680)=[&(0x7f00000021c0)={0x0, 0x0, 0x0, 0x6, 0x4, r3, &(0x7f00000020c0)="a5d60aadc807051e639f33698af2780d8ce44494508dfc47a1ff643b9ad1e4549ddd775b4d347737513a333ee1d0aa163afc325ea1849344c1997894e0d5057af19d617b0d7858ec3250453453546ec7c9cda93cdf40a1ab82b04df7cb0fbf202db5cec0d0670a1ae663fafb8e84267f52182671f766cfc13b0e7be3ed5886b24fcf71d0a77a41da06916949d8fdb377f924133edc56e6601a14095417", 0x9d, 0xffff}, 0x0]) r4 = shmget$private(0x0, 0x3000, 0x80, &(0x7f0000ffb000/0x3000)=nil) shmctl$IPC_STAT(r4, 0x2, &(0x7f00000026c0)=""/103) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, &(0x7f0000002c80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x40040) [ 1706.218713][ T1010] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1706.226916][ T1010] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1706.235921][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1706.244087][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1706.254597][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1706.263358][T11574] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:37:54 executing program 2: keyctl$chown(0x5, 0x0, 0x0, 0xffffffffffffffff) r0 = add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f0000000280)={0x0, "b7d7618f4ec76a4557e303cb064933cf68fa8a967e6b810730528fbd4e751a01958204a6b97e4357447063f8443aa70aae96911769acef5cbc4dc0d74e456d16"}, 0x48, 0xfffffffffffffffc) keyctl$chown(0x4, r0, 0x0, 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "afa09a28a728d0af2e83a1166edbb7c35bcb4921c8febc32717507747eeb49919f71c0cba90ebc06e82148e040ab8a13d73435c460b2999ca608f7a1089f08a2", 0x30}, 0x48, 0xfffffffffffffffe) request_key(&(0x7f0000000300)='asymmetric\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)='e8dab99234bb312e', r0) 01:37:54 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:37:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1d, 0x0, 0x0) [ 1706.550284][T11560] binder: 11559:11560 ioctl c0306201 0 returned -14 01:37:54 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1706.794716][T11565] binder: 11563:11565 ioctl c0306201 0 returned -14 01:37:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @loopback}}}, 0x90) 01:37:55 executing program 2: keyctl$chown(0x19, 0x0, 0x0, 0xffffffffffffffff) [ 1707.017973][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:37:55 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:37:55 executing program 2: keyctl$chown(0x6, 0x0, 0x0, 0xffffffffffffffff) 01:37:55 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:37:55 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:37:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x21, &(0x7f00000000c0), 0x4) 01:37:55 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:37:55 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:37:55 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000240)='}', 0x1, 0x0, &(0x7f0000001240)={0xa, 0x4e22, 0x0, @remote}, 0x1c) [ 1707.572054][T11594] binder: 11591:11594 ioctl c0306201 0 returned -14 01:37:55 executing program 2: add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @auto=[0x63, 0x30, 0x35, 0x0, 0x39, 0x65, 0x0, 0x0, 0x31, 0x0, 0x37, 0x31]}, &(0x7f0000000000)={0x0, "b7d7618f4ec76a4557e303cb064933cf68fa8a967e6b810730528fbd4e751a01958204a6b97e4357447063f8443aa70aae96911769acef5cbc4dc0d74e456d16"}, 0x48, 0xfffffffffffffffc) [ 1707.681828][T11597] binder: 11595:11597 ioctl c0306201 0 returned -14 01:37:56 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:37:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) [ 1708.057304][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1708.143467][T11605] binder: 11604:11605 ioctl c0306201 0 returned -14 01:37:56 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:37:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f00000042c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000) [ 1708.221665][T11608] binder: 11604:11608 ioctl c0306201 20001480 returned -14 01:37:56 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:37:56 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:37:56 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1708.465964][T11618] binder: BINDER_SET_CONTEXT_MGR already set [ 1708.473108][T11618] binder: 11615:11618 ioctl 40046207 0 returned -16 [ 1708.481806][T11618] binder: 11615:11618 ioctl c0306201 0 returned -14 01:37:56 executing program 2: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) syz_usbip_server_init(0x0) [ 1708.613854][T11629] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN 01:37:57 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1709.055636][T11633] binder: 11632:11633 ioctl c0306201 0 returned -14 [ 1709.098428][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:37:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x4b, &(0x7f00000000c0), 0x4) [ 1709.170094][T11634] binder: 11632:11634 ioctl c0306201 20001480 returned -14 01:37:57 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 01:37:57 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:37:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x4d, 0x0, 0x0) [ 1709.435139][T11638] binder: 11637:11638 ioctl c0306201 0 returned -14 01:37:57 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1709.518934][T11643] binder: 11637:11643 ioctl c0306201 20001480 returned -14 01:37:57 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:37:57 executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(r0, &(0x7f00000041c0)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000001200)=[{&(0x7f0000000100)="44054b077f06ed9d2e00bdec02bd086cc00498881405077f4219ff5d543b9cff0fd2c23e18e403197c6acc83e4f77d60f697afb33d3fa8d2d4854844b4014a0778f5f3f9b8d8f383785e0ad2f6be9ec6cf2386cacb09e17effd5886e2fd6b5f72637a2f42b6fc83b13bb3f64779ba0d902b22fb94fae602ea23ec4a91f667df99344c861029d84a80e3d84c0940dc86c14d09fa9235b9ed0dd0647919a8446e2fd952c3159db7e725496d8075e82e2683aeabf2e42920ef77ef247066602994138d0fd102ebf78e46d832cbbb9e5b716929be6", 0xd3}, {&(0x7f0000000200)="badecfcce88d5b8a0ede8ac09e23bb95953cd2115ab0fff51f6a33ae0eb286b6627acab2a1d95783696bbd67204dc0d2842cc11e4d8afb57313fee5fccc5db062ca7c0c19366814609dec90405aa21d481f4d357f30e7fb9cc708a96d887f2d17626dcf53a852fd7f03384f265d0f9b076ef624242015a271bc3b804295c026457053acb8be1415028bb27e4537b84bf5a3d7f318f35239b564d2af76d76fb1e5e1731422b2481facb65a1ca944c1958c02378d0b35b09ff42d5f7bb360aae3138ec577caa4192d1de5df0809aa0726f8859e08cf181addb7f7f7a90f006be3ef693f0a057d1c5c6a98820d62b6282cc89f553e8cf10581db90e0c0b237d4f08c759c49e5eacc5c624a1078ce2e8f8802bd29cf39876d2fdb450b248975ddbbac6aea4e73039b66e01e8b054725f0085e8958c3ff6fcedc1416b8b12ffc77c7627713340f3901add7e007d93261710db805d4a88aee6521e5dfad8eecfc150a0209deb4dce53713f385f4ba2d75acb5b13a85c7ee71a324b3c46f34be593a4564a7a981ba2794c07fa60c9040ba963f0018505f8b78e9e4abce8c0c06c68808b3e9d577f8fe371c09b651fec35855afe38da82fdc5101bff5ac1fd507ed28cc22a95a8c014685d5406bbcbeab4eee2a1b5b04b614fa1003098ae81774b66a954ed882f69fb215763d2a5b71d851c76877a0a4e2f05ce6d66a0ab3b4f8f7b11e3fa2b331891ef77d6164d52d46d261bd3b0d596485ff3ba8e333972a6350544975108d8e48433fb19e0b2e5df79f138592c1b447cef8ebc99d63cd36f82b4f10e7c6688d4455dfe8603793c89222d86f55a95f460fbac76d1f4119b64f29df0caba502a32150a7061fce8bb76128a56e6ddf3ae45fecd4891a96c0d59545e102ed5de5bfe583f9e9cb7f9ae1498a66528830b99e6a69dd07d46e9bf96cae7af9097c247985f39d5a82985ecc56a8d3c028011f54a8d0e9d3d3025fbf8732857d12414d0bc82f5e70c33dfb46321778203b18cd7ebc26f8f7917bfbff547b75339a6f07bd64291f128ecc092d5f2cf2504926db9bf9e1ebcadb1fc9d2493803ad59fab4c7a5387c939cc4176cf9ca9d3d10672fbe6749befb9ac0e0988df1c5753c00851418af1c598ec24ba0d46a875cdf13295ca65320e7a985b42d6e5382f2eed1dbc9c4eb5556521f612fed205807a04d04f58e49d7bb8950f85600672364d4f1f33530cc1739a73fb9d7e4deb1d1b9d5743c2a9e80724b2af3053d3ed451c9482dbdf7eb43b49795ac080b854e3f9c3611d51fa4500df08430baddb151c8d9ab64c8c76c07b4f7ec47ce6addac330eee24bf57fb25732a30174bc86bb2e5d9f6b5fc39dfe4ed69c7bc7d2523f836a7a8093b8d7b5402352272b9af6c6cecc7d4aa879650e768ad9e1c3cb9faba755bface83365e1dbad10ac80ff3d725b63a2e9ec49a20fdf5813d0e9d3aaee7e73af21a8128a6f8724fac992f4a1286bfe67af330f4ed1eff57577f8bd77c1bd0d040b69a1e28a225e466e9b0573f0fc6355209b90ecbd95e01f5078c7f25cbfaa393b4dc26bbc1bf5115c45a179e3e87ba537e8e0475b739105e7e3f3862145e723e5679347c650a6d3e5a1d38391826f23753bc8f5a401e8d7978eaa450b467238d9feca6d3a4e12864cca4235aa6360604c3563aff8cc045944cc2edb620a77228f164738ec926f601a286f839da57e81181561fff014541a5e778647dda10c514eb05d91e690f842aad51c31636d5849d57eecf77552f81d003bc4405cef51d816304e17358cbd7499778eb34f3b3e180645486d3a8a0533fd", 0x50a}], 0x2, &(0x7f0000001240)=[@tclass={{0x14}}], 0x18}}], 0x1, 0x4000800) 01:37:57 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:37:58 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:37:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8993, &(0x7f00000002c0)={'syztnl1\x00', 0x0}) 01:37:58 executing program 2: r0 = socket(0x200000100000011, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r2}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000680)={0x300, 0x384, 0x0, 0x0, 0x0, "", [@nested={0x7, 0x0, 0x0, 0x1, [@generic="983e58"]}, @generic="65b806b4c8a6f2279f70cb6de2d77efebdf1a1fa492a745606e85c2bfaadddd995f954e52bcac1a0f21b54c1dd5d25dbfcf4046ba38378bf228dca6834e449b67639308dddf32ea0afe125546322585cb14c3fc65b7d9b7c49bc1f7a820c9e6dce08658d7ed10d58f123068b22344fe53402ecc885162c2e58052ec97e3d2025beb25f3e40d9301e317b0e4fc1eff0010107b428061924ee4cd87f71a7c4bb827c9915bc76fdc3", @generic="3b6135b71b8ee5f965dd7ae38371b80943eb438c9d656f2660e173fb4a2469b7525ad3e5b83500c89dfafd2483036390c31567817c1f3568495ca5ecd10d3c69f74728e0c6a0b8f2b7c4bca22f6d833dff1e8f52d7de", @generic="8c1a6fd11a071ac6b382b4940b9088bab84de50db864140d43e0957ae68761ede5904b333f4790b92c839e6b", @nested={0xe9, 0x0, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@private2}, @typed={0x8, 0x0, 0x0, 0x0, @str='GPL\x00'}, @typed={0xe, 0x0, 0x0, 0x0, @str=',/(]\\^]/(\x00'}, @generic="c1c3b57e11730b668bfce7edcd990ed9db770ead4b384c85ecb7eb9e25b34482183d022bd1ef655520469ac9c450841639f01279d96203e645093f", @generic="8ba8a5716d6aedfe51ba73b62dc608ff5c38d60f1578fe8b6bed1b62d8571e389c177eb445ca3268a88cb380697992a150ea02bd6758c953b86302b8630344a6f985bb6854e4cc4e8758737544a92547ddcfef411b444d7ab1ca7b27b8548377c7564596253ba48f6812b3977e7bc99f7c110a5bec28", @typed={0x8, 0x0, 0x0, 0x0, @fd}]}, @nested={0xcd, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @pid}, @generic="a58a40dbcbbfb994ffe2197c18", @typed={0xaa, 0x0, 0x0, 0x0, @str='i\xba]\x96B\xb16qy\xcc\xeb\x90\xb5\x8f\x01(\x04\x91s\xd1\x9f2\xbau\x13\xe57*\xf7)p#{\v\x06\xde\"6<\xc3S\\\xa6\x88~\x01\x89;k\xb0l\x91\xa1\x95\xbapaw\x063y\x8b\r\x92\xa2m\x91\xe5\xa8t\x99\x04\x9c\x1a\xfcn;\xe0D\x1c\x98\'\xf8\xd0\xe7\xb7*\x9b\xc4\xaf\xf2\xee\xd0\xe3\x05\x9c%\xc2\x9d\"\n\x9b\'9\xc1#\xb0`RR,\x1c(\xe1 \xd1\xa0\x12\xf1\xa1,\nI;O\xec\x95[8\xc9\x17l{\xea\xcfoK\xb3\xffW\xd1.