Extracting prog: 2m30.530675019s
Minimizing prog: 28m51.002420659s
Simplifying prog options: 2m52.157235938s
Extracting C: 1m58.036809485s
Simplifying C: 0s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$KVM_RUN-socket-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic-recvmmsg
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r6)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r7], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)
recvmmsg(r6, &(0x7f0000001e80)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)=""/80, 0x50}, {&(0x7f0000000180)=""/24, 0x18}, {&(0x7f0000000680)=""/67, 0x43}, {&(0x7f0000001f40)=""/4096, 0x1000}, {&(0x7f0000000300)=""/51, 0x33}, {&(0x7f0000002f40)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/176, 0xb0}, {&(0x7f0000000480)=""/107, 0x6b}], 0x8}, 0x65}], 0x1, 0x12040, 0x0)

program crashed: BUG: stack guard page was hit in corrupted
program crashed: BUG: stack guard page was hit in corrupted
single: successfully extracted reproducer
found reproducer with 17 syscalls
minimizing guilty program
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$KVM_RUN-socket-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r6)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r7], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$KVM_RUN-socket-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r6)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$KVM_RUN-socket-ioctl$sock_SIOCETHTOOL-socket$nl_generic-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$KVM_RUN-socket-ioctl$sock_SIOCETHTOOL-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$KVM_RUN-socket-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socket(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r5)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$KVM_RUN-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r5)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in rust_binder_main::rust_binder_ioctl
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r5)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r4)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r4)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r5)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-openat$binderfs-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r5)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r4)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000100)="3ef30fc730f30f38f61bb800018ee0eece66b85d99fe940f23c00f21f86635020008000f23f8260f019b00000f18f5117c2fba200066ed", 0x37}], 0x1, 0x11, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r5)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r4)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in rust_binder_main::rust_binder_ioctl
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r3)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r4], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000002c0)={0x30, 0x30, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, 0x0}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f0000000300)})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', &(0x7f0000000000)=@ethtool_cmd={0x2a, 0x7ffffffe, 0x1000, 0x4a78, 0x4, 0x0, 0xf, 0x4, 0x0, 0x6, 0x3, 0x0, 0x5, 0x0, 0x10, 0xf996, [0x2, 0x400]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, 0x0, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in rust_binder_main::rust_binder_ioctl
extracting C reproducer
testing compiled C program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
testing compiled C program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
program did not crash
simplifying guilty program options
testing program (duration=45.267278325s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in rust_binder_main::rust_binder_ioctl
validation run: crashed=true
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
validation run: crashed=false
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
validation run: crashed=true
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
validation run: crashed=false
