff70b9fd8c4856f3dfdd67c8e6142ff65dfcb2d7f40687ccce66557564a1427470f6cd124b6321ff125ccde9422ae992356d27a46f05094e7950e2634078f856d00bc6144414dd23d3404e5288e8db77b09f3e84a8b9b30e120551570215c9090a096ba957cfebe6bef5bdd42180c15131cb2b0d270506928a0f2c0ec050f0bdfbcbaa37064e59cc43e6a405518742922b7df2d89e96e73528f2d0fc7ec2d78a1abc5c3f17b9a2dbcd2299a5a64e738816bac07caacd35d4353784e248143fa244ac59ea918627bb0051e678912f8c6a57257f016de91ab6c5dcb9c93d859cb89822ebd44991c0f998170f73495229fb51479ebba8a57d1ce88ccc38e6b679457e964b07b6006971d45f570f", 0x0, 0xdb1}) (rerun: 32)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @ioapic={0x1000, 0x8, 0x6, 0x1, 0x0, [{0x1, 0x3, 0x3, '\x00', 0x2}, {0x0, 0x5, 0x1, '\x00', 0x8}, {0x7, 0x2b, 0xf3, '\x00', 0x2}, {0x7, 0x2, 0x1c, '\x00', 0x7}, {0x0, 0x3, 0x4, '\x00', 0x58}, {0x7f, 0x2, 0xb, '\x00', 0x9}, {0x2, 0x7, 0x5, '\x00', 0x2}, {0x0, 0x81, 0x4, '\x00', 0x22}, {0x9, 0x9, 0x6, '\x00', 0x4}, {0x3, 0x58, 0x81, '\x00', 0x1}, {0x9, 0x5, 0x5, '\x00', 0xfa}, {0x1, 0x7f, 0x2, '\x00', 0x81}, {0x2, 0x3, 0xff, '\x00', 0xa}, {0x7b, 0x1, 0x7, '\x00', 0x45}, {0x7f, 0x4, 0x6, '\x00', 0x6}, {0x1, 0x0, 0x9}, {0xa, 0x1, 0xff, '\x00', 0x7}, {0x3, 0x2, 0x4, '\x00', 0x1}, {0x82, 0x5, 0x6, '\x00', 0x2e}, {0x2, 0x8, 0x0, '\x00', 0x8}, {0x8, 0x41, 0xfe, '\x00', 0x6}, {0x1, 0x4, 0x7, '\x00', 0x8}, {0x0, 0x5, 0x2, '\x00', 0x3}, {0x1, 0x9, 0x6, '\x00', 0xc}]}}) (async, rerun: 32)
ioctl$KVM_SET_PIT2(r1, 0xae71, &(0x7f00000002c0)={[{0x3}]}) (async, rerun: 32)
r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x1, 0x2, 0x4000, 0x1000, &(0x7f0000548000/0x1000)=nil})
r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0) (async, rerun: 64)
write$selinux_load(r4, &(0x7f0000000000)=ANY=[], 0x2011) (rerun: 64)
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async)
r7 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r7, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x22052, r6, 0x2000)

0s ago: executing program 3 (id=258):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSMAXCID(r0, 0x4004743c, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000100), 0x2, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r1, 0x40046210, &(0x7f0000000080)=0x1)
r5 = openat$cgroup_procs(r4, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000001c0), 0x12)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
read(r3, &(0x7f00000001c0)=""/109, 0x6d)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1800001, 0x28011, r1, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts.
[   20.575783][   T36] audit: type=1400 audit(1750380329.330:64): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   20.577306][  T273] cgroup: Unknown subsys name 'net'
[   20.579189][   T36] audit: type=1400 audit(1750380329.330:65): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.583210][   T36] audit: type=1400 audit(1750380329.340:66): avc:  denied  { unmount } for  pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.583400][  T273] cgroup: Unknown subsys name 'devices'
[   20.741752][  T273] cgroup: Unknown subsys name 'hugetlb'
[   20.747367][  T273] cgroup: Unknown subsys name 'rlimit'
[   20.883671][   T36] audit: type=1400 audit(1750380329.640:67): avc:  denied  { setattr } for  pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.906584][  T283] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   20.906872][   T36] audit: type=1400 audit(1750380329.640:68): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.940548][   T36] audit: type=1400 audit(1750380329.640:69): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   20.940780][  T273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.963890][   T36] audit: type=1400 audit(1750380329.680:70): avc:  denied  { relabelto } for  pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.998098][   T36] audit: type=1400 audit(1750380329.680:71): avc:  denied  { write } for  pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.023741][   T36] audit: type=1400 audit(1750380329.700:72): avc:  denied  { read } for  pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.049259][   T36] audit: type=1400 audit(1750380329.700:73): avc:  denied  { open } for  pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.228803][  T288] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.236049][  T288] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.243235][  T288] bridge_slave_0: entered allmulticast mode
[   22.249660][  T288] bridge_slave_0: entered promiscuous mode
[   22.256934][  T288] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.264049][  T288] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.271336][  T288] bridge_slave_1: entered allmulticast mode
[   22.277547][  T288] bridge_slave_1: entered promiscuous mode
[   22.303626][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.310719][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.317787][  T289] bridge_slave_0: entered allmulticast mode
[   22.324196][  T289] bridge_slave_0: entered promiscuous mode
[   22.331762][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.338810][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.345915][  T289] bridge_slave_1: entered allmulticast mode
[   22.352252][  T289] bridge_slave_1: entered promiscuous mode
[   22.420601][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.427656][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.434860][  T290] bridge_slave_0: entered allmulticast mode
[   22.441137][  T290] bridge_slave_0: entered promiscuous mode
[   22.447518][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.454630][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.461736][  T290] bridge_slave_1: entered allmulticast mode
[   22.468015][  T290] bridge_slave_1: entered promiscuous mode
[   22.491902][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.498956][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.506174][  T291] bridge_slave_0: entered allmulticast mode
[   22.512545][  T291] bridge_slave_0: entered promiscuous mode
