last executing test programs:

1.133265722s ago: executing program 2 (id=3):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001500)={0x44, 0x0, &(0x7f0000001380)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1.077417263s ago: executing program 1 (id=2):
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x4, 0x6031, 0xffffffffffffffff, 0x0) (async)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async)
ioctl$TCFLSH(r0, 0x540b, 0x0) (async)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000031c0)={0x1, <r1=>0xffffffffffffffff})
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000003200)={0x0, 0x1, 0xffffffff00000000, 0x7}) (async)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000003140)='/sys/kernel/notes', 0x0, 0x0) (async)
ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x18)
write$cgroup_int(r2, &(0x7f0000000140)=0x400900, 0x12) (async)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000003180)=0x100000)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCMGET(r3, 0x5423, &(0x7f0000007000)) (async)
r4 = openat$cgroup_ro(r2, &(0x7f0000003100)='devices.list\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000001000)={0x2020, 0x0, <r5=>0x0}, 0x2020) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3f)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x400000b7}]}) (async)
openat$selinux_status(0xffffffffffffff9c, &(0x7f00000030c0), 0x0, 0x0) (async)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000003040)={0x50, 0x0, r5, {0x7, 0x2b, 0x50, 0x4101000, 0xfff5, 0x8, 0xa04, 0x9, 0x0, 0x0, 0x20, 0x9}}, 0x50)

961.322955ms ago: executing program 2 (id=7):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x0, 0x1a}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x31}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

926.728495ms ago: executing program 2 (id=8):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f00000000c0)=0xebe)
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040))
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x95d})
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000d40), 0x1a1800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000005c0)={"547f37ac98435d85f10981edb71da6c42e5f501dd88db91c1ce734830962180e6a2552c353c8c70c49211912b85f64438ac05dfaafcc27e5d0af50a9b0ce8eb8940ddf0e3ff3295898068c48bd6800a388c33b89673120c5d0061f7aa493fcd1a82b35d75ac5709c3b2fd2970877d2d86f129dea827fc104679695452581f7f3ba4bdcd93d411dd8259216a7a44fd8680da2bc4a40c2eb92c3f64440f43e93c86c87b55d02311565f1a85cbd27ac074c7a4ebbbd2e30a2bfa3799cc01035a11c7e3d5bc24e02575370d40169503697ab6c4b129ebb3185d1bb076dd34551edf875c98ff4b3a47da3ce45b29feda9af45e6d3cc6bbc7123c242c37bb01e7f7e15abf793795f9e8ed48ee0961bfce77786db62a5e40cdfa6fb145af1b6b5d266badc766217c7e49497ebcf1277962334c15f3654cafda1292b7d8f8e6b72a448c586fb404ad3884c664db46016f8232e59cf52c9c9ff1352ce967e60d79726c587c1b5ca7f4813513e41315c690c96340a45af1368f22308eb947ec54d8eaf09835f7eb60a17cdc55a303b56e16cb203e159f4e710f28d85734bff97bd1211090f59ea7b2316870ab24e2290eeb8464129fb434c88c31a6f71dcb9d94af4897c75e706bad561228e9917f1e63d058e12dff241cc3c17575246d627107fb664e9bba66707f29b3f6cadb4be663cf1307c8970489d0bc291863ab4ab0fa1eef68f384dbacb516927ee5944b687c831d66c8c489bc63b31baee96088df5a37d80bf320262d38177844957d96244d1cfd8f597d5002d46ac3a2ddf4ad09908c93398dc1178a8d20cdbe0a904ecfb09420ac3d229e3b11479080f6d0973ec2f01d28083d806fe610d5c9944d8186c18f43eebf4e611d2a30d02306e2676b465cb24a59e3097726730ba30520cad907eadf2f39443bc7965d63eb3950a81e506b0fb6a97ee390326031ce61d79d747542613b591d29574e354374cdab86e9d3581b518e955301ba64e33b7aba1af51e1c1c762ec8784f03c552327f530ad370bbefc82cd2bce1b097e352f77d9eccfb5cf8fcdf75d63b148b587d22fa3f8fe5a7a85f9e81025a6a03cd7f778e21069374ef54209870977f9810be792d3e07697fdd2f3ebcaa45d153d890e5e6a0af645da152c2b7e14018fb2fd55055e47368922bdd06b6164f4e0eb2adefc25fd7086b279787eb0dde365442f9e236c809d1988c11f6ecabc5c11b207dc9e4e9f8fe81779595ce57eea0b41b358ad9ecace22ea5bf8c76a49289a87a1991c3d39ed4a88ffe604d58462700859e5ade19b190322f5b77a9083074cee23a4004a6a98dd29de543aeab703023956eb7d9cdaaedf7bec9a76469c14bdf6a6768e0c14d7a9ccb5c05d9969980eca571f4b2967fcdf91cb4bc16a3d8e070a1a7e5831868ea4bec2dedcc112df0d9704a97a7670aae1c7d89e26"})
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x2000, 0x8, 0x1, 0xeffffdff, 0x0, [{0xff, 0xff}, {0x15, 0x3, 0x5, '\x00', 0x7}, {0x8, 0x4}, {0xfe, 0x0, 0x7d, '\x00', 0xdc}, {}, {0x81, 0x65, 0x5}, {0x0, 0x0, 0x31, '\x00', 0x3}, {0x0, 0x5d, 0x0, '\x00', 0x6}, {0x0, 0x33, 0xfa, '\x00', 0x8}, {0x2, 0x6}, {0xff, 0x5, 0x0, '\x00', 0x4}, {0x0, 0x8, 0xff, '\x00', 0xfc}, {}, {0x3, 0x0, 0x0, '\x00', 0x5}, {0xfc, 0xa, 0x0, '\x00', 0x3}, {0x0, 0x86, 0x80, '\x00', 0x5}, {0x7, 0x2, 0x7f}, {0x5, 0x0, 0x0, '\x00', 0x40}, {0x20, 0xfd, 0x19, '\x00', 0x5}, {0x0, 0x0, 0x2, '\x00', 0x25}, {0x58, 0x9}, {0x0, 0x0, 0x41}, {0x0, 0x0, 0x9}, {0x0, 0x0, 0x7, '\x00', 0x1}]}})
mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r3, 0x0)
mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r3, 0x0)