\xa2\x99\xbe\x15;\xcc\xf0\xe2\\I\xd8\xbc\x90\x04\xbb\xb715;\xe7\xcf\xec\x02/'}]}]}, 0x300}], 0x1}, 0x0) [ 1710.027776][T11666] binder: 11664:11666 ioctl c0306201 0 returned -14 01:37:58 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) getrlimit(0x0, &(0x7f00000000c0)) write$cgroup_int(r7, &(0x7f0000000080), 0x12) [ 1710.148404][T11669] binder: 11664:11669 ioctl c0306201 20001480 returned -14 01:37:58 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1710.383642][T11675] binder: 11674:11675 ioctl c0306201 0 returned -14 [ 1710.763346][T11677] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1710.773749][T11677] CPU: 0 PID: 11677 Comm: syz-executor.2 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1710.783696][T11677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1710.793777][T11677] Call Trace: [ 1710.797076][T11677] [ 1710.800027][T11677] dump_stack_lvl+0x136/0x150 [ 1710.804755][T11677] dump_header+0x10a/0xd70 [ 1710.809223][T11677] oom_kill_process+0x25d/0x600 [ 1710.814125][T11677] out_of_memory+0x35c/0x1650 [ 1710.818867][T11677] ? oom_killer_disable+0x2b0/0x2b0 [ 1710.824116][T11677] ? kernfs_notify+0x1ac/0x410 [ 1710.828948][T11677] ? find_held_lock+0x2d/0x110 [ 1710.833753][T11677] mem_cgroup_out_of_memory+0x206/0x270 [ 1710.839355][T11677] ? mem_cgroup_margin+0x130/0x130 [ 1710.844512][T11677] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 1710.850366][T11677] memory_max_write+0x2f9/0x3c0 [ 1710.855261][T11677] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1710.861378][T11677] ? lock_sync+0x190/0x190 [ 1710.865855][T11677] cgroup_file_write+0x1e2/0x7b0 [ 1710.870825][T11677] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1710.876950][T11677] ? kill_css+0x3b0/0x3b0 [ 1710.881311][T11677] ? lock_acquire+0x32/0xc0 [ 1710.885862][T11677] ? kill_css+0x3b0/0x3b0 [ 1710.890221][T11677] kernfs_fop_write_iter+0x3f1/0x600 [ 1710.895555][T11677] vfs_write+0x9f6/0xe20 [ 1710.899850][T11677] ? kernel_write+0x670/0x670 [ 1710.904582][T11677] ? receive_fd+0x110/0x110 [ 1710.909148][T11677] ? __fget_files+0x26a/0x480 [ 1710.913885][T11677] ksys_write+0x12b/0x250 [ 1710.918262][T11677] ? __ia32_sys_read+0xb0/0xb0 [ 1710.923073][T11677] ? syscall_enter_from_user_mode+0x26/0x80 [ 1710.929010][T11677] do_syscall_64+0x39/0xb0 [ 1710.933470][T11677] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1710.939401][T11677] RIP: 0033:0x7fae5b88c0f9 [ 1710.943840][T11677] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1710.963481][T11677] RSP: 002b:00007fae5a3bc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1710.971927][T11677] RAX: ffffffffffffffda RBX: 00007fae5b9ac120 RCX: 00007fae5b88c0f9 [ 1710.979923][T11677] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 000000000000000a [ 1710.987921][T11677] RBP: 00007fae5b8e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1710.995919][T11677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1711.003916][T11677] R13: 00007ffc9999747f R14: 00007fae5a3bc300 R15: 0000000000022000 [ 1711.011938][T11677] [ 1711.015108][T11677] memory: usage 12424kB, limit 0kB, failcnt 0 [ 1711.021345][T11677] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1711.028325][T11677] Memory cgroup stats for /syz1: [ 1711.029403][T11677] anon 356352 [ 1711.029403][T11677] file 10420224 [ 1711.029403][T11677] kernel 1773568 [ 1711.029403][T11677] kernel_stack 163840 [ 1711.029403][T11677] pagetables 135168 [ 1711.029403][T11677] sec_pagetables 24576 [ 1711.029403][T11677] percpu 2496 [ 1711.029403][T11677] sock 0 [ 1711.029403][T11677] vmalloc 49152 [ 1711.029403][T11677] shmem 10412032 [ 1711.029403][T11677] zswap 0 [ 1711.029403][T11677] zswapped 0 [ 1711.029403][T11677] file_mapped 425984 [ 1711.029403][T11677] file_dirty 8192 [ 1711.029403][T11677] file_writeback 0 [ 1711.029403][T11677] swapcached 0 [ 1711.029403][T11677] anon_thp 0 [ 1711.029403][T11677] file_thp 0 [ 1711.029403][T11677] shmem_thp 0 [ 1711.029403][T11677] inactive_anon 10412032 [ 1711.029403][T11677] active_anon 356352 [ 1711.029403][T11677] inactive_file 0 [ 1711.029403][T11677] active_file 77824 [ 1711.029403][T11677] unevictable 0 [ 1711.029403][T11677] slab_reclaimable 851584 [ 1711.029403][T11677] slab_unreclaimable 351760 [ 1711.029403][T11677] slab 1203344 [ 1711.029403][T11677] workingset_refault_anon 0 [ 1711.029403][T11677] workingset_refault_file 0 [ 1711.029403][T11677] workingset_activate_anon 0 [ 1711.029403][T11677] workingset_activate_file 0 [ 1711.029403][T11677] workingset_restore_anon 0 [ 1711.029403][T11677] workingset_restore_file 0 [ 1711.029403][T11677] workingset_nodereclaim 0 [ 1711.029403][T11677] pgscan 2987 [ 1711.029403][T11677] pgsteal 97 [ 1711.029403][T11677] pgscan_kswapd 0 [ 1711.029403][T11677] pgscan_direct 2987 [ 1711.029403][T11677] pgscan_khugepaged 0 [ 1711.029403][T11677] pgsteal_kswapd 0 [ 1711.029403][T11677] pgsteal_direct 97 [ 1711.029403][T11677] pgsteal_khugepaged 0 [ 1711.029403][T11677] pgfault 230015 [ 1711.029403][T11677] pgmajfault 2 [ 1711.029403][T11677] pgrefill 1192 [ 1711.029403][T11677] pgactivate 2890 [ 1711.029403][T11677] pgdeactivate 0 [ 1711.029403][T11677] pglazyfree 0 [ 1711.029403][T11677] pglazyfreed 0 [ 1711.029403][T11677] zswpin 0 [ 1711.029403][T11677] zswpout 0 [ 1711.215552][T11677] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11651,uid=0 [ 1711.233908][T11677] Memory cgroup out of memory: Killed process 11651 (syz-executor.1) total-vm:54804kB, anon-rss:488kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 1712.014105][ T10] net_ratelimit: 2 callbacks suppressed [ 1712.014129][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:00 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) getrlimit(0x0, &(0x7f00000000c0)) write$cgroup_int(r7, &(0x7f0000000080), 0x12) 01:38:00 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1712.132953][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1712.147835][ T7245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1712.177601][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1712.186387][T11574] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1712.194569][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1712.215112][T21006] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1712.220373][T11679] binder: 11674:11679 ioctl c0306201 20001480 returned -14 [ 1712.302970][T11682] binder: 11678:11682 ioctl c0306201 0 returned -14 01:38:00 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1712.379087][T11682] binder: 11678:11682 ioctl c0306201 0 returned -14 [ 1712.476021][T11685] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1712.486442][T11685] CPU: 1 PID: 11685 Comm: syz-executor.2 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1712.496378][T11685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1712.506462][T11685] Call Trace: [ 1712.509762][T11685] [ 1712.512717][T11685] dump_stack_lvl+0x136/0x150 [ 1712.517623][T11685] dump_header+0x10a/0xd70 [ 1712.522113][T11685] oom_kill_process+0x25d/0x600 [ 1712.527023][T11685] out_of_memory+0x35c/0x1650 [ 1712.531760][T11685] ? oom_killer_disable+0x2b0/0x2b0 [ 1712.537013][T11685] ? kernfs_notify+0x1ac/0x410 [ 1712.541829][T11685] ? find_held_lock+0x2d/0x110 [ 1712.546641][T11685] mem_cgroup_out_of_memory+0x206/0x270 [ 1712.552225][T11685] ? mem_cgroup_margin+0x130/0x130 [ 1712.557384][T11685] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 1712.563236][T11685] memory_max_write+0x2f9/0x3c0 [ 1712.571267][T11685] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1712.577380][T11685] ? lock_sync+0x190/0x190 [ 1712.581840][T11685] cgroup_file_write+0x1e2/0x7b0 [ 1712.586811][T11685] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1712.592936][T11685] ? kill_css+0x3b0/0x3b0 [ 1712.597297][T11685] ? lock_acquire+0x32/0xc0 [ 1712.601849][T11685] ? kill_css+0x3b0/0x3b0 [ 1712.606292][T11685] kernfs_fop_write_iter+0x3f1/0x600 [ 1712.611649][T11685] vfs_write+0x9f6/0xe20 [ 1712.615962][T11685] ? kernel_write+0x670/0x670 [ 1712.620693][T11685] ? receive_fd+0x110/0x110 [ 1712.625263][T11685] ? __fget_files+0x26a/0x480 [ 1712.630047][T11685] ksys_write+0x12b/0x250 [ 1712.634453][T11685] ? __ia32_sys_read+0xb0/0xb0 [ 1712.639275][T11685] ? syscall_enter_from_user_mode+0x26/0x80 [ 1712.645217][T11685] do_syscall_64+0x39/0xb0 [ 1712.649697][T11685] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1712.655656][T11685] RIP: 0033:0x7fae5b88c0f9 [ 1712.660110][T11685] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1712.680689][T11685] RSP: 002b:00007fae5a3bc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1712.689143][T11685] RAX: ffffffffffffffda RBX: 00007fae5b9ac120 RCX: 00007fae5b88c0f9 [ 1712.697421][T11685] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 000000000000000a [ 1712.705619][T11685] RBP: 