[   22.529080][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.536222][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.543380][  T291] bridge_slave_1: entered allmulticast mode
[   22.549701][  T291] bridge_slave_1: entered promiscuous mode
[   22.645775][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.652860][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.660201][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.667281][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.701676][  T288] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.708737][  T288] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.716034][  T288] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.723080][  T288] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.744876][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.751966][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.759242][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.766308][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.780055][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.787116][  T291] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.794435][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.801494][  T291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.845608][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.853108][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.860929][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.868170][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.875546][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.882997][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.890317][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.897526][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.925795][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.932865][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.940587][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.947642][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.955553][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.962640][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.970316][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.977345][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.000922][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.007972][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.016044][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.023097][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.031003][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.038035][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.065247][  T288] veth0_vlan: entered promiscuous mode
[   23.072747][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.079823][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.113356][  T289] veth0_vlan: entered promiscuous mode
[   23.126109][  T290] veth0_vlan: entered promiscuous mode
[   23.136387][  T288] veth1_macvtap: entered promiscuous mode
[   23.151883][  T291] veth0_vlan: entered promiscuous mode
[   23.169724][  T290] veth1_macvtap: entered promiscuous mode
[   23.188001][  T289] veth1_macvtap: entered promiscuous mode
[   23.201048][  T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   23.203991][  T291] veth1_macvtap: entered promiscuous mode
[   23.244582][  T307] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   23.447800][  T324] random: crng reseeded on system resumption
[   23.518299][  T334] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   23.731231][  T346] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:7
[   24.025485][  T356] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   24.042939][  T358] rust_binder: Write failure EFAULT in pid:10
[   24.060362][  T356] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:11
[   24.366679][  T372] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   24.384305][  T372] rust_binder: Error in use_page_slow: ESRCH
[   24.391281][  T372] rust_binder: use_range failure ESRCH
[   24.397373][  T372] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[   24.414889][  T372] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   24.445814][  T372] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:23
[   24.459963][  T383] =======================================================
[   24.459963][  T383] WARNING: The mand mount option has been deprecated and
[   24.459963][  T383]          and is ignored by this kernel. Remove the mand
[   24.459963][  T383]          option from the mount to silence this warning.
[   24.459963][  T383] =======================================================
[   24.511382][  T383] SELinux: security_context_str_to_sid (sytem_u�Gй�:��) failed with errno=-22
[   24.544914][   T46] Bluetooth: hci0: Frame reassembly failed (-84)
[   24.702810][  T400] kvm: kvm [399]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x785c7210a
[   24.720007][  T396] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   24.733811][  T400] kvm: kvm [399]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x785c7210a
[   24.754876][  T400] kvm: kvm [399]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x785c7210a
[   24.782994][  T412] SELinux: security_context_str_to_sid () failed with errno=-22
[   25.056601][  T424] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   25.068010][  T427] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   25.165620][  T438] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   25.490584][  T448] rust_binder: Error in use_page_slow: ESRCH
[   25.490614][  T448] rust_binder: use_range failure ESRCH
[   25.496717][  T448] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[   25.502524][  T448] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   25.510711][  T448] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:32
[   25.961861][  T466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:40
[   26.014767][  T472] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:45
[   26.027050][  T472] rust_binder: Error while translating object.