823.140397ms ago: executing program 1 (id=10):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"])
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$BLKSECTGET(r4, 0x1267, &(0x7f0000000140))
ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040))
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_procs(r6, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc018620c, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0})
write$cgroup_pid(r7, &(0x7f00000001c0), 0x12)
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
openat$cgroup_freezer_state(r6, &(0x7f0000000200), 0x2, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x4, <r12=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x13, r12, 0xb3d68000)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000001ac0)={0x322004100, 0x0, 0x0, 0x0, {0xc}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r9, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

668.825699ms ago: executing program 2 (id=13):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0)
syz_clone3(0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_X86_SET_MCE(r4, 0x4040ae9e, &(0x7f0000000000)={0xf800000000000000, 0x2, 0x8100000008, 0x0, 0x2})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x18, 0x0, &(0x7f0000000000)=[@acquire={0x40046305, 0x3}, @request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0})

634.66739ms ago: executing program 1 (id=15):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0)
close(r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
write$cgroup_int(r1, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r4, 0x4024700a, &(0x7f0000000080)={0x25, 0x39, 0x8, 0x7, 0xa, 0x80, 0x4, 0xf, 0xffffffffffffffff})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000480)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x400c6314, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x700000000000000, 0x0})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@binder={0x73622a85, 0x1101, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x10}, @fda={0x66646185, 0x8, 0x1, 0x40}}, &(0x7f0000000280)={0x0, 0x18}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000000)={0x2})

543.789861ms ago: executing program 0 (id=16):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
close(r4)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)

541.781811ms ago: executing program 2 (id=17):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x3)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000f2000040"])
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000014d564b00000000ab00"])
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100), 0x22203, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
ioctl$BLKROSET(r8, 0x125d, &(0x7f0000000040)=0x9)
read(r8, &(0x7f0000000080)=""/93, 0xffffff6c)

541.367041ms ago: executing program 1 (id=18):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000013c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000000000001010040000000000000000000000000d901"])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x53, 0x0, &(0x7f0000000400)="892a7863af87409b1b8fe4e183cc4e2c2eddca324f8c2a61fb078c81d7272d92b902bf051aacb6decd83ec368991a0d7599c3ce3f7bed9d8078ba649896475d964ddb0c6d4d498b0ef80a3f6170b75654851be"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0})

533.180631ms ago: executing program 3 (id=19):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='memory.stat\x00', 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x9, 0x7, &(0x7f00000002c0)=0xf2a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r2, 0x40046210, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000002400)={0x74, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000100)={@fda={0x66646185, 0x2, 0x2, 0x3d}, @flat=@weak_binder={0x77622a85, 0x101, 0x3}, @fd}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @acquire={0x40046305, 0x2}, @increfs_done={0x40106308, 0x2}, @decrefs={0x40046307, 0x2}, @register_looper], 0x4, 0x0, &(0x7f0000000240)="eae7db1c"})

510.900462ms ago: executing program 3 (id=20):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read(r1, &(0x7f0000000000), 0x2002)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000280)='cgroup.freeze\x00', 0x275a, 0x0)
read$FUSE(r3, &(0x7f00000002c0)={0x2020}, 0x2020)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
read(r1, &(0x7f0000000000), 0x2002) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
openat$cgroup_ro(r2, &(0x7f0000000280)='cgroup.freeze\x00', 0x275a, 0x0) (async)
read$FUSE(r3, &(0x7f00000002c0)={0x2020}, 0x2020) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) (async)

396.094133ms ago: executing program 0 (id=21):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xfd)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x32)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x1, 0x0)
write$uinput_user_dev(r1, &(0x7f00000002c0)={'syz0\x00', {0x7ff, 0x6, 0x4, 0x9}, 0x48, [0xf03b, 0x4, 0x6b54ba5b, 0x8, 0x7ff, 0x19, 0x401, 0x6, 0x8, 0x5, 0x7, 0x7, 0x3, 0x8, 0x0, 0x43a, 0x400, 0x1, 0x6, 0x9, 0x9, 0x730, 0xfffff000, 0x61, 0x4, 0x80000000, 0x1, 0x1, 0x9, 0x1, 0x1c0, 0xfff, 0x8, 0x864c, 0x2, 0x5, 0x400, 0x17cbc6a7, 0xfc3, 0x7, 0x1, 0x6, 0x400, 0x80, 0x81, 0xf3, 0x8d, 0x8000, 0x1, 0x9, 0x5, 0x4, 0x100, 0x7f, 0x200, 0x0, 0x6, 0xfffffb81, 0x2, 0xaeb80000, 0x507440df, 0x8, 0x147, 0x1], [0x401, 0x800, 0x5, 0x3ff, 0x2, 0x0, 0x1ff, 0x8, 0x7, 0x80000001, 0x4, 0x200, 0x7ffc, 0x9, 0xfffffffe, 0x0, 0x3, 0x8, 0x1, 0x40, 0x1, 0x5, 0x9, 0x8, 0x4, 0x80000000, 0x1ff, 0x60, 0x1, 0x5, 0x9, 0x10000, 0x1, 0xc, 0x8000, 0x92, 0x10000, 0x101, 0x0, 0x7ff, 0x2cf, 0x8d9, 0x9, 0x3, 0x2, 0x7, 0x1, 0x37, 0xffffffff, 0x6, 0x8cbb2a9, 0xfffffff5, 0x1, 0x40000004, 0x9, 0x2, 0xfffffff7, 0xfff, 0x3, 0x4, 0x7, 0x10, 0x6, 0x7f], [0xff, 0xcd98, 0x2, 0xb2, 0x6, 0x12, 0x45a, 0x6, 0x9, 0xffffffff, 0x50b, 0x8001, 0x9257, 0x80000000, 0x7fff, 0x2, 0xffff0001, 0x1000, 0x5, 0x2, 0x7, 0x1, 0x6, 0x2, 0x8, 0x9, 0x4, 0x7, 0xff, 0x2, 0x284, 0x8, 0x7, 0x1, 0x9, 0x7f, 0xf17, 0x8, 0x6, 0x8000, 0x9, 0x30000, 0x8, 0x8, 0x6, 0x1, 0xdde9, 0x6, 0x401, 0x7fff, 0x0, 0x7, 0x4, 0x0, 0x3, 0x1, 0xc8, 0x0, 0x4, 0x80, 0x8, 0x2, 0x24d4, 0x2], [0xffff4d44, 0x0, 0x8, 0x3, 0x2, 0x9, 0x5, 0xffff, 0x1, 0x1, 0x7, 0x4, 0x6, 0xff, 0x5, 0x40, 0xc0, 0x4, 0x1, 0x0, 0x6, 0x3, 0xfffffffc, 0xb3, 0xfffffff7, 0x101, 0x3, 0x1, 0x4000081, 0x1, 0x400, 0x4, 0xfeb, 0xf3e, 0x4, 0xa, 0x8, 0x400, 0x87e9, 0x6, 0x9a2b, 0x2, 0x6000, 0xddc4, 0x0, 0x40, 0x1, 0x3, 0x4, 0x3, 0x9, 0x0, 0x1000, 0x6, 0x4, 0x9, 0x9, 0x0, 0x6, 0x8, 0x7ff, 0x8d, 0x7, 0x10]}, 0x45c)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f00000021c0)=ANY=[@ANYBLOB="3d8879"])