00007fae5b8e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1712.713623][T11685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1712.721638][T11685] R13: 00007ffc9999747f R14: 00007fae5a3bc300 R15: 0000000000022000 [ 1712.729686][T11685] [ 1712.736091][T11685] memory: usage 11024kB, limit 0kB, failcnt 0 [ 1712.742450][T11685] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1712.749578][T11685] Memory cgroup stats for /syz1: [ 1712.750118][T11685] anon 208896 [ 1712.750118][T11685] file 10420224 [ 1712.750118][T11685] kernel 589824 [ 1712.750118][T11685] kernel_stack 65536 [ 1712.750118][T11685] pagetables 65536 [ 1712.750118][T11685] sec_pagetables 0 [ 1712.750118][T11685] percpu 2496 [ 1712.750118][T11685] sock 0 [ 1712.750118][T11685] vmalloc 49152 [ 1712.750118][T11685] shmem 10412032 [ 1712.750118][T11685] zswap 0 [ 1712.750118][T11685] zswapped 0 [ 1712.750118][T11685] file_mapped 425984 [ 1712.750118][T11685] file_dirty 8192 [ 1712.750118][T11685] file_writeback 0 [ 1712.750118][T11685] swapcached 0 [ 1712.750118][T11685] anon_thp 0 [ 1712.750118][T11685] file_thp 0 [ 1712.750118][T11685] shmem_thp 0 [ 1712.750118][T11685] inactive_anon 10412032 [ 1712.750118][T11685] active_anon 208896 [ 1712.750118][T11685] inactive_file 0 [ 1712.750118][T11685] active_file 77824 [ 1712.750118][T11685] unevictable 0 [ 1712.750118][T11685] slab_reclaimable 128232 [ 1712.750118][T11685] slab_unreclaimable 246280 [ 1712.750118][T11685] slab 374512 [ 1712.750118][T11685] workingset_refault_anon 0 [ 1712.750118][T11685] workingset_refault_file 0 [ 1712.750118][T11685] workingset_activate_anon 0 [ 1712.750118][T11685] workingset_activate_file 0 [ 1712.750118][T11685] workingset_restore_anon 0 [ 1712.750118][T11685] workingset_restore_file 0 [ 1712.750118][T11685] workingset_nodereclaim 0 [ 1712.750118][T11685] pgscan 3531 [ 1712.750118][T11685] pgsteal 97 [ 1712.750118][T11685] pgscan_kswapd 0 [ 1712.750118][T11685] pgscan_direct 3531 [ 1712.750118][T11685] pgscan_khugepaged 0 [ 1712.750118][T11685] pgsteal_kswapd 0 [ 1712.750118][T11685] pgsteal_direct 97 [ 1712.750118][T11685] pgsteal_khugepaged 0 [ 1712.750118][T11685] pgfault 230015 [ 1712.750118][T11685] pgmajfault 2 [ 1712.750118][T11685] pgrefill 1320 [ 1712.750118][T11685] pgactivate 3434 [ 1712.750118][T11685] pgdeactivate 0 [ 1712.750118][T11685] pglazyfree 0 [ 1712.750118][T11685] pglazyfreed 0 [ 1712.750118][T11685] zswpin 0 [ 1712.750118][T11685] zswpout 0 [ 1712.937979][T11685] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25897,uid=0 [ 1712.953939][T11685] Memory cgroup out of memory: Killed process 25897 (syz-executor.1) total-vm:50568kB, anon-rss:364kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:0 [ 1716.430010][ T29] oom_reaper: reaped process 25897 (syz-executor.1), now anon-rss:108kB, file-rss:2776kB, shmem-rss:0kB [ 1716.456460][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1716.468529][T11683] binder: 11678:11683 ioctl c0306201 20001480 returned -14 [ 1716.480644][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1716.550534][T11687] binder: 11686:11687 ioctl c0306201 0 returned -14 [ 1716.639831][T11688] binder: 11686:11688 ioctl c0306201 20001480 returned -14 01:38:05 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:05 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) getrlimit(0x0, &(0x7f00000000c0)) write$cgroup_int(r7, &(0x7f0000000080), 0x12) 01:38:05 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:05 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:05 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1716.944215][T11695] binder: 11690:11695 ioctl c0306201 0 returned -14 [ 1716.960321][T11695] binder: 11690:11695 ioctl c0306201 0 returned -14 [ 1717.203430][T11704] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1717.213864][T11704] CPU: 1 PID: 11704 Comm: syz-executor.2 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1717.223924][T11704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1717.234003][T11704] Call Trace: [ 1717.237307][T11704] [ 1717.240261][T11704] dump_stack_lvl+0x136/0x150 [ 1717.244988][T11704] dump_header+0x10a/0xd70 [ 1717.249449][T11704] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 1717.255557][T11704] ? out_of_memory+0xc0/0x1650 [ 1717.260546][T11704] out_of_memory+0xd6c/0x1650 [ 1717.265298][T11704] ? oom_killer_disable+0x2b0/0x2b0 [ 1717.270568][T11704] ? kernfs_notify+0x1ac/0x410 [ 1717.275377][T11704] ? find_held_lock+0x2d/0x110 [ 1717.280183][T11704] mem_cgroup_out_of_memory+0x206/0x270 [ 1717.285857][T11704] ? mem_cgroup_margin+0x130/0x130 [ 1717.291016][T11704] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 1717.296875][T11704] memory_max_write+0x2f9/0x3c0 [ 1717.301775][T11704] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1717.307971][T11704] ? mark_held_locks+0x9f/0xe0 [ 1717.312802][T11704] cgroup_file_write+0x1e2/0x7b0 [ 1717.317787][T11704] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1717.323913][T11704] ? kill_css+0x3b0/0x3b0 [ 1717.328321][T11704] ? kill_css+0x3b0/0x3b0 [ 1717.332689][T11704] kernfs_fop_write_iter+0x3f1/0x600 [ 1717.338030][T11704] vfs_write+0x9f6/0xe20 [ 1717.342336][T11704] ? kernel_write+0x670/0x670 [ 1717.347089][T11704] ? receive_fd+0x110/0x110 [ 1717.351650][T11704] ? __fget_files+0x26a/0x480 [ 1717.356401][T11704] ksys_write+0x12b/0x250 [ 1717.360816][T11704] ? __ia32_sys_read+0xb0/0xb0 [ 1717.365641][T11704] ? syscall_enter_from_user_mode+0x26/0x80 [ 1717.371586][T11704] do_syscall_64+0x39/0xb0 [ 1717.376147][T11704] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1717.382080][T11704] RIP: 0033:0x7fae5b88c0f9 [ 1717.386533][T11704] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1717.406182][T11704] RSP: 002b:00007fae5a3bc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1717.414647][T11704] RAX: ffffffffffffffda RBX: 00007fae5b9ac120 RCX: 00007fae5b88c0f9 [ 1717.422646][T11704] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 000000000000000a [ 1717.430669][T11704] RBP: 00007fae5b8e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1717.438703][T11704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1717.446707][T11704] R13: 00007ffc9999747f R14: 00007fae5a3bc300 R15: 0000000000022000 [ 1717.454740][T11704] [ 1717.457977][T11704] memory: usage 10524kB, limit 0kB, failcnt 0 [ 1717.464172][T11704] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1717.471163][T11704] Memory cgroup stats for /syz1: [ 1717.472198][T11704] anon 0 [ 1717.472198][T11704] file 10420224 [ 1717.472198][T11704] kernel 286720 [ 1717.472198][T11704] kernel_stack 0 [ 1717.472198][T11704] pagetables 0 [ 1717.472198][T11704] sec_pagetables 0 [ 1717.472198][T11704] percpu 2368 [ 1717.472198][T11704] sock 0 [ 1717.472198][T11704] vmalloc 0 [ 1717.472198][T11704] shmem 10412032 [ 1717.472198][T11704] zswap 0 [ 1717.472198][T11704] zswapped 0 [ 1717.472198][T11704] file_mapped 425984 [ 1717.472198][T11704] file_dirty 8192 [ 1717.472198][T11704] file_writeback 0 [ 1717.472198][T11704] swapcached 0 [ 1717.472198][T11704] anon_thp 0 [ 1717.472198][T11704] file_thp 0 [ 1717.472198][T11704] shmem_thp 0 [ 1717.472198][T11704] inactive_anon 10412032 [ 1717.472198][T11704] active_anon 0 [ 1717.472198][T11704] inactive_file 0 [ 1717.472198][T11704] active_file 77824 [ 1717.472198][T11704] unevictable 0 [ 1717.472198][T11704] slab_reclaimable 118672 [ 1717.472198][T11704] slab_unreclaimable 160240 [ 1717.472198][T11704] slab 278912 [ 1717.472198][T11704] workingset_refault_anon 0 [ 1717.472198][T11704] workingset_refault_file 0 [ 1717.472198][T11704] workingset_activate_anon 0 [ 1717.472198][T11704] workingset_activate_file 0 [ 1717.472198][T11704] workingset_restore_anon 0 [ 1717.472198][T11704] workingset_restore_file 0 [ 1717.472198][T11704] workingset_nodereclaim 0 [ 1717.472198][T11704] pgscan 4075 [ 1717.472198][T11704] pgsteal 97 [ 1717.472198][T11704] pgscan_kswapd 0 [ 1717.472198][T11704] pgscan_direct 4075 [ 1717.472198][T11704] pgscan_khugepaged 0 [ 1717.472198][T11704] pgsteal_kswapd 0 [ 1717.472198][T11704] pgsteal_direct 97 [ 1717.472198][T11704] pgsteal_khugepaged 0 [ 1717.472198][T11704] pgfault 230015 [ 1717.472198][T11704] pgmajfault 2 [ 1717.472198][T11704] pgrefill 1448 [ 1717.472198][T11704] pgactivate 3978 [ 1717.472198][T11704] pgdeactivate 0 [ 1717.472198][T11704] pglazyfree 0 [ 1717.472198][T11704] pglazyfreed 0 [ 1717.472198][T11704] zswpin 0 [ 1717.472198][T11704] zswpout 0 [ 1717.472198][T11704] thp_fault_alloc 0 [ 1717.659481][T11704] Out of memory and no killable processes... [ 1717.785025][ T7245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:06 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) getrlimit(0x0, &(0x7f00000000c0)) write$cgroup_int(r7, &(0x7f0000000080), 0x12) [ 1718.201630][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1718.228002][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1718.236622][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:06 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1718.250876][T11706] binder: 11690:11706 ioctl c0306201 20001480 returned -14 [ 1718.261464][ T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 01:38:06 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1718.525641][T11711] binder: 11710:11711 ioctl c0306201 0 returned -14 01:38:06 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1718.614124][T11711] binder: 11710:11711 ioctl c0306201 0 returned -14 [ 1718.657502][ T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.719489][T11715] binder: 11714:11715 ioctl c0306201 0 returned -14 01:38:07 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1718.772429][T11715] binder: 11714:11715 ioctl c0306201 0 returned -14 [ 1718.790438][T11713] binder: 11710:11713 ioctl c0306201 20001480 returned -14 [ 1718.882357][T11718] binder: 11714:11718 ioctl c0306201 20001480 returned -14 01:38:07 