[   26.036710][  T472] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   26.043434][  T472] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:45
[   26.047697][  T474] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   26.087755][   T36] kauditd_printk_skb: 74 callbacks suppressed
[   26.087774][   T36] audit: type=1400 audit(1750380334.840:148): avc:  denied  { write } for  pid=478 comm="syz.0.55" name="hwrng" dev="devtmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[   26.120424][  T483] binder: Unknown parameter 'con_'
[   26.273845][  T493] rust_binder: Write failure EFAULT in pid:53
[   26.274007][  T493] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   26.287369][  T493] rust_binder: Write failure EINVAL in pid:53
[   26.308895][  T497] binder: Bad value for 'defcontext'
[   26.322077][  T495] rust_binder: Write failure EINVAL in pid:57
[   26.412225][   T36] audit: type=1400 audit(1750380335.170:149): avc:  denied  { read } for  pid=503 comm="syz.0.63" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   26.442866][   T36] audit: type=1400 audit(1750380335.170:150): avc:  denied  { open } for  pid=503 comm="syz.0.63" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   26.467573][   T36] audit: type=1400 audit(1750380335.170:151): avc:  denied  { ioctl } for  pid=503 comm="syz.0.63" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   26.480455][  T500] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   26.569375][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   26.569535][  T392] Bluetooth: hci0: command 0x1003 tx timeout
[   26.608900][  T510] rust_binder: Write failure EINVAL in pid:59
[   26.640185][   T36] audit: type=1400 audit(1750380335.400:152): avc:  denied  { read open } for  pid=511 comm="syz.1.66" path="mnt:[4026532380]" dev="nsfs" ino=4026532380 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   26.669850][   T36] audit: type=1400 audit(1750380335.400:153): avc:  denied  { ioctl } for  pid=511 comm="syz.1.66" path="mnt:[4026532380]" dev="nsfs" ino=4026532380 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   26.720619][  T516] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:24
[   26.739130][  T519] binder: Bad value for 'max'
[   26.810158][  T527] rust_binder: Got transaction with invalid offset.
[   26.810205][  T527] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   26.816861][  T527] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:63
[   26.819422][   T36] audit: type=1400 audit(1750380335.570:154): avc:  denied  { transfer } for  pid=526 comm="syz.2.69" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   26.858615][  T529] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   26.859125][  T529] rust_binder: Failed to allocate buffer. len:4264, is_oneway:false
[   26.879295][   T36] audit: type=1326 audit(1750380335.620:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=524 comm="syz.0.70" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efee218e929 code=0x0
[   26.895063][  T533] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[   26.985647][  T529] rust_binder: Write failure EINVAL in pid:24
[   27.067343][   T36] audit: type=1326 audit(1750380335.820:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=544 comm="syz.1.74" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f92cb98e929 code=0x0
[   27.441276][   T36] audit: type=1400 audit(1750380336.200:157): avc:  denied  { read write } for  pid=547 comm="syz.2.75" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   27.484071][  T548] rust_binder: Read failure Err(EAGAIN) in pid:70
[   27.484865][  T548] input: syz1 as /devices/virtual/input/input4
[   27.660283][  T556] binder: Bad value for 'stats'
[   27.690616][  T558] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:78
[   27.692850][  T560] binder: Bad value for 'max'
[   28.032397][  T576] binder: Binderfs stats mode cannot be changed during a remount
[   28.050536][  T574] SELinux: security_context_str_to_sid (sytem_u�Gй�:��) failed with errno=-22
[   28.081632][  T589] binder: Unknown parameter 'coyBLV�"i5������ntext'
[   28.318380][  T602] SELinux:  Context � is not valid (left unmapped).
[   28.327064][  T605] rust_binder: Error while translating object.
[   28.327093][  T605] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   28.342786][  T605] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:44
[   28.494676][  T625] binder: Bad value for 'max'
[   28.504188][  T627] rust_binder: Write failure EINVAL in pid:46
[   28.508580][  T625] binder: Bad value for 'max'
[   28.519645][  T625] binder: Bad value for 'max'
[   28.524520][  T625] binder: Bad value for 'max'
[   28.530990][  T625] binder: Bad value for 'max'
[   28.535848][  T625] binder: Bad value for 'max'
[   28.541344][  T625] binder: Bad value for 'max'
[   28.546187][  T625] binder: Bad value for 'max'
[   28.551189][  T625] binder: Bad value for 'max'
[   28.555976][  T625] binder: Bad value for 'max'
[   28.560796][  T625] binder: Bad value for 'max'
[   28.565557][  T625] binder: Bad value for 'max'
[   28.570892][  T625] binder: Bad value for 'max'
[   28.575688][  T625] binder: Bad value for 'max'
[   28.580562][  T625] binder: Bad value for 'max'
[   28.585321][  T625] binder: Bad value for 'max'
[   28.590123][  T625] binder: Bad value for 'max'
[   28.594873][  T625] binder: Bad value for 'max'
[   28.599650][  T625] binder: Bad value for 'max'
[   28.604403][  T625] binder: Bad value for 'max'
[   28.609147][  T625] binder: Bad value for 'max'
[   28.614408][  T625] binder: Bad value for 'max'
[   28.619263][  T625] binder: Bad value for 'max'
[   28.624050][  T625] binder: Bad value for 'max'
[   28.628798][  T625] binder: Bad value for 'max'
[   28.633641][  T625] binder: Bad value for 'max'
[   28.638408][  T625] binder: Bad value for 'max'
[   28.643187][  T625] binder: Bad value for 'max'
[   28.647945][  T625] binder: Bad value for 'max'
[   28.653166][  T625] binder: Bad value for 'max'
[   28.658101][  T625] binder: Bad value for 'max'
[   28.662949][  T625] binder: Bad value for 'max'
[   28.667781][  T625] binder: Bad value for 'max'
[   28.674643][  T625] binder: Bad value for 'max'