395.544273ms ago: executing program 3 (id=22):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x20000401)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) (async)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) (async)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000ac0)={0x2, 0x0, [{0x3000, 0x8f, &(0x7f0000000380)=""/143}, {0xe980c971206c8c5e, 0xbe, &(0x7f0000000880)=""/190}]}) (async)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000ac0)={0x2, 0x0, [{0x3000, 0x8f, &(0x7f0000000380)=""/143}, {0xe980c971206c8c5e, 0xbe, &(0x7f0000000880)=""/190}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000500)=0x1)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000000)=0xc000000) (async)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000000)=0xc000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, 0xfffffffffffffffe) (async)
ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, 0xfffffffffffffffe)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000))

360.514094ms ago: executing program 0 (id=23):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x4, &(0x7f00000001c0)=""/64, 0x40, 0x0, 0x32}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

345.826074ms ago: executing program 0 (id=24):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async, rerun: 64)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000eaffffff94000040"]) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async, rerun: 64)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 64)
mmap(&(0x7f0000b17000/0x3000)=nil, 0x3000, 0x3, 0x28011, r5, 0x0) (async)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x1000) (async)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r4, 0x0) (async)
mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r4, 0x2000) (async)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
write$vga_arbiter(r7, &(0x7f0000000040)=@target={'target ', {'PCI:', '0', ':', '15', ':', '15', '.', '1c'}}, 0x16) (async)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r8, 0xc028ae92, &(0x7f0000000180)={0x5})
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f00000021c0)=ANY=[@ANYBLOB='contezt=sy\b\x00em_u,\x00']) (async)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) (async, rerun: 32)
r10 = ioctl$TIOCGPTPEER(r4, 0x5441, 0x344) (async, rerun: 32)
r11 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r11, 0xc004743e, &(0x7f0000000000)) (async, rerun: 32)
ioctl$PPPIOCSDEBUG(r11, 0x40047440, 0x0) (async, rerun: 32)
ioctl$BTRFS_IOC_RM_DEV(r9, 0x5000940b, &(0x7f0000000200)={{r10}, "385a1c4009b776783efbbcacef909d96ff32afb660f6d8006f73835bce20225007743a95365a5866a6e0b0bca5e0e2c8539a32bcfeaa624eccbe7f14e756752eca4ad393fcebd10e8456f0fd4590d94b0c1ceb97c3c1a628d3bd041059ad02f4013ba86a5a7646084f5b946da8368a84cda744bd14a0e9d30196496b872d0c896c29667f68ba74eff8bd3aecb7794b6656a4f9d8ab813bec36e783800baa31ba487c7f291698f5d32020849df895d0269e2e6a3e9c9b50e54415305cac0cefa6e4ecdf8c162b2474a49dc5ba5cbed8245656e0c07f078b9feb43ec29a20569f4f1b6cc0707de33e107bd913a485cc79cd8e87691a6fcdc24f4505fd05efc82d42cdb9ab835bb2402f66c769a530c3f5f506ef0ec816f5ed6b1a4167ea3199c262b1f913a84c0fef9df6244f0dfd0845c3b162e332c21b88ce199b79e5d0ac4a6713a62921404f82b3f0322970d33fed88274d5a6ea256edf07e1208506219463353e2ded3f83a4cc73606001384831ebed54d5e13b449377ca12cd6d80612b5fdeb8b923d22e0bfbd5bd0ab142999e0cd01be74aba68d6e96bcc6f7dcfb43cd67125dc594bb98107e4e6aeb3f18906011c555c9a595682d64bdd564f72eca586758dae33be1eeda219a5fcab27b4789c052fc8465d916b4147bc047c4002fd0b384b38c77d00c0326cd5f26f6f5cf6f47ccc2b5997835860d92a08c