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in corrupted
validation run: crashed=true
reproducing took 41m1.178523123s
repro crashed as (corrupted=true):
BUG: TASK stack guard page was hit at ffffc9000343ff98 (stack is ffffc90003440000..ffffc90003448000)
Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 1342 Comm: syz.4.335 Not tainted syzkaller #0 93fdfe3663caa6d824c2578ca6c3b1aacfeda3e9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:cgroup_rstat_updated+0x3d/0x810 kernel/cgroup/rstat.c:86
Code: e4 e0 48 81 ec a0 00 00 00 41 89 f6 49 89 fd 65 48 8b 04 25 28 00 00 00 48 89 84 24 80 00 00 00 48 bb 00 00 00 00 00 fc ff df <48> c7 44 24 40 b3 8a b5 41 48 c7 44 24 48 c6 a8 1a 87 48 c7 44 24
RSP: 0018:ffffc9000343ffa0 EFLAGS: 00010086
RAX: b28e6cf0c12e0800 RBX: dffffc0000000000 RCX: ffff8881188e5f00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888129f78000
RBP: ffffc90003440068 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000688042 R12: dffffc0000000000
R13: ffff888129f78000 R14: 0000000000000001 R15: ffffe8ffffd2ec90
FS:  00007f8b6b7e06c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000343ff98 CR3: 00000001141e4000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:cgroup_rstat_updated+0x3d/0x810 kernel/cgroup/rstat.c:86
Code: e4 e0 48 81 ec a0 00 00 00 41 89 f6 49 89 fd 65 48 8b 04 25 28 00 00 00 48 89 84 24 80 00 00 00 48 bb 00 00 00 00 00 fc ff df <48> c7 44 24 40 b3 8a b5 41 48 c7 44 24 48 c6 a8 1a 87 48 c7 44 24
RSP: 0018:ffffc9000343ffa0 EFLAGS: 00010086
RAX: b28e6cf0c12e0800 RBX: dffffc0000000000 RCX: ffff8881188e5f00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888129f78000
RBP: ffffc90003440068 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000688042 R12: dffffc0000000000
R13: ffff888129f78000 R14: 0000000000000001 R15: ffffe8ffffd2ec90
FS:  00007f8b6b7e06c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000343ff98 CR3: 00000001141e4000 CR4: 00000000003526b0
----------------
Code disassembly (best guess):
   0:	e4 e0                	in     $0xe0,%al
   2:	48 81 ec a0 00 00 00 	sub    $0xa0,%rsp
   9:	41 89 f6             	mov    %esi,%r14d
   c:	49 89 fd             	mov    %rdi,%r13
   f:	65 48 8b 04 25 28 00 	mov    %gs:0x28,%rax
  16:	00 00
  18:	48 89 84 24 80 00 00 	mov    %rax,0x80(%rsp)
  1f:	00
  20:	48 bb 00 00 00 00 00 	movabs $0xdffffc0000000000,%rbx
  27:	fc ff df
* 2a:	48 c7 44 24 40 b3 8a 	movq   $0x41b58ab3,0x40(%rsp) <-- trapping instruction
  31:	b5 41
  33:	48 c7 44 24 48 c6 a8 	movq   $0xffffffff871aa8c6,0x48(%rsp)
  3a:	1a 87
  3c:	48                   	rex.W
  3d:	c7                   	.byte 0xc7
  3e:	44                   	rex.R
  3f:	24                   	.byte 0x24

report is corrupted, running repro again
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program did not crash
report is corrupted, running repro again
testing program (duration=45.267278325s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VCPU-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$sock_SIOCETHTOOL-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$nl_generic
detailed listing:
executing program 0:
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4046040}, 0x400c0)

program crashed: BUG: stack guard page was hit in rust_binder_main::rust_binder_ioctl
final repro crashed as (corrupted=false):
BUG: TASK stack guard page was hit at ffffc9000200fff8 (stack is ffffc90002010000..ffffc90002018000)
Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 787 Comm: syz.4.141 Not tainted syzkaller #0 93fdfe3663caa6d824c2578ca6c3b1aacfeda3e9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:cpuacct_charge+0x10/0x190 kernel/sched/cpuacct.c:335
Code: 70 a6 ff 5d c3 cc cc cc cc cc b8 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 41 54 <53> 48 83 ec 10 48 89 75 c8 49 89 ff 48 bb 00 00 00 00 00 fc ff df
RSP: 0018:ffffc90002010000 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000007ec0 RCX: dffffc0000000000
RDX: 0000000000000001 RSI: 0000000000007ec0 RDI: ffff88811fa25f00
RBP: ffffc90002010020 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000402044 R12: ffff88811fa25f00