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1718.980199][ T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1718.989173][T11716] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1719.087753][T11716] CPU: 0 PID: 11716 Comm: syz-executor.2 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1719.097738][T11716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1719.107824][T11716] Call Trace: [ 1719.111127][T11716] [ 1719.114223][T11716] dump_stack_lvl+0x136/0x150 [ 1719.118955][T11716] dump_header+0x10a/0xd70 [ 1719.123414][T11716] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 1719.129531][T11716] out_of_memory+0xd6c/0x1650 [ 1719.134262][T11716] ? oom_killer_disable+0x2b0/0x2b0 [ 1719.139521][T11716] ? kernfs_notify+0x1ac/0x410 [ 1719.144340][T11716] ? find_held_lock+0x2d/0x110 [ 1719.149235][T11716] mem_cgroup_out_of_memory+0x206/0x270 [ 1719.154817][T11716] ? mem_cgroup_margin+0x130/0x130 [ 1719.159975][T11716] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 1719.165828][T11716] memory_max_write+0x2f9/0x3c0 [ 1719.170739][T11716] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1719.176860][T11716] ? mark_held_locks+0x9f/0xe0 [ 1719.181680][T11716] cgroup_file_write+0x1e2/0x7b0 [ 1719.186658][T11716] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1719.192771][T11716] ? kill_css+0x3b0/0x3b0 [ 1719.197161][T11716] ? kill_css+0x3b0/0x3b0 [ 1719.201525][T11716] kernfs_fop_write_iter+0x3f1/0x600 [ 1719.206868][T11716] vfs_write+0x9f6/0xe20 [ 1719.211265][T11716] ? kernel_write+0x670/0x670 [ 1719.215987][T11716] ? receive_fd+0x110/0x110 [ 1719.220538][T11716] ? __fget_files+0x26a/0x480 [ 1719.225339][T11716] ksys_write+0x12b/0x250 [ 1719.229713][T11716] ? __ia32_sys_read+0xb0/0xb0 [ 1719.234526][T11716] ? syscall_enter_from_user_mode+0x26/0x80 [ 1719.240655][T11716] do_syscall_64+0x39/0xb0 [ 1719.245218][T11716] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1719.251158][T11716] RIP: 0033:0x7fae5b88c0f9 [ 1719.255609][T11716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1719.275261][T11716] RSP: 002b:00007fae5a3bc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1719.283714][T11716] RAX: ffffffffffffffda RBX: 00007fae5b9ac120 RCX: 00007fae5b88c0f9 [ 1719.291712][T11716] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 000000000000000a [ 1719.299711][T11716] RBP: 00007fae5b8e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1719.307708][T11716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1719.315704][T11716] R13: 00007ffc9999747f R14: 00007fae5a3bc300 R15: 0000000000022000 [ 1719.323733][T11716] 01:38:07 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1719.361175][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1719.463737][T11727] binder: 11724:11727 ioctl c0306201 0 returned -14 01:38:07 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1719.506994][ T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1719.565739][T11727] binder: 11724:11727 ioctl c0306201 0 returned -14 [ 1719.720556][T11731] binder: 11724:11731 ioctl c0306201 20001480 returned -14 [ 1719.825953][T11733] binder: 11732:11733 ioctl c0306201 20000080 returned -14 [ 1719.880269][T11735] binder: 11732:11735 ioctl c0306201 0 returned -14 [ 1719.962302][T11733] binder: 11732:11733 ioctl c0306201 20001480 returned -14 01:38:08 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:08 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:08 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1720.349491][T11743] binder: 11739:11743 ioctl c0306201 20000080 returned -14 [ 1720.377249][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1720.402890][T11743] binder: 11739:11743 ioctl c0306201 0 returned -14 [ 1720.426036][T11745] binder: 11744:11745 ioctl c0306201 0 returned -14 [ 1720.436030][T11745] binder: 11744:11745 ioctl c0306201 0 returned -14 [ 1720.444295][T11716] memory: usage 10520kB, limit 0kB, failcnt 0 [ 1720.456232][T11716] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1720.487022][T11747] binder: 11739:11747 ioctl c0306201 20001480 returned -14 [ 1720.496879][T11748] binder: 11744:11748 ioctl c0306201 20001480 returned -14 [ 1720.554334][T11716] Memory cgroup stats for /syz1: [ 1720.554548][T11716] anon 0 [ 1720.554548][T11716] file 10420224 [ 1720.554548][T11716] kernel 282624 [ 1720.554548][T11716] kernel_stack 0 [ 1720.554548][T11716] pagetables 0 [ 1720.554548][T11716] sec_pagetables 0 [ 1720.554548][T11716] percpu 2368 [ 1720.554548][T11716] sock 0 [ 1720.554548][T11716] vmalloc 0 [ 1720.554548][T11716] shmem 10412032 [ 1720.554548][T11716] zswap 0 [ 1720.554548][T11716] zswapped 0 [ 1720.554548][T11716] file_mapped 425984 [ 1720.554548][T11716] file_dirty 8192 [ 1720.554548][T11716] file_writeback 0 [ 1720.554548][T11716] swapcached 0 [ 1720.554548][T11716] anon_thp 0 [ 1720.554548][T11716] file_thp 0 [ 1720.554548][T11716] shmem_thp 0 [ 1720.554548][T11716] inactive_anon 10412032 [ 1720.554548][T11716] active_anon 0 [ 1720.554548][T11716] inactive_file 0 [ 1720.554548][T11716] active_file 77824 [ 1720.554548][T11716] unevictable 0 [ 1720.554548][T11716] slab_reclaimable 116096 [ 1720.554548][T11716] slab_unreclaimable 160240 [ 1720.554548][T11716] slab 276336 [ 1720.554548][T11716] workingset_refault_anon 0 [ 1720.554548][T11716] workingset_refault_file 0 [ 1720.554548][T11716] workingset_activate_anon 0 [ 1720.554548][T11716] workingset_activate_file 0 [ 1720.554548][T11716] workingset_restore_anon 0 [ 1720.554548][T11716] workingset_restore_file 0 [ 1720.554548][T11716] workingset_nodereclaim 0 [ 1720.554548][T11716] pgscan 4619 [ 1720.554548][T11716] pgsteal 97 [ 1720.554548][T11716] pgscan_kswapd 0 [ 1720.554548][T11716] pgscan_direct 4619 [ 1720.554548][T11716] pgscan_khugepaged 0 [ 1720.554548][T11716] pgsteal_kswapd 0 [ 1720.554548][T11716] pgsteal_direct 97 [ 1720.554548][T11716] pgsteal_khugepaged 0 [ 1720.554548][T11716] pgfault 230015 [ 1720.554548][T11716] pgmajfault 2 [ 1720.554548][T11716] pgrefill 1576 [ 1720.554548][T11716] pgactivate 4522 [ 1720.554548][T11716] pgdeactivate 0 [ 1720.554548][T11716] pglazyfree 0 [ 1720.554548][T11716] pglazyfreed 0 [ 1720.554548][T11716] zswpin 0 [ 1720.554548][T11716] zswpout 0 [ 1720.554548][T11716] thp_fault_alloc 0 [ 1720.757591][ T46] tipc: Left network mode 01:38:09 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1721.257234][T21005] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1721.417449][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1721.577200][T21005] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1721.799939][ T46] IPVS: stopping master sync thread 29274 ... [ 1721.962911][T11716] Out of memory and no killable processes... [ 1722.458268][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1722.681383][ T46] hsr_slave_0: left promiscuous mode [ 1722.697869][ T46] hsr_slave_1: left promiscuous mode [ 1722.707668][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1722.715318][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1722.746759][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1722.765776][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1722.789599][ T46] bridge_slave_1: left allmulticast mode [ 1722.795309][ T46] bridge_slave_1: left promiscuous mode [ 1722.821706][ T46] bridge0: port 2(bridge_slave_1) entered disabled state 01:38:11 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:11 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:11 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1722.879455][ T46] bridge_slave_0: left allmulticast mode [ 1722.885187][ T46] bridge_slave_0: left promiscuous mode [ 1722.899532][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 1722.962513][T11774] binder: 11770:11774 ioctl c0306201 20000080 returned -14 [ 1722.987355][T11773] binder: 11769:11773 ioctl c0306201 20000080 returned -14 [ 1723.004018][T11773] binder: 11769:11773 ioctl c0306201 0 returned -14 [ 1723.030055][T11774] binder: 11770:11774 ioctl c0306201 0 returned -14 [ 1723.039747][ T46] veth1_macvtap: left promiscuous mode [ 1723.052692][ T46] veth0_macvtap: left promiscuous mode [ 1723.072436][T11779] binder: 11769:11779 ioctl c0306201 20001480 returned -14 [ 1723.074925][ T46] veth1_vlan: left promiscuous mode [ 1723.085480][ T46] veth0_vlan: left promiscuous mode [ 1723.108002][T11782] binder: 11770:11782 ioctl c0306201 20001480 returned -14 [ 1723.497275][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1723.507773][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1723.516563][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1723.525508][T21005] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1724.035137][ T46] team0 (unregistering): Port device team_slave_1 removed [ 1724.051601][ T46] team0 (unregistering): Port device team_slave_0 removed [ 1724.098521][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1724.139664][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1724.272353][ T46] bond0 (unregistering): Released all slaves [ 1724.537258][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1725.157321][T11804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1725.174158][ T5146] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1725.183695][ T5146] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1725.191699][ T5146] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1725.200319][ T5146] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1725.248770][T11803] lo speed is unknown, defaulting to 1000 [ 1725.577537][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1725.842719][T11803] chnl_net:caif_netlink_parms(): no params data found [ 1726.010184][T11803] bridge0: port 1(bridge_slave_0) entered blocking state [ 1726.027002][T11803] bridge0: port 1(bridge_slave_0) entered disabled state [ 1726.034361][T11803] bridge_slave_0: entered allmulticast mode [ 1726.042954][T11803] bridge_slave_0: entered promiscuous mode [ 1726.051930][T11803] bridge0: port 2(bridge_slave_1) entered blocking state [ 1726.060114][T11803] bridge0: port 2(bridge_slave_1) entered disabled state [ 1726.067472][T11803] bridge_slave_1: entered allmulticast mode [ 1726.074706][T11803] bridge_slave_1: entered promiscuous mode [ 1726.126485][T11803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1726.170320][T11803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1726.269434][T11803] team0: Port device team_slave_0 added [ 1726.278982][T11803] team0: Port device team_slave_1 added [ 1726.330622][T11803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1726.357008][T11803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1726.406950][T11803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1726.427689][T11803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1726.434716][T11803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1726.471212][T11803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1726.547020][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1726.560585][T11803] hsr_slave_0: entered promiscuous mode [ 1726.567414][T11803] hsr_slave_1: entered promiscuous mode [ 1726.617424][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1727.257272][ T5146] Bluetooth: hci0: command 0x0409 tx timeout [ 1727.535464][T11803] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1727.555396][T11803] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1727.573346][T11803] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1727.590413][T11803] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1727.657298][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1727.687752][T11803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1727.704111][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1727.713029][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1727.725995][T11803] 8021q: adding VLAN 0 to HW filter on device team0 [ 1727.750636][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1727.760367][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1727.769358][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 1727.776534][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1727.795946][T30824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1727.804465][T30824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1727.813705][T30824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1727.823132][T30824] bridge0: port 2(bridge_slave_1) entered blocking state [ 1727.830332][T30824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1727.839052][T30824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1727.858890][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1727.877604][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1727.898815][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1727.927516][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1727.935864][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1727.954762][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1727.966489][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1727.986368][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1727.996659][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1728.005840][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1728.016458][T11803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1728.292271][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1728.300734][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1728.324057][T11803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1728.364173][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1728.384153][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1728.441617][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1728.458703][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1728.491853][T11803] veth0_vlan: entered promiscuous mode [ 1728.499847][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1728.517824][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1728.532962][T11803] veth1_vlan: entered promiscuous mode [ 1728.562611][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1728.571888][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1728.581184][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1728.590479][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1728.604110][T11803] veth0_macvtap: entered promiscuous mode [ 1728.624010][T11803] veth1_macvtap: entered promiscuous mode [ 1728.654834][T11803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1728.675032][T11803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.685388][T11803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1728.707016][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1728.715886][T11803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.735694][T11803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1728.761011][T11803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.797477][T11803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1728.806805][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1728.815537][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1728.826048][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1728.835405][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1728.847620][T11803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1728.860547][T11803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.871485][T11803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1728.882374][T11803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.892713][T11803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1728.903611][T11803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.916768][T11803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1728.926794][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1728.935939][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1728.961189][T11803] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1728.977108][T11803] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1728.985916][T11803] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1729.004103][T11803] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1729.160710][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1729.169954][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1729.195305][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1729.218434][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1729.227535][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1729.244321][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1729.257398][ T7245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1729.268885][T21006] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1729.278294][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1729.338879][ T5146] Bluetooth: hci0: command 0x041b tx timeout [ 1729.738084][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:18 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:18 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:18 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:18 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) getrlimit(0x0, &(0x7f00000000c0)) write$cgroup_int(r7, &(0x7f0000000080), 0x12) 01:38:18 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:18 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1730.428726][T11895] binder: 11891:11895 unknown command 0 [ 1730.435843][T11894] binder: 11889:11894 ioctl c0306201 20000080 returned -14 [ 1730.451441][T11895] binder: 11891:11895 ioctl c0306201 20000080 returned -22 [ 1730.474815][T11894] binder: 11889:11894 ioctl c0306201 0 returned -14 [ 1730.502095][T11895] binder: 11891:11895 ioctl c0306201 0 returned -14 [ 1730.572442][T11909] binder: 11889:11909 ioctl c0306201 20001480 returned -14 [ 1730.634564][T11914] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1730.644948][T11914] CPU: 1 PID: 11914 Comm: syz-executor.2 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1730.654893][T11914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1730.664975][T11914] Call Trace: [ 1730.668271][T11914] [ 1730.671223][T11914] dump_stack_lvl+0x136/0x150 [ 1730.675959][T11914] dump_header+0x10a/0xd70 [ 1730.680416][T11914] oom_kill_process+0x25d/0x600 [ 1730.685315][T11914] out_of_memory+0x35c/0x1650 [ 1730.690049][T11914] ? oom_killer_disable+0x2b0/0x2b0 [ 1730.695354][T11914] ? kernfs_notify+0x1ac/0x410 [ 1730.700204][T11914] ? find_held_lock+0x2d/0x110 [ 1730.705012][T11914] mem_cgroup_out_of_memory+0x206/0x270 [ 1730.710630][T11914] ? mem_cgroup_margin+0x130/0x130 [ 1730.715809][T11914] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 1730.721655][T11914] memory_max_write+0x2f9/0x3c0 [ 1730.726596][T11914] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1730.732713][T11914] ? lock_sync+0x190/0x190 [ 1730.737205][T11914] cgroup_file_write+0x1e2/0x7b0 [ 1730.742181][T11914] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1730.748291][T11914] ? kill_css+0x3b0/0x3b0 [ 1730.752663][T11914] ? lock_acquire+0x32/0xc0 [ 1730.757231][T11914] ? kill_css+0x3b0/0x3b0 [ 1730.761580][T11914] kernfs_fop_write_iter+0x3f1/0x600 [ 1730.766913][T11914] vfs_write+0x9f6/0xe20 [ 1730.771215][T11914] ? kernel_write+0x670/0x670 [ 1730.775924][T11914] ? receive_fd+0x110/0x110 [ 1730.780521][T11914] ? __fget_files+0x26a/0x480 [ 1730.785265][T11914] ksys_write+0x12b/0x250 [ 1730.789635][T11914] ? __ia32_sys_read+0xb0/0xb0 [ 1730.794468][T11914] ? syscall_enter_from_user_mode+0x26/0x80 [ 1730.800412][T11914] do_syscall_64+0x39/0xb0 [ 1730.804900][T11914] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1730.810841][T11914] RIP: 0033:0x7fae5b88c0f9 [ 1730.815277][T11914] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1730.835033][T11914] RSP: 