6f76df9a06dab430301cef8754591ee74591e4fa722b7c776ac33573b9a63385ccedf86942eaabf144f4bb5fc848a2d7e5e60950639d1218250955d5b490ff796993ad1a420b33dfe49ce03809c29ab279498b8a75039319ec86ed7c70310da33d0cf4b37339fb4de5d609daddac38d0f16a4b89395e5f48de417841340f6bc2f225b98395f27ea0b3b93ab3a587acf724d632a7ffa1174b7ce357cd8ba55d1f207b7c76957a4afe4368b775a405bc9b40ea80049f25cbd9f1af2e154c4e9f70860f47e083cc4bfb7119f5ed132df4bfe86fc70722eb94ac2d3a8f2ee38631184d8333ee4c56cae3001d18064fe81a9bcf68b6954b03124e448b9edf61af056fd19a0163f71fbf641f18d5779815ec8015bc79397ced7e9df9f51b43c8a75ed9a8148c434940144dda2d0a8fbd9601e951ba704dcea0e6b3e1cdbeba04071b3cf83c75586bc05d8286183776418da493ff260d6a98d9745e3fa25f2f7d0fcf90a23166de582ebf1675aed71ce347aab2e40102f9ba5248b364ebb374f52f1413029b3cbe3b3271f794ee311637684e69bffa6b7d34f8e5a162cf4208dd30f192d7d120a9bba5ca489bcc660bbdbdceddf2506904ade2c4a9a09a56b7e3b61e1d0d6a20c3588204afc23bebe54b525eb305092e06b5c11a6fafca41728e4ff4dcc60b25c4f2be7dd1df1dfa4c7ab4314531d773f0f00adb66899d7bbec306eff78703262da798c8b6f9dc9c0d2ddc9a348861fa23294cd964f977463a256d7ae3aee004e08257c0aa8fd8df3cde28721154ff9e5c9635d48a16f0d12efb8dddc5e9718b23d2823d6e93fdc0e587532e0222c7abcd152e75e70acb9e4518f21a040acec004455d09b46b2f39b3789bf71532872be8f9c4a619e9ab1280b316cd67a0ec6a45d466438db8203b8bcd97f6fa091beb904b5d5aa6f0fac3e5a726d1b80d6d04bd8878c8da3e53074bdb67e37adc635b95bd4ebfb6cf8938e64ccb610beaf703dc4e9920ba7faa7534642c971f8748e36a21a7dad2f14a7d2fe4b71540d8be9cb3f92461de18ea7de6fa3b4729a308a315660a09fab536db75e1d7d351c0ae5e197b3af91edf41032fc48f9220e21707c5536362ca5627f1e85bbd4d1043d0528def75484a7eef6469682a2d634365e737dc2703fde51f07b2c30f30bfa488dddaa36128d4973f07211716299d3e9016c636e4c081fa32dd32948cc30f9c242b92dcc492950fd033265af5723fc074084cf1b3fb03a98662f26ad7659f29ceca75391e127036f43ad016c5001f12112a28e6cb2a354b66da4f82d8c4ff368e64475098efd0bf386115635bbac0ee0ad7ad86fcd7088c8d72845bab0895ac4331a3c46c65255596a61c2de77e450cedf0ce2e874c9596232f6a53884fa9aab4072eac93af6fc12250a4983320d54b342bd1aceed5d49d5af34b17fbde1efac3a25ebb204295b72b429933b0a5d5a229b2fbfc3fd499b925f8f6d5d29caf8b12da5057580334f6420d4d4aaa60422971d7085f09e4f804c061f2a95cf6e37e692ad9e64a08d30bef5b8276f45462971889dde58ed7a27202fdca37f71da09054cdbe6eff9bca6e963ffb1f2ec15b71965754efa6398c1c561a5893d5d9211fd5649a94c26e7aec78c3411adce8ba9eb81b60ab0d9839611823366de48ae990ad44fcbb2439ce231c5c61a2b0dae7c6d24b8975d68fea9c4d8d8a078d5fc59fae1f1cfa90a13237b640fb1052b03b1cd83c3b786a765ed078276932fb5f1f217723d524720504b5d1befd025a7258c58644427bf73a905a850807db69eb2e424ff1a44a75c9042794a6cea30b66ba8246695fad7ae7022ef0018f5494cc80dcb5f5f1952cfa54443e5a6d237ce213f87e7cfc08222af47f7371f1f45ffb3900b625d03cc0d80de272b75c3de07699fc118e90e3e044be09e7554d5a5a461510f521f508deada6e38522b249da27ffc7982a1111d1b9f1e2508e9bb85c4f052bc41436da37e0b87b80bf7272c1392c86f70d30b198c04389e43b86504b9c8d437c92cec1c3e22f7868393a4c8781b989a7637be17ba623f1004ee0ee65c0771be275184e087b9fcadf73d87f89cd204997eb00d0e5945ac8aab8abd285f1d9f9e74d65499adabd430b583e2e330a71305ba01a905eb7507b901141c5c749b8d739dda4eb6bd7f9d8cb9a7b53963ac93929fd7891217e4591aa190269aba112fdb3fa2dbc02903ca8c51c3f76d2d9d96ecd742478e1b290777398bde563169cd7ff9d298fa781fc26d0280a352535367d2c87d2cf02957568d5cddf480c0f616d9e7039c126860be95c70890df02ff83ec3e12e34ed7856dcec7c0894e679b30291f871692506b033ffadc93628ae688702dc6340bf3ff578dd7368cf79b4a795b1d0f38aca7bcc32e566a28aa4be23a5cd4a784d99765432663271315a38221e4765d26b8d3604ba20fb5e1fafc1320d634764ce879497e5d53817be58aadcf5ae228fd33f6080d38bebc378cb3080920547f872d1c44bc57641b622b92cab