[   28.679874][  T625] binder: Bad value for 'max'
[   28.684919][  T625] binder: Bad value for 'max'
[   28.689849][  T625] binder: Bad value for 'max'
[   28.694965][  T625] binder: Bad value for 'max'
[   28.701359][  T625] binder: Bad value for 'max'
[   28.706159][  T625] binder: Bad value for 'max'
[   28.712616][  T625] binder: Bad value for 'max'
[   28.717429][  T625] binder: Bad value for 'max'
[   28.722716][  T625] binder: Bad value for 'max'
[   28.727491][  T625] binder: Bad value for 'max'
[   28.732733][  T625] binder: Bad value for 'max'
[   28.738138][  T625] binder: Bad value for 'max'
[   28.751217][  T625] binder: Bad value for 'max'
[   28.751804][  T631] input: syz1 as /devices/virtual/input/input6
[   28.756044][  T625] binder: Bad value for 'max'
[   28.767150][  T625] binder: Bad value for 'max'
[   28.772433][  T625] binder: Bad value for 'max'
[   28.773553][  T308] udevd[308]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory
[   28.777423][  T625] binder: Bad value for 'max'
[   28.793104][  T625] binder: Bad value for 'max'
[   28.797891][  T625] binder: Bad value for 'max'
[   28.803391][  T625] binder: Bad value for 'max'
[   28.808182][  T625] binder: Bad value for 'max'
[   28.813560][  T625] binder: Bad value for 'max'
[   28.818519][  T625] binder: Bad value for 'max'
[   28.823466][  T625] binder: Bad value for 'max'
[   28.828624][  T625] binder: Bad value for 'max'
[   28.833480][  T625] binder: Bad value for 'max'
[   28.838364][  T625] binder: Bad value for 'max'
[   28.843296][  T625] binder: Bad value for 'max'
[   28.848187][  T625] binder: Bad value for 'max'
[   28.853075][  T625] binder: Bad value for 'max'
[   28.857873][  T625] binder: Bad value for 'max'
[   29.035432][  T649] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active
[   29.044297][  T649] rust_binder: Write failure EINVAL in pid:104
[   29.084138][  T663] __vm_enough_memory: pid: 663, comm: syz.1.110, bytes: 281474976845824 not enough memory for the allocation
[   29.112359][  T666] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:110
[   29.163745][  T676] rust_binder: Write failure EINVAL in pid:110
[   29.269619][  T684] rust_binder: Failed to allocate buffer. len:160, is_oneway:false
[   29.909583][  T735] SELinux: failed to load policy
[   29.914745][  T735] SELinux: failed to load policy
[   29.942239][  T735] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[   29.990752][  T740] binder: Bad value for 'stats'
[   30.040619][  T750] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set
[   30.053600][  T750] rust_binder: Write failure EINVAL in pid:69
[   30.054894][  T752] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   30.061364][  T752] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:120
[   30.070949][  T752] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   30.091487][  T752] rust_binder: Read failure Err(EFAULT) in pid:120
[   30.168543][  T761] input: syz1 as /devices/virtual/input/input9
[   30.234892][  T769] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:124
[   30.260923][  T764] rust_binder: Error while translating object.
[   30.273351][  T764] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[   30.279667][  T764] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:73
[   30.290449][  T772] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   30.299745][  T772] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   30.341404][  T776] input input10: cannot allocate more than FF_MAX_EFFECTS effects
[   30.547101][  T790] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:131
[   30.574688][  T792] kvm: vcpu 0: requested 16 ns lapic timer period limited to 200000 ns
[   30.600012][  T792] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer.
[   30.635775][  T794] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer.
[   30.702964][  T804] binder: Bad value for 'stats'
[   30.721994][  T807] input: syz0 as /devices/virtual/input/input11
[   30.754898][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[   30.765967][  T809] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 2
[   30.777388][  T809] SELinux:  policydb string  does not match my string SE Linux
[   30.785744][  T809] SELinux: failed to load policy
[   30.793705][  T809] binder: Unknown parameter 'o����+ϫDŞ6)gAH����<̳o�7^�[ו�7N*���gL�B��2�޸P�|Mu5�L'
[   30.878745][  T815] binder: Bad value for 'defcontext'
[   30.941278][  T822] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   31.012663][  T826] syzkaller0: tun_chr_ioctl cmd 2147767506
[   31.420672][   T36] kauditd_printk_skb: 184 callbacks suppressed
[   31.420690][   T36] audit: type=1400 audit(1750380340.180:342): avc:  denied  { read } for  pid=846 comm="syz.0.176" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   31.501973][   T36] audit: type=1326 audit(1750380340.260:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.528507][   T36] audit: type=1326 audit(1750380340.260:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.551859][   T36] audit: type=1326 audit(1750380340.280:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.552208][  T850] binder: Unknown parameter '00000000000000000005'
[   31.575247][   T36] audit: type=1326 audit(1750380340.280:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.618197][   T36] audit: type=1326 audit(1750380340.280:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.642217][   T36] audit: type=1326 audit(1750380340.280:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.665812][   T36] audit: type=1326 audit(1750380340.280:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.689546][   T36] audit: type=1326 audit(1750380340.280:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.713753][   T36] audit: type=1326 audit(1750380340.280:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=849 comm="syz.0.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efee218e929 code=0x7ffc0000
[   31.775525][  T859] binder: Bad value for 'max'
[   31.775619][  T860] binder: Bad value for 'max'
[   31.903812][  T868] __vm_enough_memory: pid: 868, comm: syz.3.182, bytes: 281474976845824 not enough memory for the allocation
[   32.032347][  T873] FAULT_INJECTION: forcing a failure.