002b:00007fae5a3bc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1730.843486][T11914] RAX: ffffffffffffffda RBX: 00007fae5b9ac120 RCX: 00007fae5b88c0f9 [ 1730.851493][T11914] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 000000000000000a [ 1730.859508][T11914] RBP: 00007fae5b8e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1730.867520][T11914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1730.875517][T11914] R13: 00007ffc9999747f R14: 00007fae5a3bc300 R15: 0000000000022000 [ 1730.883560][T11914] [ 1730.887965][T11914] memory: usage 10880kB, limit 0kB, failcnt 0 [ 1730.894104][T11914] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1730.902038][T11914] Memory cgroup stats for /syz1: [ 1730.902332][T11914] anon 147456 [ 1730.902332][T11914] file 10416128 [ 1730.902332][T11914] kernel 507904 [ 1730.902332][T11914] kernel_stack 98304 [ 1730.902332][T11914] pagetables 77824 [ 1730.902332][T11914] sec_pagetables 0 [ 1730.902332][T11914] percpu 64 [ 1730.902332][T11914] sock 0 [ 1730.902332][T11914] vmalloc 40960 [ 1730.902332][T11914] shmem 10412032 [ 1730.902332][T11914] zswap 0 [ 1730.902332][T11914] zswapped 0 [ 1730.902332][T11914] file_mapped 425984 [ 1730.902332][T11914] file_dirty 0 [ 1730.902332][T11914] file_writeback 0 [ 1730.902332][T11914] swapcached 0 [ 1730.902332][T11914] anon_thp 0 [ 1730.902332][T11914] file_thp 0 [ 1730.902332][T11914] shmem_thp 0 [ 1730.902332][T11914] inactive_anon 10412032 [ 1730.902332][T11914] active_anon 147456 [ 1730.902332][T11914] inactive_file 0 [ 1730.902332][T11914] active_file 73728 [ 1730.902332][T11914] unevictable 0 [ 1730.902332][T11914] slab_reclaimable 158112 [ 1730.902332][T11914] slab_unreclaimable 100936 [ 1730.902332][T11914] slab 259048 [ 1730.902332][T11914] workingset_refault_anon 0 [ 1730.902332][T11914] workingset_refault_file 0 [ 1730.902332][T11914] workingset_activate_anon 0 [ 1730.902332][T11914] workingset_activate_file 0 [ 1730.902332][T11914] workingset_restore_anon 0 [ 1730.902332][T11914] workingset_restore_file 0 [ 1730.902332][T11914] workingset_nodereclaim 0 [ 1730.902332][T11914] pgscan 5232 [ 1730.902332][T11914] pgsteal 98 [ 1730.902332][T11914] pgscan_kswapd 0 [ 1730.902332][T11914] pgscan_direct 5232 [ 1730.902332][T11914] pgscan_khugepaged 0 [ 1730.902332][T11914] pgsteal_kswapd 0 [ 1730.902332][T11914] pgsteal_direct 98 [ 1730.902332][T11914] pgsteal_khugepaged 0 [ 1730.902332][T11914] pgfault 231347 [ 1730.902332][T11914] pgmajfault 2 [ 1730.902332][T11914] pgrefill 1576 [ 1730.902332][T11914] pgactivate 5134 [ 1730.902332][T11914] pgdeactivate 0 [ 1730.902332][T11914] pglazyfree 0 [ 1730.902332][T11914] pglazyfreed 0 [ 1730.902332][T11914] zswpin 0 [ 1730.902332][T11914] zswpout 0 [ 1731.087119][T11914] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11900,uid=0 [ 1731.102685][T11914] Memory cgroup out of memory: Killed process 11900 (syz-executor.1) total-vm:54672kB, anon-rss:504kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 1731.299098][T11902] binder: 11891:11902 ioctl c0306201 20001480 returned -14 [ 1731.322494][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1731.335781][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:19 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1731.417172][ T5146] Bluetooth: hci0: command 0x040f tx timeout 01:38:19 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:19 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1731.581225][T11803] syz-executor.1 invoked oom-killer: gfp_mask=0xc40(GFP_NOFS), order=0, oom_score_adj=0 [ 1731.603020][T11920] binder: 11919:11920 ioctl c0306201 20000080 returned -14 [ 1731.702247][T11803] CPU: 1 PID: 11803 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1731.712232][T11803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1731.722348][T11803] Call Trace: [ 1731.725665][T11803] [ 1731.728627][T11803] dump_stack_lvl+0x136/0x150 [ 1731.733391][T11803] dump_header+0x10a/0xd70 [ 1731.737966][T11803] oom_kill_process+0x25d/0x600 [ 1731.742878][T11803] out_of_memory+0x35c/0x1650 [ 1731.747602][T11803] ? find_held_lock+0x2d/0x110 [ 1731.752420][T11803] ? oom_killer_disable+0x2b0/0x2b0 [ 1731.757682][T11803] ? rcu_read_unlock+0x9/0x60 [ 1731.762410][T11803] ? find_held_lock+0x2d/0x110 [ 1731.767212][T11803] mem_cgroup_out_of_memory+0x206/0x270 [ 1731.772808][T11803] ? mem_cgroup_margin+0x130/0x130 [ 1731.777958][T11803] ? lock_downgrade+0x690/0x690 [ 1731.782877][T11803] try_charge_memcg+0xf99/0x13a0 [ 1731.787859][T11803] ? mem_cgroup_handle_over_high+0x520/0x520 [ 1731.793874][T11803] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 1731.799634][T11803] ? lock_downgrade+0x690/0x690 [ 1731.804536][T11803] ? trace_lock_acquire+0x12d/0x180 [ 1731.809787][T11803] ? get_mem_cgroup_from_objcg+0x159/0x280 [ 1731.815622][T11803] ? lock_acquire+0x32/0xc0 [ 1731.820186][T11803] obj_cgroup_charge+0x2af/0x5e0 [ 1731.825162][T11803] ? ext4_alloc_inode+0x28/0x680 [ 1731.830169][T11803] kmem_cache_alloc_lru+0x142/0x600 [ 1731.835408][T11803] ? ext4_free_in_core_inode+0xb0/0xb0 [ 1731.840896][T11803] ext4_alloc_inode+0x28/0x680 [ 1731.845686][T11803] ? ext4_free_in_core_inode+0xb0/0xb0 [ 1731.851173][T11803] alloc_inode+0x61/0x230 [ 1731.855554][T11803] iget_locked+0x1bb/0x660 [ 1731.860016][T11803] __ext4_iget+0x3b2/0x4430 [ 1731.864629][T11803] ? ext4_get_projid+0x190/0x190 [ 1731.869589][T11803] ? ext4_fname_prepare_lookup+0x163/0x200 [ 1731.875461][T11803] ? ext4_fname_setup_filename+0x110/0x110 [ 1731.881300][T11803] ? rcu_is_watching+0x12/0xb0 [ 1731.886106][T11803] ext4_lookup+0x387/0x700 [ 1731.892243][T11803] ? ext4_resetent+0x2e0/0x2e0 [ 1731.897045][T11803] __lookup_slow+0x24c/0x460 [ 1731.901692][T11803] ? __lookup_hash+0x180/0x180 [ 1731.906496][T11803] ? lock_sync+0x190/0x190 [ 1731.910950][T11803] ? walk_component+0x332/0x5a0 [ 1731.915924][T11803] ? lock_acquire+0x32/0xc0 [ 1731.920454][T11803] ? walk_component+0x332/0x5a0 [ 1731.925362][T11803] walk_component+0x33f/0x5a0 [ 1731.930076][T11803] path_lookupat+0x1ba/0x840 [ 1731.934701][T11803] filename_lookup+0x1d2/0x590 [ 1731.939510][T11803] ? may_linkat+0x3b0/0x3b0 [ 1731.944152][T11803] ? __might_fault+0xe2/0x190 [ 1731.948891][T11803] ? __phys_addr_symbol+0x30/0x70 [ 1731.954016][T11803] ? __check_object_size+0x333/0x6e0 [ 1731.959333][T11803] ? strncpy_from_user+0x28b/0x3d0 [ 1731.964552][T11803] ? getname_flags.part.0+0x1dd/0x4f0 [ 1731.969966][T11803] user_path_at_empty+0x46/0x60 [ 1731.974868][T11803] __x64_sys_umount+0xfc/0x190 [ 1731.979665][T11803] ? path_umount+0x10b0/0x10b0 [ 1731.984470][T11803] ? syscall_enter_from_user_mode+0x26/0x80 [ 1731.990398][T11803] do_syscall_64+0x39/0xb0 [ 1731.994861][T11803] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1732.001738][T11803] RIP: 0033:0x7fe6a4c8d567 [ 1732.006176][T11803] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1732.025834][T11803] RSP: 002b:00007fffb19ae068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1732.034274][T11803] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007fe6a4c8d567 [ 1732.042267][T11803] RDX: 00007fffb19ae13c RSI: 000000000000000a RDI: 00007fffb19ae130 01:38:20 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1732.050276][T11803] RBP: 00007fffb19ae130 R08: 00000000ffffffff R09: 00007fffb19adf00 [ 1732.058280][T11803] R10: 00005555565bf853 R11: 0000000000000246 R12: 00007fe6a4ce6b74 [ 1732.066283][T11803] R13: 00007fffb19af1f0 R14: 00005555565bf810 R15: 00007fffb19af230 [ 1732.074308][T11803] [ 1732.115708][T11922] binder: 11921:11922 unknown command 0 [ 1732.117478][T11920] binder: 11919:11920 ioctl c0306201 0 returned -14 [ 1732.128178][T11803] memory: usage 10424kB, limit 0kB, failcnt 19 [ 1732.135282][T11803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1732.181991][T11803] Memory cgroup stats for /syz1: [ 1732.182652][T11803] anon 40960 [ 1732.182652][T11803] file 10416128 [ 1732.182652][T11803] kernel 147456 [ 1732.182652][T11803] kernel_stack 0 [ 1732.182652][T11803] pagetables 8192 [ 1732.182652][T11803] sec_pagetables 0 [ 1732.182652][T11803] percpu 64 [ 1732.182652][T11803] sock 0 [ 1732.182652][T11803] vmalloc 0 [ 1732.182652][T11803] shmem 10412032 [ 1732.182652][T11803] zswap 0 [ 1732.182652][T11803] zswapped 0 [ 1732.182652][T11803] file_mapped 425984 [ 1732.182652][T11803] file_dirty 0 [ 1732.182652][T11803] file_writeback 0 [ 1732.182652][T11803] swapcached 0 [ 1732.182652][T11803] anon_thp 0 [ 1732.182652][T11803] file_thp 0 [ 1732.182652][T11803] shmem_thp 0 [ 1732.182652][T11803] inactive_anon 10412032 [ 1732.182652][T11803] active_anon 40960 [ 1732.182652][T11803] inactive_file 0 [ 1732.182652][T11803] active_file 73728 [ 1732.182652][T11803] unevictable 0 [ 1732.182652][T11803] slab_reclaimable 72080 [ 1732.182652][T11803] slab_unreclaimable 49024 [ 1732.182652][T11803] slab 121104 [ 1732.182652][T11803] workingset_refault_anon 0 [ 1732.182652][T11803] workingset_refault_file 0 [ 1732.182652][T11803] workingset_activate_anon 0 [ 1732.182652][T11803] workingset_activate_file 0 [ 1732.182652][T11803] workingset_restore_anon 0 [ 1732.182652][T11803] workingset_restore_file 0 [ 1732.182652][T11803] workingset_nodereclaim 0 [ 1732.182652][T11803] pgscan 5880 [ 1732.182652][T11803] pgsteal 98 [ 1732.182652][T11803] pgscan_kswapd 0 [ 1732.182652][T11803] pgscan_direct 5880 [ 1732.182652][T11803] pgscan_khugepaged 0 [ 1732.182652][T11803] pgsteal_kswapd 0 [ 1732.182652][T11803] pgsteal_direct 98 [ 1732.182652][T11803] pgsteal_khugepaged 0 [ 1732.182652][T11803] pgfault 231351 [ 1732.182652][T11803] pgmajfault 2 [ 1732.182652][T11803] pgrefill 1576 [ 1732.182652][T11803] pgactivate 5782 [ 1732.182652][T11803] pgdeactivate 0 [ 1732.182652][T11803] pglazyfree 0 [ 1732.182652][T11803] pglazyfreed 0 [ 1732.182652][T11803] zswpin 0 [ 1732.182652][T11803] zswpout 0 [ 1732.182652][T11803] thp_fault_alloc 0 [ 