1e75485b3eda1cea6cc7f1b3f2a0bf009b12b3438b6b5674375645a1f8b35bca674836f8094263a60bd2a5395529e6bdeb29ef7288326170a4c02e5f2ad5f20b408292a8a67de6786236609b0867bbdc231c321920ca47ec712ed7f364104377866ed0d2488806cd0a0fa470eabec681b7c6fe2da4a838b50bfadbc52dca80fcae34b5864b2f31bc8537599f75870a62218f9df09384297633b5f1a2293151af2eacd3092428bd12783039b1494603a0c91442c4e3cf8885b38822c0fcd0c9cf18d7b25346eb4069d965288c4b5959ffba485877a4257f286548bcb3ba5eb4ed0621aa11acbf301018a547aad8f78531d402dee4189382fa750f124c1f1558840d24d419cc55013cb40ea08e4db462a65281e129c6e4fe0deaabb8e029c317caf3003b015bf70b1143bb3ec52bc5d39552525917edad9d2c40b48e87bf56f3d095389f390d62efa48bfcfe4c9235472256e09d32f75dce52188378266242209315f0c12d74f8b410b80b9a2b99aee98c9173e771f3c6cda87723121e1c8bc1b445b1e4ba3044d4d17a182a52a807a3ffca22693e680dbfb9202de53f029c13d251beb92da8257040565bb026c76e67dedba68f920bc99e15f8360f81cd58b7714f495e03fb79db61d2241120c12cc9089309f5f730cf422d56557dcd72b50c6c91b2c9b1acaae5b3180301f2dc68c74befd294fad0dca4b8fd9c0e17248daf1ae3b4f669ae946fb5dfeba19cf0dd490e41479d21b342b943a2f67fe1e875d680fdb8545ca70cf9b82ee609c89feb05253e4a74f988f08ef0e67bd2fd2dd692d94374d22c574e2e60b83c780742efd785e5ed31121ac1beb52acdb320f5bee05597af3bdc0d04383b1a1a477ad71152bbb5c9444c88cb6cfb76fdbd92dee56940c4d86be0b4677cc98b1c5c77380339bcee25247cec91b579a1a87755289a12e4725ccb1fac4e8621ef80c8eda6ce7836fe93d7d9e7e011f17f2e5f24371ae5ee4dbc88d82a1296a825aca6ea3083da7f483d6702ac242ed75cbde94efb4229774d58804116727bc754aff4f3448d173dec2fb36d45d621196909a53b243e17e5e8c2ebc9139def1ce9274d576d383e782f3679ea39271a134df2acae7dbaac51d6039ae40d03ac82b8db72bb3b427590d94630088226255f00eb99c41754d80b46d86c11b8b900a7962e26abe4a30876dc2268facfea38936fda88971cab63d4aaba070d672c0e62b3cb4bf0d5686542d788d902b10b0222e6d2fa713deedc55bbe0caa04393dcb0b6a5c2e958b28abba32df0498e5183cd8e09a40bce3be3def58d6e21dfcc463176aff5099a6fbc79d51f9fb27d7a90aeb567b72b3fc7518e37bfb14cd2ac00ca0d0949e8c310977762252e8c9ee7bb0dcb37bac375f24810213ce797478105a8ff870081469f31e399a686f84ed63babe549eef79f586f78fca54d5b92c616776519307c999c0ce39c7864e792b1a3d752e8a90aa014a97db17d3a65540488fc376f236dcb36c33f6bdbfadba35f20f2e83698f57047af074392f7dcb377d94d6202ee662cee90c7edebd33cee5d61fe3394454b3983cdfc2bd28c078f2fa0087f1177797455a9b52c47dbba40206fb15933ad3476abf952fb3be5800fbac33108e09b9a5c33041a9030ea4390c284c32c89a2f0bffb8bde30855a4797bcb24bfa0600e6fba5c1c9cc269f78f38e7160ff29c0fac87ac5541910fb9cc6b5b5bab8fcd28e3c927307577c0c4a183fa777c7baac28de3c615c5fde15e2e40bb1462a27bef2c6bfbf364545a9d4290cfab75166ec392b5983b44064c63336d4f81b3cbe3785c6079f5e1cc47f354ba4b785a5b44d67877f7a5aa015408f0a2959d973f9d2d98e8a93f1ab188fe69982dbe5aa20ae1ebfe4be0097fc1d115e2f1685a2dd29ed7287759b2706f04da2e4813257174e129434c4898ac9b4e6cacd7a4b2570fba27367fbed22a5ccb53e9942ee0b2bcfe53410b78fb8c73be8bdfcb3289cdbfee876ec3cd2993b3467a62519c41c92a4b2ef344e5af30c4292fc917a2af1533587a3c86267f0a9701a21c0402216729d2d926f7a7c83c334069501f1352c4b2aa6532dbd9cdce213bca7c8d89c8db37e007d18f83ef8121c4fddf4f05e2d9a9404db68e8148a5027943477c94f4fce237d2eaa8ea4b3b37789a06f4e7157467076a8d7c358d3d02733bdd773ad82f3d9775d1795c71dce0141d14c7ec49effad10881ef6dc8fce91df76c53725013ecd48dbc6aab52e92bfc767af3bdb7cbab1e4ade1d857b71ee46be789db0bcf81d4b945d200623074628313c95bf65b8783e7aea12850f1ffb147a87ea4dd33ce8b9bc72cd5bd6a6d1b10c9c7858a5d2e898b1bf740235bb3a2ef37eeef9b5f25d16f2015f380659117e7df8f727bd70b08d1918ffc2c46c63930f06e9fadcf36ae6f1b61b49e4a8cb0ff49d1d8cf438dfc01733c14a6b46f7d842704c35a68d97f91525c70b8d8b27223677b09d17d294dda438123887fd265bd1262b82ce7c08b43f"})