[   32.032347][  T873] name failslab, interval 1, probability 0, space 0, times 0
[   32.045088][  T873] CPU: 0 UID: 0 PID: 873 Comm: syz.0.186 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d
[   32.045124][  T873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   32.045146][  T873] Call Trace:
[   32.045154][  T873]  <TASK>
[   32.045161][  T873]  __dump_stack+0x21/0x30
[   32.045192][  T873]  dump_stack_lvl+0x10c/0x190
[   32.045217][  T873]  ? __cfi_dump_stack_lvl+0x10/0x10
[   32.045243][  T873]  dump_stack+0x19/0x20
[   32.045266][  T873]  should_fail_ex+0x3d9/0x530
[   32.045290][  T873]  should_failslab+0xac/0x100
[   32.045318][  T873]  __kmalloc_node_noprof+0x6c/0x450
[   32.045343][  T873]  ? __kvmalloc_node_noprof+0x11d/0x300
[   32.045368][  T873]  __kvmalloc_node_noprof+0x11d/0x300
[   32.045391][  T873]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[   32.045414][  T873]  ? xa_find+0x11b/0x170
[   32.045434][  T873]  kvm_recalculate_apic_map+0x442/0x1590
[   32.045469][  T873]  ? __cfi_kvm_recalculate_apic_map+0x10/0x10
[   32.045502][  T873]  kvm_apic_set_state+0x54b/0x1910
[   32.045536][  T873]  kvm_vcpu_ioctl_set_lapic+0x23/0x190
[   32.045567][  T873]  kvm_arch_vcpu_ioctl+0x1081/0x2e50
[   32.045596][  T873]  ? avc_has_perm+0x144/0x220
[   32.045617][  T873]  ? __cfi_kvm_arch_vcpu_ioctl+0x10/0x10
[   32.045648][  T873]  ? selinux_file_open+0x457/0x610
[   32.045678][  T873]  ? __cfi_selinux_file_open+0x10/0x10
[   32.045712][  T873]  ? is_bpf_text_address+0x17b/0x1a0
[   32.045743][  T873]  ? kernel_text_address+0xa9/0xe0
[   32.045764][  T873]  ? __kernel_text_address+0x11/0x40
[   32.045785][  T873]  ? do_vfs_ioctl+0xeda/0x1e30
[   32.045814][  T873]  ? arch_stack_walk+0x10b/0x170
[   32.045841][  T873]  ? __ia32_compat_sys_ioctl+0x850/0x850
[   32.045871][  T873]  ? _parse_integer_limit+0x195/0x1e0
[   32.045894][  T873]  ? _parse_integer+0x2e/0x40
[   32.045914][  T873]  ? kstrtoull+0x13b/0x1e0
[   32.045934][  T873]  ? kstrtouint+0x78/0xf0
[   32.045954][  T873]  ? ioctl_has_perm+0x1aa/0x4d0
[   32.045984][  T873]  ? __asan_memcpy+0x5a/0x80
[   32.046007][  T873]  ? ioctl_has_perm+0x3e0/0x4d0
[   32.046036][  T873]  ? has_cap_mac_admin+0xd0/0xd0
[   32.046065][  T873]  ? __kasan_check_write+0x18/0x20
[   32.046089][  T873]  ? mutex_lock_killable+0x92/0x1c0
[   32.046110][  T873]  ? __cfi_mutex_lock_killable+0x10/0x10
[   32.046130][  T873]  ? proc_fail_nth_write+0x17e/0x210
[   32.046150][  T873]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   32.046171][  T873]  kvm_vcpu_ioctl+0x77c/0xee0
[   32.046199][  T873]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   32.046226][  T873]  ? __cfi_vfs_write+0x10/0x10
[   32.046251][  T873]  ? __kasan_check_write+0x18/0x20
[   32.046274][  T873]  ? mutex_unlock+0x8b/0x240
[   32.046292][  T873]  ? __cfi_mutex_unlock+0x10/0x10
[   32.046311][  T873]  ? __fget_files+0x2c5/0x340
[   32.046340][  T873]  ? __fget_files+0x2c5/0x340
[   32.046367][  T873]  ? bpf_lsm_file_ioctl+0xd/0x20
[   32.046389][  T873]  ? security_file_ioctl+0x34/0xd0
[   32.046417][  T873]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   32.046444][  T873]  __se_sys_ioctl+0x132/0x1b0
[   32.046473][  T873]  __x64_sys_ioctl+0x7f/0xa0
[   32.046500][  T873]  x64_sys_call+0x1878/0x2ee0
[   32.046536][  T873]  do_syscall_64+0x58/0xf0
[   32.046563][  T873]  ? clear_bhb_loop+0x35/0x90
[   32.046595][  T873]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   32.046625][  T873] RIP: 0033:0x7efee218e929
[   32.046650][  T873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   32.046667][  T873] RSP: 002b:00007efee2f19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   32.046694][  T873] RAX: ffffffffffffffda RBX: 00007efee23b5fa0 RCX: 00007efee218e929
[   32.046709][  T873] RDX: 0000200000000140 RSI: 000000004400ae8f RDI: 0000000000000005
[   32.046723][  T873] RBP: 00007efee2f19090 R08: 0000000000000000 R09: 0000000000000000
[   32.046736][  T873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   32.046748][  T873] R13: 0000000000000000 R14: 00007efee23b5fa0 R15: 00007ffd684a7f18
[   32.046765][  T873]  </TASK>
[   32.046790][  T873] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer.