1732.374856][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1732.386430][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1732.406188][T11922] binder: 11921:11922 ioctl c0306201 20000080 returned -22 [ 1732.430305][T11926] binder: 11921:11926 ioctl c0306201 0 returned -14 [ 1732.438052][T11920] binder: 11919:11920 ioctl c0306201 20001480 returned -14 [ 1732.500606][T11803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11803,uid=0 [ 1732.525279][T11803] Memory cgroup out of memory: Killed process 11803 (syz-executor.1) total-vm:50568kB, anon-rss:364kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:0 01:38:20 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:20 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1732.600845][T11922] binder: 11921:11922 ioctl c0306201 20001480 returned -14 01:38:20 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1732.761963][T11936] binder: 11935:11936 unknown command 0 [ 1732.788142][T11938] binder: 11934:11938 unknown command 0 [ 1732.812446][T11936] binder: 11935:11936 ioctl c0306201 20000080 returned -22 [ 1732.830889][T11938] binder: 11934:11938 ioctl c0306201 20000080 returned -22 [ 1732.881116][T11938] binder: 11934:11938 ioctl c0306201 0 returned -14 [ 1732.974080][T11936] binder: 11935:11936 ioctl c0306201 0 returned -14 [ 1732.998867][T11943] binder: 11934:11943 ioctl c0306201 20001480 returned -14 01:38:21 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1733.088283][T11946] binder: 11935:11946 ioctl c0306201 20001480 returned -14 [ 1733.246777][T11948] binder: 11947:11948 unknown command 0 [ 1733.295348][T11948] binder: 11947:11948 ioctl c0306201 20000080 returned -22 [ 1733.352717][ T29] oom_reaper: reaped process 11914 (syz-executor.2), now anon-rss:0kB, file-rss:8132kB, shmem-rss:0kB [ 1733.380144][T11948] binder: 11947:11948 ioctl c0306201 0 returned -14 01:38:21 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) getrlimit(0x0, &(0x7f00000000c0)) write$cgroup_int(r7, &(0x7f0000000080), 0x12) [ 1733.451874][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:21 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1733.583238][T11951] binder: 11947:11951 ioctl c0306201 20001480 returned -14 [ 1733.867067][T11958] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1733.877410][T11958] CPU: 0 PID: 11958 Comm: syz-executor.2 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1733.887346][T11958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1733.897430][T11958] Call Trace: [ 1733.900732][T11958] [ 1733.903681][T11958] dump_stack_lvl+0x136/0x150 [ 1733.908409][T11958] dump_header+0x10a/0xd70 [ 1733.913651][T11958] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 1733.919771][T11958] out_of_memory+0xd6c/0x1650 [ 1733.924523][T11958] ? oom_killer_disable+0x2b0/0x2b0 [ 1733.929781][T11958] ? kernfs_notify+0x1ac/0x410 [ 1733.934592][T11958] ? find_held_lock+0x2d/0x110 [ 1733.939409][T11958] mem_cgroup_out_of_memory+0x206/0x270 [ 1733.945003][T11958] ? mem_cgroup_margin+0x130/0x130 [ 1733.950167][T11958] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 1733.956021][T11958] memory_max_write+0x2f9/0x3c0 [ 1733.960920][T11958] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1733.967035][T11958] ? lock_sync+0x190/0x190 [ 1733.971495][T11958] cgroup_file_write+0x1e2/0x7b0 [ 1733.976478][T11958] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1733.982620][T11958] ? kill_css+0x3b0/0x3b0 [ 1733.986980][T11958] ? lock_acquire+0x32/0xc0 [ 1733.991536][T11958] ? kill_css+0x3b0/0x3b0 [ 1733.995905][T11958] kernfs_fop_write_iter+0x3f1/0x600 [ 1734.001234][T11958] vfs_write+0x9f6/0xe20 [ 1734.005625][T11958] ? kernel_write+0x670/0x670 [ 1734.010441][T11958] ? receive_fd+0x110/0x110 [ 1734.014992][T11958] ? __fget_files+0x26a/0x480 [ 1734.019729][T11958] ksys_write+0x12b/0x250 [ 1734.024104][T11958] ? __ia32_sys_read+0xb0/0xb0 [ 1734.028924][T11958] ? syscall_enter_from_user_mode+0x26/0x80 [ 1734.034873][T11958] do_syscall_64+0x39/0xb0 [ 1734.039335][T11958] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1734.045268][T11958] RIP: 0033:0x7fae5b88c0f9 [ 1734.049817][T11958] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1734.069573][T11958] RSP: 002b:00007fae5a3bc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1734.078024][T11958] RAX: ffffffffffffffda RBX: 00007fae5b9ac120 RCX: 00007fae5b88c0f9 [ 1734.086017][T11958] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 000000000000000a [ 1734.094117][T11958] RBP: 00007fae5b8e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1734.102129][T11958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1734.110146][T11958] R13: 00007ffc9999747f R14: 00007fae5a3bc300 R15: 0000000000022000 [ 1734.118185][T11958] [ 1734.121346][T11958] memory: usage 10352kB, limit 0kB, failcnt 36 [ 1734.127726][T11958] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1734.134696][T11958] Memory cgroup stats for /syz1: [ 1734.135680][T11958] anon 0 [ 1734.135680][T11958] file 10416128 [ 1734.135680][T11958] kernel 114688 [ 1734.135680][T11958] kernel_stack 0 [ 1734.135680][T11958] pagetables 0 [ 1734.135680][T11958] sec_pagetables 0 [ 1734.135680][T11958] percpu 0 [ 1734.135680][T11958] sock 0 [ 1734.135680][T11958] vmalloc 0 [ 1734.135680][T11958] shmem 10412032 [ 1734.135680][T11958] zswap 0 [ 1734.135680][T11958] zswapped 0 [ 1734.135680][T11958] file_mapped 425984 [ 1734.135680][T11958] file_dirty 0 [ 1734.135680][T11958] file_writeback 0 [ 1734.135680][T11958] swapcached 0 [ 1734.135680][T11958] anon_thp 0 [ 1734.135680][T11958] file_thp 0 [ 1734.135680][T11958] shmem_thp 0 [ 1734.135680][T11958] inactive_anon 10412032 [ 1734.135680][T11958] active_anon 0 [ 1734.135680][T11958] inactive_file 0 [ 1734.135680][T11958] active_file 73728 [ 1734.135680][T11958] unevictable 0 [ 1734.135680][T11958] slab_reclaimable 71696 [ 1734.135680][T11958] slab_unreclaimable 37112 [ 1734.135680][T11958] slab 108808 [ 1734.135680][T11958] workingset_refault_anon 0 [ 1734.135680][T11958] workingset_refault_file 0 [ 1734.135680][T11958] workingset_activate_anon 0 [ 1734.135680][T11958] workingset_activate_file 0 [ 1734.135680][T11958] workingset_restore_anon 0 [ 1734.135680][T11958] workingset_restore_file 0 [ 1734.135680][T11958] workingset_nodereclaim 0 [ 1734.135680][T11958] pgscan 7068 [ 1734.135680][T11958] pgsteal 98 [ 1734.135680][T11958] pgscan_kswapd 0 [ 1734.135680][T11958] pgscan_direct 7068 [ 1734.135680][T11958] pgscan_khugepaged 0 [ 1734.135680][T11958] pgsteal_kswapd 0 [ 1734.135680][T11958] pgsteal_direct 98 [ 1734.135680][T11958] pgsteal_khugepaged 0 [ 1734.135680][T11958] pgfault 231351 [ 1734.135680][T11958] pgmajfault 2 [ 1734.135680][T11958] pgrefill 1576 [ 1734.135680][T11958] pgactivate 6970 [ 1734.135680][T11958] pgdeactivate 0 [ 1734.135680][T11958] pglazyfree 0 [ 1734.135680][T11958] pglazyfreed 0 [ 1734.135680][T11958] zswpin 0 [ 1734.135680][T11958] zswpout 0 [ 1734.135680][T11958] thp_fault_alloc 0 [ 1734.323240][T11958] Out of memory and no killable processes... 01:38:23 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) getrlimit(0x0, &(0x7f00000000c0)) write$cgroup_int(r7, &(0x7f0000000080), 0x12) 01:38:23 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:23 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1734.864872][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1734.894542][T11956] binder: 11954:11956 unknown command 0 [ 1734.907017][T11956] binder: 11954:11956 ioctl c0306201 20000080 returned -22 [ 1734.937986][T11956] binder: 11954:11956 ioctl c0306201 0 returned -14 [ 1735.017366][ T75] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1735.026113][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1735.034816][T21006] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1735.092580][T11964] binder: 11954:11964 ioctl c0306201 20001480 returned -14 [ 1735.184346][T11969] binder: 11968:11969 unknown command 0 [ 1735.277111][T11969] binder: 11968:11969 ioctl c0306201 20000080 returned -22 [ 1735.307728][T11971] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1735.318035][T11971] CPU: 1 PID: 11971 Comm: syz-executor.2 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1735.327992][T11971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1735.338094][T11971] Call Trace: [ 1735.341426][T11971] [ 1735.344416][T11971] dump_stack_lvl+0x136/0x150 [ 1735.349144][T11971] dump_header+0x10a/0xd70 [ 1735.353609][T11971] ? mem_cgroup_print_oom_meminfo+0x440/0x440 [ 1735.359728][T11971] out_of_memory+0xd6c/0x1650 [ 1735.364548][T11971] ? oom_killer_disable+0x2b0/0x2b0 [ 1735.370060][T11971] ? kernfs_notify+0x1ac/0x410 [ 1735.374877][T11971] ? find_held_lock+0x2d/0x110 [ 1735.379693][T11971] mem_cgroup_out_of_memory+0x206/0x270 [ 1735.385281][T11971] ? mem_cgroup_margin+0x130/0x130 [ 1735.390447][T11971] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 1735.396321][T11971] memory_max_write+0x2f9/0x3c0 [ 1735.401218][T11971] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1735.407443][T11971] ? lock_sync+0x190/0x190 [ 1735.411991][T11971] cgroup_file_write+0x1e2/0x7b0 [ 1735.417025][T11971] ? mem_cgroup_force_empty_write+0x160/0x160 [ 1735.423334][T11971] ? kill_css+0x3b0/0x3b0 [ 1735.427695][T11971] ? lock_acquire+0x32/0xc0 [ 1735.432249][T11971] ? kill_css+0x3b0/0x3b0 [ 1735.436617][T11971] kernfs_fop_write_iter+0x3f1/0x600 [ 1735.441956][T11971] vfs_write+0x9f6/0xe20 [ 1735.446249][T11971] ? kernel_write+0x670/0x670 [ 1735.450969][T11971] ? receive_fd+0x110/0x110 [ 1735.455519][T11971] ? __fget_files+0x26a/0x480 [ 1735.460269][T11971] ksys_write+0x12b/0x250 [ 1735.464642][T11971] ? __ia32_sys_read+0xb0/0xb0 [ 1735.469467][T11971] ? syscall_enter_from_user_mode+0x26/0x80 [ 1735.475404][T11971] do_syscall_64+0x39/0xb0 [ 1735.479862][T11971] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1735.485793][T11971] RIP: 0033:0x7fae5b88c0f9 [ 