187.563107ms ago: executing program 3 (id=25):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x6) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0)
ioctl$BLKFRAGET(r1, 0x1265, 0x0) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x0, 0x2}, 0x0, [0x3, 0x3, 0x3ff, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x10000000, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0xfffffffe, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x8, 0x0, 0x3, 0x0, 0x6, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0xffffffff, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa0000000, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x2, 0x0, 0x2000079, 0x0, 0x0, 0x0, 0x10000, 0x40000, 0x8, 0xc0000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0xffffffff, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x44, 0x4000400, 0x0, 0x0, 0xfffffffd], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x3, 0x0, 0x0, 0x0, 0x100000]}, 0x45c) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000000000000"]) (async)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r6) (async)
syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async)
r7 = ioctl$TUNGETDEVNETNS(r6, 0xff05, 0x0) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'geneve1\x00', 0x2}) (async)
ioctl$TUNSETOFFLOAD(r8, 0x400454c9, 0x3) (async)
ioctl$TUNSETNOCSUM(r8, 0x400454c8, 0x0) (async)
ioctl$NS_GET_USERNS(r7, 0xb701, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@weak_handle={0x77682a85, 0x1001, 0x3}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"})

187.201727ms ago: executing program 3 (id=26):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000440)={0x1, 0x0, 0x20, 0x1b, 0xaa, &(0x7f0000000040)})
r1 = syz_clone(0x8c100, &(0x7f0000000640)="2e389995cc801e0083a4ac8f6485c33425a99d7aa03a751b0bee72c0ca170d3eca18ac9634ff26b4d96b66987a1993b1eff1ab31f22e51f7c88dc4e0804345aac0546e3bffeac91313e7d3fda0fc47a77af2734aa1959d6490d70694661e1083d6460002d4bd8be19eb393e2120850f6af913b46eea7faba9e6c683d", 0x7c, &(0x7f00000006c0), &(0x7f0000000700), &(0x7f0000000740)="3a50040afa5e9999ce9dbb56f0604a85e6746e7312845d7794da1606fddc093ef3a2e36eda17b8ebb606463b01de56fa976a4e694e625ab5b0347abe45999cedfe5a0b1f026e62b9c3f11c98a23fe4f8194fd1347ba2ea8a75f3124a7307b8d35bda1828a50a5b")
r2 = getpid()
r3 = getpid()
r4 = getpid()
syz_clone3(&(0x7f0000000a40)={0x4033000, &(0x7f00000007c0)=<r5=>0xffffffffffffffff, &(0x7f0000000800), &(0x7f0000000840)=<r6=>0x0, {0x3}, &(0x7f0000000880)=""/89, 0x59, &(0x7f0000000900)=""/207, &(0x7f0000000a00)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0], 0x5}, 0x58)
r7 = syz_clone(0x20002880, &(0x7f0000000ac0)="b7df1e49de019a6315fab5e05f9fd64281389f8925444c3e50b95fed5f9adc58caf46cbce90d0d339b8aacc42ae78fee64ea8dceffd9e2278e66ea3c8d4882c797c9864eb07df79bdba6a9d09056b69623abcbce35476d72d8059bb6b840e15b6c50f0e244c9", 0x66, &(0x7f0000000b40), &(0x7f0000000b80), &(0x7f0000000bc0)="aff8296bb83db0f8bdda008cd384e59b3eb00232acdf5e9d09f34d793579ce702f2a388083312c4a2116bcc573e886256c5188228097e7fdadfd90aa12932e0fd8fee4fa1901b5da4f021cbf8221fa45e4e48d56b0f5aba3be83f9328bcaccba5e30b272794af4611c084b45d69752326f9bd32f4f4ae2b8556fcb")
r8 = syz_clone3(&(0x7f0000000f40)={0x10c0000, &(0x7f0000000c40), &(0x7f0000000c80)=<r9=>0x0, &(0x7f0000000cc0)=<r10=>0x0, {0x1b}, &(0x7f0000000d00)=""/253, 0xfd, &(0x7f0000000e00)=""/246, &(0x7f0000000f00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0xa}, 0x58)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000fc0)=<r11=>0x0)
r12 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001040)='./cgroup/syz0\x00', 0x200002, 0x0)
r13 = syz_clone3(&(0x7f0000001080)={0x2020000, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x2e}, &(0x7f0000000540)=""/114, 0x72, &(0x7f00000005c0)=""/88, &(0x7f0000001000)=[r1, 0xffffffffffffffff, r2, r3, r4, r6, r7, r8, r11], 0x9, {r12}}, 0x58)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000001100))
write$FUSE_LK(r5, &(0x7f0000001140)={0x28, 0x0, 0x0, {{0x80000001, 0x8000000000000000, 0x0, r3}}}, 0x28)
close(r12)
r14 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001180), 0x0, 0x0)
read$FUSE(r14, &(0x7f00000011c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r15=>0x0}, 0x2020)
close(r14)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003200), 0x50800, 0x0)
r16 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000003240), 0x0, 0x0)
ioctl$KVM_CAP_SYNC_REGS(r16, 0x4068aea3, &(0x7f0000003280))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000003300)=0xa)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r16, 0x80089419, &(0x7f0000003340))
ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000003500)=<r17=>0x0)
r18 = syz_clone3(&(0x7f0000003580)={0x10820900, &(0x7f0000003380), &(0x7f00000033c0), &(0x7f0000003400)=<r19=>0x0, {0x37}, &(0x7f0000003440)=""/46, 0x2e, &(0x7f0000003480)=""/76, &(0x7f0000003540)=[r11, r2, r13, r11, 0x0, r15, r17], 0x7, {r16}}, 0x58)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000003600), 0x38300, 0x0)
write$cgroup_pid(r14, &(0x7f0000003640)=r6, 0x12)
read(r16, &(0x7f0000003680)=""/141, 0x8d)
syz_clone3(&(0x7f0000003a00)={0x61000000, &(0x7f0000003740), &(0x7f0000003780), &(0x7f00000037c0), {0xa}, &(0x7f0000003800)=""/249, 0xf9, &(0x7f0000003900)=""/167, &(0x7f00000039c0)=[r9, r6, r4, r1, r18, r19], 0x6, {r16}}, 0x58)
syz_clone3(&(0x7f0000003c40)={0x208102080, &(0x7f0000003a80), &(0x7f0000003ac0), &(0x7f0000003b00), {0x14}, &(0x7f0000003b40)=""/44, 0x2c, &(0x7f0000003b80)=""/111, &(0x7f0000003c00)=[r10, r10, 0xffffffffffffffff, r13], 0x4, {r12}}, 0x58)

156.290537ms ago: executing program 0 (id=27):
r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000004900)=0xfffff4cc)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000340)={0x73622a85, 0xb, 0x20000})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000200)=[@acquire, @enter_looper], 0x53, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x9250)
mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r1, 0x0)

124.577088ms ago: executing program 0 (id=28):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r2, 0x4188aec6, &(0x7f0000000040)={0x5b, 0xe, 0x0, 0x20000000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
prctl$PR_SET_PDEATHSIG(0x1, 0x41)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_SET_CLOCK(r2, 0x4188aec6, &(0x7f0000000040)={0x5b, 0xe, 0x0, 0x20000000000003}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
prctl$PR_SET_PDEATHSIG(0x1, 0x41) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) (async)

19.77092ms ago: executing program 3 (id=29):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read(r0, &(0x7f00000003c0)=""/18, 0x12) (async)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0xfffffffffffff18e)
mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r1, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x400)