[   32.722609][  T888] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer.
[   32.752016][  T889] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   32.761254][  T889] rust_binder: Error while translating object.
[   32.761286][  T889] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[   32.767468][  T889] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:109
[   32.809377][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   32.809410][  T392] Bluetooth: hci0: command 0x1003 tx timeout
[   32.884136][  T896] SELinux: security_context_str_to_sid (system_u�Gй�:��) failed with errno=-22
[   32.893993][  T898] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   32.894021][  T898] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   32.931639][  T907] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer.
[   32.984612][  T907] FAULT_INJECTION: forcing a failure.
[   32.984612][  T907] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   33.010890][  T907] CPU: 0 UID: 0 PID: 907 Comm: syz.3.195 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d
[   33.010926][  T907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   33.010939][  T907] Call Trace:
[   33.010945][  T907]  <TASK>
[   33.010954][  T907]  __dump_stack+0x21/0x30
[   33.010983][  T907]  dump_stack_lvl+0x10c/0x190
[   33.011007][  T907]  ? __cfi_dump_stack_lvl+0x10/0x10
[   33.011033][  T907]  dump_stack+0x19/0x20
[   33.011056][  T907]  should_fail_ex+0x3d9/0x530
[   33.011081][  T907]  should_fail+0xf/0x20
[   33.011100][  T907]  should_fail_usercopy+0x1e/0x30
[   33.011124][  T907]  _copy_to_user+0x24/0xa0
[   33.011153][  T907]  simple_read_from_buffer+0xed/0x160
[   33.011188][  T907]  proc_fail_nth_read+0x19e/0x210
[   33.011208][  T907]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   33.011228][  T907]  ? bpf_lsm_file_permission+0xd/0x20
[   33.011251][  T907]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   33.011271][  T907]  vfs_read+0x278/0xb60
[   33.011294][  T907]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   33.011323][  T907]  ? __cfi_vfs_read+0x10/0x10
[   33.011345][  T907]  ? __kasan_check_write+0x18/0x20
[   33.011368][  T907]  ? mutex_lock+0x92/0x1c0
[   33.011387][  T907]  ? __cfi_mutex_lock+0x10/0x10
[   33.011406][  T907]  ? __fget_files+0x2c5/0x340
[   33.011435][  T907]  ksys_read+0x141/0x250
[   33.011459][  T907]  ? xfd_validate_state+0x68/0x150
[   33.011492][  T907]  ? __cfi_ksys_read+0x10/0x10
[   33.011517][  T907]  ? __kasan_check_write+0x18/0x20
[   33.011539][  T907]  ? fpregs_restore_userregs+0x11d/0x260
[   33.011573][  T907]  __x64_sys_read+0x7f/0x90
[   33.011597][  T907]  x64_sys_call+0x2638/0x2ee0
[   33.011624][  T907]  do_syscall_64+0x58/0xf0
[   33.011649][  T907]  ? clear_bhb_loop+0x35/0x90
[   33.011681][  T907]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   33.011711][  T907] RIP: 0033:0x7fbf2838d33c
[   33.011728][  T907] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   33.011746][  T907] RSP: 002b:00007fbf292a9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   33.011786][  T907] RAX: ffffffffffffffda RBX: 00007fbf285b5fa0 RCX: 00007fbf2838d33c
[   33.011801][  T907] RDX: 000000000000000f RSI: 00007fbf292a90a0 RDI: 0000000000000006
[   33.011814][  T907] RBP: 00007fbf292a9090 R08: 0000000000000000 R09: 0000000000000000
[   33.011827][  T907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   33.011840][  T907] R13: 0000000000000000 R14: 00007fbf285b5fa0 R15: 00007ffee048da18
[   33.011857][  T907]  </TASK>
[   33.385522][  T923] rust_binder: Error in use_page_slow: ESRCH
[   33.385553][  T923] rust_binder: use_range failure ESRCH
[   33.397535][  T926] binder: Bad value for 'stats'
[   33.409609][  T923] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[   33.409640][  T923] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   33.417515][  T923] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:116
[   33.518342][  T935] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   33.530858][  T935] rust_binder: Read failure Err(EFAULT) in pid:193
[   33.568361][  T939] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   33.585387][  T935] input: syz0 as /devices/virtual/input/input13
[   33.850728][  T953] input: syz1 as /devices/virtual/input/input14
[   34.000642][  T967] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:207
[   34.120383][  T976] binder: Unknown parameter 'processor	: 0
[   34.120383][  T976] vendor_id	: GenuineIntel
[   34.120383][  T976] cpu family	: 6
[   34.120383][  T976] model		: 79
[   34.120383][  T976] model name	: Intel(R) Xeon(R) CPU @ 2.20GHz
[   34.120383][  T976] stepping	: 0
[   34.120383][  T976] microcode	: 0xffffffff
[   34.120383][  T976] cpu MHz		: 2199.998
[   34.120383][  T976] cache size	: 56320 KB
[   34.120383][  T976] physical id	: 0
[   34.120383][  T976] siblings	: 2
[   34.120383][  T976] core id		: 0
[   34.120383][  T976] cpu cores	: 1
[   34.120383][  T976] apicid		: 0
[   34.120383][  T976] initial apicid	: 0
[   34.120383][  T976] fpu		: yes
[   34.120383][  T976] fpu_exception	: yes
[   34.120383][  T976] cpuid level	: 13
[   34.120383][  T976] wp		: yes
[   34.120383][  T976] flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities
[   34.120383][  T976] vmx flags	: vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi
[   34.230879][  T986] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:137
[   34.367514][  T986] rust_binder: Error while translating object.