R13: ffff88811f260b58 R14: ffff88811fa25fc0 R15: ffff88811f260a00
FS:  00007fa829efa6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000200fff8 CR3: 0000000121162000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 cgroup_account_cputime include/linux/cgroup.h:720 [inline]
 update_se+0x213/0x410 kernel/sched/fair.c:1241
 update_curr+0xf8/0x9e0 kernel/sched/fair.c:1286
 put_prev_entity+0x41/0x160 kernel/sched/fair.c:5707
 pick_next_task_fair+0x5f8/0x770 kernel/sched/fair.c:9091
 __pick_next_task kernel/sched/core.c:6676 [inline]
 pick_next_task kernel/sched/core.c:7196 [inline]
 __schedule+0x667/0x1ea0 kernel/sched/core.c:7790
 preempt_schedule_irq+0xab/0x110 kernel/sched/core.c:8190
 raw_irqentry_exit_cond_resched+0x32/0x40 kernel/entry/common.c:311
 irqentry_exit+0x4a/0x60 kernel/entry/common.c:354
 sysvec_apic_timer_interrupt+0x50/0x90 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
RIP: 0010:update_stack_state+0x36f/0x4b0 arch/x86/kernel/unwind_frame.c:244
Code: 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 f7 e8 11 b7 9a 00 48 8b 45 d0 49 89 06 48 8b 45 98 42 80 3c 20 00 <4c> 8b 75 c8 4c 8b 6d c0 74 08 4c 89 f7 e8 ef b6 9a 00 49 c7 06 00
RSP: 0018:ffffc900020105c0 EFLAGS: 00000246
RAX: 1ffff920004020fc RBX: ffffc90002010788 RCX: ffffc90002010801
RDX: ffffc90002010810 RSI: 1ffff920004020f2 RDI: ffffc900020107e0
RBP: ffffc90002010680 R08: ffffc90002010701 R09: 0000000000000000
R10: ffffc90002010788 R11: fffff520004020fd R12: dffffc0000000000
R13: 0000000000000000 R14: ffffc900020107c0 R15: 1ffff920004020f9
 unwind_next_frame+0x3c1/0x750 arch/x86/kernel/unwind_frame.c:315
 __unwind_start+0x34c/0x410 arch/x86/kernel/unwind_frame.c:417
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0xf2/0x170 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:49 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:70
 kasan_save_free_info+0x4a/0x60 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:249 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:266
 kasan_slab_free include/linux/kasan.h:234 [inline]
 slab_free_hook mm/slub.c:2445 [inline]
 slab_free mm/slub.c:4714 [inline]
 kfree+0x158/0x440 mm/slub.c:4871
 krealloc_noprof+0xfa/0x130 mm/slab_common.c:-1
 <kernel::alloc::allocator::ReallocFunc>::call rust/kernel/alloc/allocator.rs:102 [inline]
 <kernel::alloc::allocator::Kmalloc as kernel::alloc::Allocator>::realloc rust/kernel/alloc/allocator.rs:141 [inline]
 <kernel::alloc::allocator::Kmalloc as kernel::alloc::Allocator>::free+0xc6/0x200 rust/kernel/alloc.rs:214
 <kernel::alloc::kbox::Box<kernel::sync::arc::ArcInner<rust_binder_main::process::NodeRefInfo>, kernel::alloc::allocator::Kmalloc> as core::ops::drop::Drop>::drop rust/kernel/alloc/kbox.rs:492 [inline]
 core::ptr::drop_in_place::<kernel::alloc::kbox::Box<kernel::sync::arc::ArcInner<rust_binder_main::process::NodeRefInfo>, kernel::alloc::allocator::Kmalloc>> usr/local/rustup/toolchains/1.91.1-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:804 [inline]
 core::mem::drop::<kernel::alloc::kbox::Box<kernel::sync::arc::ArcInner<rust_binder_main::process::NodeRefInfo>, kernel::alloc::allocator::Kmalloc>> usr/local/rustup/toolchains/1.91.1-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/mem/mod.rs:961 [inline]
 <kernel::sync::arc::Arc<rust_binder_main::process::NodeRefInfo> as core::ops::drop::Drop>::drop+0x1a9/0x2b0 rust/kernel/sync/arc.rs:404
 core::ptr::drop_in_place::<kernel::sync::arc::Arc<rust_binder_main::process::NodeRefInfo>> usr/local/rustup/toolchains/1.91.1-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:804 [inline]
 core::ptr::drop_in_place::<kernel::list::arc::ListArc<rust_binder_main::process::NodeRefInfo, 15493408726748792400>> usr/local/rustup/toolchains/1.91.1-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:804 [inline]
 core::ptr::drop_in_place::<core::option::Option<kernel::list::arc::ListArc<rust_binder_main::process::NodeRefInfo, 15493408726748792400>>> usr/local/rustup/toolchains/1.91.1-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:804 [inline]
 <rust_binder_main::process::Process>::update_ref+0x1247/0x21a0 drivers/android/binder/process.rs:970