0s ago: executing program 2 (id=30):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
openat(r1, &(0x7f0000000080)='./file0\x00', 0x480, 0x111)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.10.24' (ED25519) to the list of known hosts.
[   20.469305][  T268] cgroup: Unknown subsys name 'net'
[   20.469481][   T36] audit: type=1400 audit(1750395994.000:64): avc:  denied  { mounton } for  pid=268 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   20.473609][   T36] audit: type=1400 audit(1750395994.000:65): avc:  denied  { mount } for  pid=268 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.473808][  T268] cgroup: Unknown subsys name 'devices'
[   20.476781][   T36] audit: type=1400 audit(1750395994.010:66): avc:  denied  { unmount } for  pid=268 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.682868][  T268] cgroup: Unknown subsys name 'hugetlb'
[   20.688527][  T268] cgroup: Unknown subsys name 'rlimit'
[   20.863950][   T36] audit: type=1400 audit(1750395994.400:67): avc:  denied  { setattr } for  pid=268 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.887303][   T36] audit: type=1400 audit(1750395994.400:68): avc:  denied  { mounton } for  pid=268 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.898174][  T284] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   20.912287][   T36] audit: type=1400 audit(1750395994.400:69): avc:  denied  { mount } for  pid=268 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   20.943819][   T36] audit: type=1400 audit(1750395994.460:70): avc:  denied  { relabelto } for  pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.969673][   T36] audit: type=1400 audit(1750395994.460:71): avc:  denied  { write } for  pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.999931][   T36] audit: type=1400 audit(1750395994.540:72): avc:  denied  { read } for  pid=268 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.025573][   T36] audit: type=1400 audit(1750395994.540:73): avc:  denied  { open } for  pid=268 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.025747][  T268] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.804987][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.812256][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.819368][  T289] bridge_slave_0: entered allmulticast mode
[   21.825776][  T289] bridge_slave_0: entered promiscuous mode
[   21.832276][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.839580][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.846726][  T289] bridge_slave_1: entered allmulticast mode
[   21.853095][  T289] bridge_slave_1: entered promiscuous mode
[   21.957635][  T295] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.964771][  T295] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.971913][  T295] bridge_slave_0: entered allmulticast mode
[   21.978188][  T295] bridge_slave_0: entered promiscuous mode
[   21.984678][  T295] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.991742][  T295] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.998829][  T295] bridge_slave_1: entered allmulticast mode
[   22.005226][  T295] bridge_slave_1: entered promiscuous mode
[   22.055632][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.063025][  T293] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.070087][  T293] bridge_slave_0: entered allmulticast mode
[   22.076539][  T293] bridge_slave_0: entered promiscuous mode
[   22.087562][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.094650][  T293] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.101827][  T293] bridge_slave_1: entered allmulticast mode
[   22.108086][  T293] bridge_slave_1: entered promiscuous mode
[   22.168308][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.175470][  T294] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.182575][  T294] bridge_slave_0: entered allmulticast mode
[   22.188837][  T294] bridge_slave_0: entered promiscuous mode
[   22.203296][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.210393][  T294] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.217553][  T294] bridge_slave_1: entered allmulticast mode
[   22.223961][  T294] bridge_slave_1: entered promiscuous mode
[   22.266815][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.273900][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.281232][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.288273][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.332241][  T295] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.339315][  T295] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.346625][  T295] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.353666][  T295] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.388569][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.395682][  T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.403013][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.410052][  T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.426421][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.433790][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.441281][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.448428][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.456550][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.464237][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.481263][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.488319][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.495952][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.502993][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.548273][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.555362][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.568979][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.576054][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.597557][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.604647][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.612321][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.619383][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.633246][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.640333][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.654721][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.661826][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.699433][  T295] veth0_vlan: entered promiscuous mode
[   22.706711][  T289] veth0_vlan: entered promiscuous mode
[   22.728250][  T294] veth0_vlan: entered promiscuous mode
[   22.746015][  T295] veth1_macvtap: entered promiscuous mode
[   22.753210][  T293] veth0_vlan: entered promiscuous mode
[   22.764693][  T289] veth1_macvtap: entered promiscuous mode
[   22.778875][  T294] veth1_macvtap: entered promiscuous mode
[   22.806389][  T293] veth1_macvtap: entered promiscuous mode
[   22.816025][  T295] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   22.865561][  T308] random: crng reseeded on system resumption
[   22.908880][  T316] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:2
[   22.932010][  T318] rust_binder: Write failure EINVAL in pid:2
[   22.941809][  T313] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   23.010027][  T331] rust_binder: Error while translating object.
[   23.010098][  T331] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   23.016897][  T331] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:5
[   23.022849][  T328] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[   23.049565][  T328] rust_binder: Error while translating object.
[   23.060708][  T328] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   23.066943][  T328] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:4
[   23.093908][  T336] rust_binder: Failed copying remainder into alloc: EFAULT
[   23.097109][  T337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:12
[   23.103540][  T336] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[   23.128368][  T336] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   23.138002][  T336] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:12