[   34.377292][  T986] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   34.383666][  T986] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:137
[   34.759437][ T1009] SELinux:  Context ��o���}
��xd is not valid (left unmapped).
[   34.801089][ T1013] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585)
[   34.801117][ T1013] rust_binder: Error while translating object.
[   34.839414][ T1013] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   34.862386][ T1013] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:150
[   34.922847][ T1021] rust_binder: Write failure EFAULT in pid:152
[   34.980938][ T1023] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (16 ns). Using initial count to start timer.
[   35.056731][ T1025] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set
[   35.070161][ T1025] rust_binder: Write failure EINVAL in pid:156
[   35.111027][ T1028] binder: Bad value for 'max'
[   35.355706][ T1042] rust_binder: Write failure EFAULT in pid:168
[   35.483199][ T1055] kernel profiling enabled (shift: 8)
[   35.559563][ T1060] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   35.566092][ T1060] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[   35.597521][ T1064] binder: Unknown parameter 'dont_hash'
[   35.659380][ T1062] input: syz1 as /devices/virtual/input/input15
[   35.700609][ T1061] input: syz0 as /devices/virtual/input/input16
[   35.761023][ T1070] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:191
[   35.896151][ T1084] block device autoloading is deprecated and will be removed.
[   35.921441][ T1085] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer.
[   35.939992][ T1084] syzkaller0: tun_chr_ioctl cmd 1074025673
[   35.945844][ T1086] syzkaller0: tun_chr_ioctl cmd 2147767506
[   35.951848][ T1088] binder: Unknown parameter 'coyBLV�"i5������ntext'
[   35.959075][ T1084] syzkaller0: tun_chr_ioctl cmd 2147767506
[   36.073923][ T1097] SELinux: security_context_str_to_sid () failed with errno=-22
[   36.084699][ T1099] rust_binder: Write failure EFAULT in pid:197
[   36.187417][ T1109] SELinux: failed to load policy
[   36.204529][ T1109] SELinux: failed to load policy
[   36.212414][ T1109] SELinux: failed to load policy
[   36.220819][ T1109] SELinux: failed to load policy
[   36.232581][ T1109] SELinux: failed to load policy
[   36.237959][ T1109] ------------[ cut here ]------------
[   36.241443][ T1113] syz.3.258 (1113) used obsolete PPPIOCDETACH ioctl
[   36.243505][ T1109] WARNING: CPU: 0 PID: 1109 at mm/page_alloc.c:5157 __alloc_pages_noprof+0xe4/0x6c0
[   36.259543][ T1109] Modules linked in:
[   36.263454][ T1109] CPU: 0 UID: 0 PID: 1109 Comm: syz.1.257 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d
[   36.276863][ T1109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   36.286969][ T1109] RIP: 0010:__alloc_pages_noprof+0xe4/0x6c0
[   36.292929][ T1109] Code: 0f 1f 44 00 00 41 83 fd 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d a4 78 ee 05 00 0f 85 c4 00 00 00 c6 05 97 78 ee 05 01 <0f> 0b 31 c0 e9 b6 00 00 00 41 83 fd 0a 0f 87 aa 00 00 00 44 89 6c
[   36.312608][ T1109] RSP: 0018:ffffc9000e707680 EFLAGS: 00010246
[   36.318697][ T1109] RAX: 0000000000000000 RBX: 1ffff92001ce0ed4 RCX: 0000000000000000
[   36.326708][ T1109] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e707728
[   36.334742][ T1109] RBP: ffffc9000e7077a8 R08: ffffc9000e707727 R09: 0000000000000000
[   36.342768][ T1109] R10: ffffc9000e707710 R11: fffff52001ce0ee5 R12: ffffc9000e7076c0
[   36.350797][ T1109] R13: 0000000000000016 R14: dffffc0000000000 R15: 0000000000000000