 <rust_binder_main::allocation::AllocationView>::cleanup_object drivers/android/binder/allocation.rs:445 [inline]
 <rust_binder_main::allocation::Allocation as core::ops::drop::Drop>::drop+0x153b/0x5360 drivers/android/binder/allocation.rs:258
 core::ptr::drop_in_place::<rust_binder_main::allocation::Allocation>+0x26/0x1a0 usr/local/rustup/toolchains/1.91.1-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:804
 <rust_binder_main::thread::Thread>::copy_transaction_data+0x6c90/0x8370 drivers/android/binder/thread.rs:1232
 <rust_binder_main::transaction::Transaction>::new+0x390/0x2070 drivers/android/binder/transaction.rs:81
 <rust_binder_main::thread::Thread>::transaction_inner drivers/android/binder/thread.rs:1352 [inline]
 <<rust_binder_main::thread::Thread>::transaction_inner as core::ops::function::FnOnce<(&kernel::sync::arc::Arc<rust_binder_main::thread::Thread>, &rust_binder_main::defs::BinderTransactionDataSg)>>::call_once usr/local/rustup/toolchains/1.91.1-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs:250 [inline]
 <rust_binder_main::thread::Thread>::transaction::<<rust_binder_main::thread::Thread>::transaction_inner>+0x896/0x1090 drivers/android/binder/thread.rs:1327
 <rust_binder_main::thread::Thread>::write+0x1560/0xa0f0 drivers/android/binder/thread.rs:1466
 <rust_binder_main::thread::Thread>::write_read drivers/android/binder/thread.rs:1614 [inline]
 <rust_binder_main::process::Process>::ioctl_write_read drivers/android/binder/process.rs:1612 [inline]
 <rust_binder_main::process::Process>::ioctl drivers/android/binder/process.rs:1677 [inline]
 rust_binder_main::rust_binder_ioctl+0x1019/0x55c0 drivers/android/binder/rust_binder_main.rs:449
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x135/0x1b0 fs/ioctl.c:893
 __x64_sys_ioctl+0x7f/0xa0 fs/ioctl.c:893
 x64_sys_call+0x1878/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:47 [inline]
 do_syscall_64+0x57/0xf0 arch/x86/entry/common.c:78
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fa828f9c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa829efa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa829215fa0 RCX: 00007fa828f9c799
RDX: 0000200000000100 RSI: 00000000c0306201 RDI: 0000000000000004
RBP: 00007fa829032bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa829216038 R14: 00007fa829215fa0 R15: 00007ffe7a94c068
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:cpuacct_charge+0x10/0x190 kernel/sched/cpuacct.c:335
Code: 70 a6 ff 5d c3 cc cc cc cc cc b8 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 41 54 <53> 48 83 ec 10 48 89 75 c8 49 89 ff 48 bb 00 00 00 00 00 fc ff df
RSP: 0018:ffffc90002010000 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000007ec0 RCX: dffffc0000000000
RDX: 0000000000000001 RSI: 0000000000007ec0 RDI: ffff88811fa25f00
RBP: ffffc90002010020 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000402044 R12: ffff88811fa25f00
R13: ffff88811f260b58 R14: ffff88811fa25fc0 R15: ffff88811f260a00
FS:  00007fa829efa6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000200fff8 CR3: 0000000121162000 CR4: 00000000003526b0
----------------
Code disassembly (best guess):
   0:	70 a6                	jo     0xffffffa8
   2:	ff 5d c3             	lcall  *-0x3d(%rbp)
   5:	cc                   	int3
   6:	cc                   	int3
   7:	cc                   	int3
   8:	cc                   	int3
   9:	cc                   	int3
   a:	b8 00 00 00 00       	mov    $0x0,%eax
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	66 0f 1f 00          	nopw   (%rax)
  1e:	55                   	push   %rbp
  1f:	48 89 e5             	mov    %rsp,%rbp
  22:	41 57                	push   %r15
  24:	41 56                	push   %r14
  26:	41 55                	push   %r13
  28:	41 54                	push   %r12
* 2a:	53                   	push   %rbx <-- trapping instruction
  2b:	48 83 ec 10          	sub    $0x10,%rsp
  2f:	48 89 75 c8          	mov    %rsi,-0x38(%rbp)
  33:	49 89 ff             	mov    %rdi,%r15
  36:	48 bb 00 00 00 00 00 	movabs $0xdffffc0000000000,%rbx
  3d:	fc ff df