[   23.204570][  T342] rust_binder: Error while translating object.
[   23.214545][  T342] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   23.220990][  T342] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15
[   23.327057][  T349] rust_binder: Write failure EINVAL in pid:9
[   23.349817][  T351] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active
[   23.365443][  T351] rust_binder: Write failure EINVAL in pid:9
[   23.365846][  T351] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   23.372463][  T351] rust_binder: Failed to allocate buffer. len:160, is_oneway:false
[   23.446847][  T363] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:14
[   23.472572][  T361] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:11
[   23.490165][  T365] rust_binder: Error while translating object.
[   23.500491][  T365] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[   23.506731][  T365] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:16
[   23.530963][  T370] =======================================================
[   23.530963][  T370] WARNING: The mand mount option has been deprecated and
[   23.530963][  T370]          and is ignored by this kernel. Remove the mand
[   23.530963][  T370]          option from the mount to silence this warning.
[   23.530963][  T370] =======================================================
[   23.535980][  T371] rust_binder: Write failure EINVAL in pid:11
[   23.824636][  T394] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   23.830945][  T394] rust_binder: Read failure Err(EFAULT) in pid:29
[   23.861899][  T396] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   23.873655][  T396] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:31
[   23.887336][  T397] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   23.937071][  T401] rust_kernel: panicked at /syzkaller/managers/ci2-android-6-12-rust/kernel/rust/kernel/page_size_compat.rs:60:5:
[   23.937071][  T401] attempt to add with overflow
[   23.963363][  T401] ------------[ cut here ]------------
[   23.968887][  T401] kernel BUG at rust/helpers/bug.c:7!
[   23.976123][  T401] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[   23.983149][  T401] CPU: 0 UID: 0 PID: 401 Comm: syz.3.29 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d
[   23.996374][  T401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   24.006455][  T401] RIP: 0010:rust_helper_BUG+0x8/0x10
[   24.011790][  T401] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 ea 14 b2 13 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 a0 d0 fb 9f 90 90 90 90 90 90 90 90 90
[   24.031404][  T401] RSP: 0018:ffffc9000c3373f0 EFLAGS: 00010246
[   24.037489][  T401] RAX: 000000000000008c RBX: 1ffff92001866e80 RCX: 0367d36598cbc100
[   24.045554][  T401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   24.053557][  T401] RBP: ffffc9000c3373f0 R08: ffffc9000c3370e7 R09: 1ffff92001866e1c
[   24.061532][  T401] R10: dffffc0000000000 R11: fffff52001866e1d R12: 0000000000000000
[   24.069509][  T401] R13: dffffc0000000000 R14: ffffc9000c337420 R15: ffffc9000c337450
[   24.077517][  T401] FS:  00007f09202596c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   24.086449][  T401] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.093032][  T401] CR2: 00007f0920238d58 CR3: 0000000113860000 CR4: 00000000003526b0
[   24.101005][  T401] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.108977][  T401] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.116952][  T401] Call Trace:
[   24.120262][  T401]  <TASK>
[   24.123202][  T401]  _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160
[   24.130698][  T401]  ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10
[   24.138701][  T401]  ? kernel_text_address+0xa9/0xe0
[   24.143828][  T401]  ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10
[   24.157409][  T401]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[   24.163577][  T401]  ? arch_stack_walk+0x10b/0x170
[   24.168550][  T401]  _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90
[   24.175770][  T401]  ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10
[   24.183677][  T401]  _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0xb2/0xc0
[   24.193572][  T401]  ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0x10/0x10
[   24.204163][  T401]  _RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0xe44/0xfb0
[   24.216412][  T401]  ? mas_wr_store_type+0x8eb/0x1ad0
[   24.221623][  T401]  ? __cfi__RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0x10/0x10
[   24.234415][  T401]  ? mas_preallocate+0x56e/0xc60
[   24.239358][  T401]  ? __cfi_mas_preallocate+0x10/0x10
[   24.244642][  T401]  ? kasan_save_alloc_info+0x40/0x50
[   24.249929][  T401]  ? __asan_memset+0x39/0x50
[   24.254520][  T401]  mmap_region+0x1371/0x1bd0
[   24.259116][  T401]  ? __cfi_mmap_region+0x10/0x10
[   24.264055][  T401]  ? __futex_queue+0x19a/0x340
[   24.268836][  T401]  ? __kasan_check_read+0x15/0x20
[   24.273889][  T401]  ? arch_get_unmapped_area_topdown+0x232/0x8d0
[   24.280139][  T401]  ? file_mmap_ok+0x147/0x1a0
[   24.284906][  T401]  do_mmap+0xb6d/0x13c0
[   24.289064][  T401]  ? __cfi_do_mmap+0x10/0x10
[   24.293654][  T401]  ? down_write_killable+0xe9/0x2d0
[   24.298861][  T401]  ? __cfi_down_write_killable+0x10/0x10
[   24.304497][  T401]  vm_mmap_pgoff+0x38f/0x4e0
[   24.309093][  T401]  ? __cfi_vm_mmap_pgoff+0x10/0x10
[   24.314241][  T401]  ? __fget_files+0x2c5/0x340
[   24.318924][  T401]  ksys_mmap_pgoff+0x166/0x1e0
[   24.323691][  T401]  __x64_sys_mmap+0x121/0x140
[   24.328370][  T401]  x64_sys_call+0x13bf/0x2ee0
[   24.333054][  T401]  do_syscall_64+0x58/0xf0
[   24.337560][  T401]  ? clear_bhb_loop+0x35/0x90
[   24.342247][  T401]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   24.348150][  T401] RIP: 0033:0x7f091f38e929
[   24.352569][  T401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   24.372178][  T401] RSP: 002b:00007f0920259038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   24.380604][  T401] RAX: ffffffffffffffda RBX: 00007f091f5b5fa0 RCX: 00007f091f38e929
[   24.388587][  T401] RDX: 0000000000000000 RSI: 000000000000f000 RDI: 0000200000fee000
[   24.396564][  T401] RBP: 00007f091f410b39 R08: 0000000000000004 R09: 0000000000000000
[   24.404535][  T401] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   24.412506][  T401] R13: 0000000000000000 R14: 00007f091f5b5fa0 R15: 00007ffea4bba4d8
[   24.420490][  T401]  </TASK>
[   24.423511][  T401] Modules linked in:
[   24.427717][  T401] ---[ end trace 0000000000000000 ]---
[   24.434769][  T401] RIP: 0010:rust_helper_BUG+0x8/0x10
[   24.440596][  T401] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 ea 14 b2 13 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 a0 d0 fb 9f 90 90 90 90 90 90 90 90 90
[   24.464911][  T401] RSP: 0018:ffffc9000c3373f0 EFLAGS: 00010246
[   24.471249][  T401] RAX: 000000000000008c RBX: 1ffff92001866e80 RCX: 0367d36598cbc100
[   24.479251][  T401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   24.487673][  T401] RBP: ffffc9000c3373f0 R08: ffffc9000c3370e7 R09: 1ffff92001866e1c
[   24.496946][  T401] R10: dffffc0000000000 R11: fffff52001866e1d R12: 0000000000000000
[   24.505117][  T401] R13: dffffc0000000000 R14: ffffc9000c337420 R15: ffffc9000c337450
[   24.513140][  T401] FS:  00007f09202596c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   24.530098][  T401] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.536926][  T401] CR2: 000055557a45a4a8 CR3: 0000000113860000 CR4: 00000000003526b0
[   24.545008][  T401] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.553174][  T401] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.561289][  T401] Kernel panic - not syncing: Fatal exception
[   24.567677][  T401] Kernel Offset: disabled
[   24.572001][  T401] Rebooting in 86400 seconds..