[   36.358795][ T1109] FS:  00007f92cc72a6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   36.367768][ T1109] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   36.374415][ T1109] CR2: 00007fbf292a8f98 CR3: 000000010c7c6000 CR4: 00000000003526b0
[   36.382460][ T1109] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[   36.390479][ T1109] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   36.398487][ T1109] Call Trace:
[   36.401828][ T1109]  <TASK>
[   36.404776][ T1109]  ? __cfi___alloc_pages_noprof+0x10/0x10
[   36.410544][ T1109]  ? __kasan_slab_alloc+0x73/0x90
[   36.415593][ T1109]  ? hashtab_init+0xdb/0x1f0
[   36.420227][ T1109]  ___kmalloc_large_node+0x9c/0x1d0
[   36.425444][ T1109]  ? ebitmap_read+0x21d/0x990
[   36.430157][ T1109]  ? hashtab_init+0xdb/0x1f0
[   36.434787][ T1109]  __kmalloc_large_node_noprof+0x1e/0xe0
[   36.440466][ T1109]  ? hashtab_init+0xdb/0x1f0
[   36.445075][ T1109]  __kmalloc_noprof+0x26d/0x450
[   36.449957][ T1109]  hashtab_init+0xdb/0x1f0
[   36.454402][ T1109]  ? policydb_read+0x86f/0x28c0
[   36.459261][ T1109]  symtab_init+0x44/0x70
[   36.463554][ T1109]  policydb_read+0x8fe/0x28c0
[   36.468261][ T1109]  ? kasan_save_alloc_info+0x40/0x50
[   36.473579][ T1109]  ? __cfi_policydb_read+0x10/0x10
[   36.478720][ T1109]  ? security_load_policy+0x128/0x12f0
[   36.484217][ T1109]  security_load_policy+0x162/0x12f0
[   36.489554][ T1109]  ? __kasan_check_write+0x18/0x20
[   36.494692][ T1109]  ? _raw_spin_lock+0x8c/0x120
[   36.499519][ T1109]  ? __cfi__raw_spin_lock+0x10/0x10
[   36.504737][ T1109]  ? sel_write_load+0x226/0x5e0
[   36.509638][ T1109]  ? vmalloc_noprof+0xfd/0x1d0
[   36.514425][ T1109]  ? _raw_spin_unlock+0x45/0x60
[   36.519294][ T1109]  ? __cfi_security_load_policy+0x10/0x10
[   36.525078][ T1109]  ? __kasan_check_write+0x18/0x20
[   36.530249][ T1109]  sel_write_load+0x298/0x5e0
[   36.534965][ T1109]  ? futex_wait+0x288/0x540
[   36.539517][ T1109]  ? __cfi_sel_write_load+0x10/0x10
[   36.544755][ T1109]  ? __cfi_futex_wait+0x10/0x10
[   36.549649][ T1109]  ? bpf_lsm_file_permission+0xd/0x20
[   36.555051][ T1109]  ? __cfi_sel_write_load+0x10/0x10
[   36.560313][ T1109]  vfs_write+0x3c0/0xe80
[   36.564579][ T1109]  ? __cfi_vfs_write+0x10/0x10
[   36.569393][ T1109]  ? __kasan_check_write+0x18/0x20
[   36.574547][ T1109]  ? mutex_lock+0x92/0x1c0
[   36.578965][ T1109]  ? __cfi_mutex_lock+0x10/0x10
[   36.583857][ T1109]  ? __fget_files+0x2c5/0x340
[   36.588559][ T1109]  ksys_write+0x141/0x250
[   36.592930][ T1109]  ? xfd_validate_state+0x68/0x150
[   36.598105][ T1109]  ? __cfi_ksys_write+0x10/0x10
[   36.603013][ T1109]  ? __kasan_check_write+0x18/0x20
[   36.608143][ T1109]  ? fpregs_restore_userregs+0x11d/0x260
[   36.613818][ T1109]  __x64_sys_write+0x7f/0x90
[   36.618483][ T1109]  x64_sys_call+0x271c/0x2ee0
[   36.623220][ T1109]  do_syscall_64+0x58/0xf0
[   36.627661][ T1109]  ? clear_bhb_loop+0x35/0x90
[   36.632390][ T1109]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   36.638319][ T1109] RIP: 0033:0x7f92cb98e929
[   36.642769][ T1109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   36.662432][ T1109] RSP: 002b:00007f92cc72a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   36.670896][ T1109] RAX: ffffffffffffffda RBX: 00007f92cbbb6080 RCX: 00007f92cb98e929
[   36.678890][ T1109] RDX: 0000000000002011 RSI: 0000200000000000 RDI: 0000000000000007
[   36.686995][ T1109] RBP: 00007f92cba10b39 R08: 0000000000000000 R09: 0000000000000000
[   36.695030][ T1109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   36.703054][ T1109] R13: 0000000000000000 R14: 00007f92cbbb6080 R15: 00007ffd1eb71548
[   36.711082][ T1109]  </TASK>
[   36.714113][ T1109] ---[ end trace 0000000000000000 ]---
[   36.719696][ T1109] SELinux: failed to load policy