1735.490235][T11971] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1735.509871][T11971] RSP: 002b:00007fae5a3bc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1735.518323][T11971] RAX: ffffffffffffffda RBX: 00007fae5b9ac120 RCX: 00007fae5b88c0f9 [ 1735.526329][T11971] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 000000000000000a [ 1735.534323][T11971] RBP: 00007fae5b8e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1735.542316][T11971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1735.550312][T11971] R13: 00007ffc9999747f R14: 00007fae5a3bc300 R15: 0000000000022000 [ 1735.558332][T11971] [ 1735.566721][T11971] memory: usage 10352kB, limit 0kB, failcnt 36 [ 1735.573242][T11971] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1735.581290][T11971] Memory cgroup stats for /syz1: [ 1735.581906][T11971] anon 0 [ 1735.581906][T11971] file 10416128 [ 1735.581906][T11971] kernel 114688 [ 1735.581906][T11971] kernel_stack 0 [ 1735.581906][T11971] pagetables 0 [ 1735.581906][T11971] sec_pagetables 0 [ 1735.581906][T11971] percpu 0 [ 1735.581906][T11971] sock 0 [ 1735.581906][T11971] vmalloc 0 [ 1735.581906][T11971] shmem 10412032 [ 1735.581906][T11971] zswap 0 [ 1735.581906][T11971] zswapped 0 [ 1735.581906][T11971] file_mapped 425984 [ 1735.581906][T11971] file_dirty 4096 [ 1735.581906][T11971] file_writeback 0 [ 1735.581906][T11971] swapcached 0 [ 1735.581906][T11971] anon_thp 0 [ 1735.581906][T11971] file_thp 0 [ 1735.581906][T11971] shmem_thp 0 [ 1735.581906][T11971] inactive_anon 10412032 [ 1735.581906][T11971] active_anon 0 [ 1735.581906][T11971] inactive_file 0 [ 1735.581906][T11971] active_file 73728 [ 1735.581906][T11971] unevictable 0 [ 1735.581906][T11971] slab_reclaimable 71696 [ 1735.581906][T11971] slab_unreclaimable 37112 [ 1735.581906][T11971] slab 108808 [ 1735.581906][T11971] workingset_refault_anon 0 [ 1735.581906][T11971] workingset_refault_file 0 [ 1735.581906][T11971] workingset_activate_anon 0 [ 1735.581906][T11971] workingset_activate_file 0 [ 1735.581906][T11971] workingset_restore_anon 0 [ 1735.581906][T11971] workingset_restore_file 0 [ 1735.581906][T11971] workingset_nodereclaim 0 [ 1735.581906][T11971] pgscan 7612 [ 1735.581906][T11971] pgsteal 98 [ 1735.581906][T11971] pgscan_kswapd 0 [ 1735.581906][T11971] pgscan_direct 7612 [ 1735.581906][T11971] pgscan_khugepaged 0 [ 1735.581906][T11971] pgsteal_kswapd 0 [ 1735.581906][T11971] pgsteal_direct 98 [ 1735.581906][T11971] pgsteal_khugepaged 0 [ 1735.581906][T11971] pgfault 231351 [ 1735.581906][T11971] pgmajfault 2 [ 1735.581906][T11971] pgrefill 1639 [ 1735.581906][T11971] pgactivate 7514 [ 1735.581906][T11971] pgdeactivate 0 [ 1735.581906][T11971] pglazyfree 0 [ 1735.581906][T11971] pglazyfreed 0 [ 1735.581906][T11971] zswpin 0 [ 1735.581906][T11971] zswpout 0 [ 1735.581906][T11971] thp_fault_alloc 0 [ 1735.771987][T11971] Out of memory and no killable processes... [ 1735.807419][ T1216] ieee802154 phy0 wpan0: encryption failed: -22 [ 1735.839333][ T1216] ieee802154 phy1 wpan1: encryption failed: -22 [ 1736.312823][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1736.381566][T11969] binder: 11968:11969 ioctl c0306201 0 returned -14 [ 1736.496390][T11972] binder: 11968:11972 ioctl c0306201 20001480 returned -14 01:38:24 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:24 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) shmctl$IPC_STAT(0x0, 0x2, &(0x7f00000026c0)=""/103) 01:38:24 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:24 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:24 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:24 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x6, 0x8, &(0x7f00000000c0), 0x4) [ 1736.744349][T11985] binder: 11978:11985 unknown command 0 [ 1736.751005][T11987] binder: 11980:11987 unknown command 0 [ 1736.769727][T11987] binder: 11980:11987 ioctl c0306201 20000080 returned -22 [ 1736.778970][T11985] binder: 11978:11985 ioctl c0306201 20000080 returned -22 [ 1736.826247][T11985] binder: 11978:11985 ioctl c0306201 0 returned -14 [ 1736.834303][T11987] binder: 11980:11987 ioctl c0306201 0 returned -14 01:38:25 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1736.967982][T11985] binder: 11978:11985 ioctl c0306201 20001480 returned -14 [ 1737.009566][T11993] binder: 11980:11993 ioctl c0306201 20001480 returned -14 01:38:25 executing program 2: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "f5474442386ab1cc8404adb8b1acd5b2b40ca936bd28d17435bff7bb87e9313dd50e3812839ad931f244ca39c23300aaf26681d874ece19ad3fefb2a567cc9c5"}, 0x48, 0xfffffffffffffffd) keyctl$chown(0x3, r0, 0x0, 0xee01) [ 1737.090387][ T7246] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 01:38:25 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1737.345227][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:25 executing program 2: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "f5474442386ab1cc8404adb8b1acd5b2b40ca936bd28d17435bff7bb87e9313dd50e3812839ad931f244ca39c23300aaf26681d874ece19ad3fefb2a567cc9c5"}, 0x48, 0xfffffffffffffffd) keyctl$chown(0x3, r0, 0x0, 0xee01) [ 1737.445486][T12006] binder: 12005:12006 unknown command 0 [ 1737.495082][T12006] binder: 12005:12006 ioctl c0306201 20000080 returned -22 [ 1737.531068][ T7246] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 01:38:25 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1737.584897][T12006] binder: 12005:12006 ioctl c0306201 0 returned -14 01:38:25 executing program 2: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "f5474442386ab1cc8404adb8b1acd5b2b40ca936bd28d17435bff7bb87e9313dd50e3812839ad931f244ca39c23300aaf26681d874ece19ad3fefb2a567cc9c5"}, 0x48, 0xfffffffffffffffd) keyctl$chown(0x3, r0, 0x0, 0xee01) [ 1737.675205][T12007] binder: 12005:12007 ioctl c0306201 20001480 returned -14 [ 1737.775937][T12012] binder: 12009:12012 unknown command 0 [ 1737.838648][T12012] binder: 12009:12012 ioctl c0306201 20000080 returned -22 [ 1737.897879][T12012] binder: 12009:12012 ioctl c0306201 0 returned -14 01:38:26 executing program 2: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "f5474442386ab1cc8404adb8b1acd5b2b40ca936bd28d17435bff7bb87e9313dd50e3812839ad931f244ca39c23300aaf26681d874ece19ad3fefb2a567cc9c5"}, 0x48, 0xfffffffffffffffd) keyctl$chown(0x3, r0, 0x0, 0xee01) [ 1737.976059][T12015] binder: BINDER_SET_CONTEXT_MGR already set [ 1737.984560][T12015] binder: 12009:12015 ioctl 4018620d 20000100 returned -16 [ 1738.035123][T12019] binder: 12009:12019 ioctl c0306201 20001480 returned -14 [ 1738.084425][T21006] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1738.107491][ T7246] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 01:38:26 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:26 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:26 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:26 executing program 2: syz_open_dev$vcsa(&(0x7f0000000200), 0x0, 0x2b00) 01:38:26 executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(r0, &(0x7f00000041c0)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4000800) [ 1738.297127][ T7246] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.349106][T12026] binder: 12021:12026 unknown command 25348 [ 1738.367343][T12026] binder: 12021:12026 ioctl c0306201 20000080 returned -22 [ 1738.436199][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1738.458763][T12026] binder: 12021:12026 ioctl c0306201 0 returned -14 [ 1738.518273][T12032] binder: BINDER_SET_CONTEXT_MGR already set [ 1738.525127][T12032] binder: 12021:12032 ioctl 4018620d 20000100 returned -16 [ 1738.545790][T12032] binder: 12021:12032 ioctl c0306201 20001480 returned -14 [ 1739.497892][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1740.343320][ T7246] hsr_slave_0: left promiscuous mode [ 1740.349708][ T7246] hsr_slave_1: left promiscuous mode [ 1740.355949][ T7246] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1740.364050][ T7246] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1740.374141][ T7246] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1740.382469][ T7246] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1740.401175][ T7246] bridge_slave_1: left allmulticast mode [ 1740.413541][ T7246] bridge_slave_1: left promiscuous mode [ 1740.422276][ T7246] bridge0: port 2(bridge_slave_1) entered disabled state [ 1740.445289][ T7246] bridge_slave_0: left allmulticast mode [ 1740.453718][ T7246] bridge_slave_0: left promiscuous mode [ 1740.471597][ T7246] bridge0: port 1(bridge_slave_0) entered disabled state [ 1740.491703][ T7246] veth1_macvtap: left promiscuous mode [ 1740.498091][ T7246] veth0_macvtap: left promiscuous mode [ 1740.503756][ T7246] veth1_vlan: left promiscuous mode [ 1740.519009][ T7246] veth0_vlan: left promiscuous mode [ 1740.537524][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1740.777696][ T7291] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1740.788166][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1740.796460][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1740.815086][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1741.045616][ T7246] team0 (unregistering): Port device team_slave_1 removed [ 1741.084333][ T7246] team0 (unregistering): Port device team_slave_0 removed [ 1741.108282][T25900] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1741.122633][T25900] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1741.123605][ T7246] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1741.138677][T11804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1741.145809][T11804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1741.157904][T11804] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1741.166170][T11804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1741.195007][ T7246] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1741.285093][ T7246] bond0 (unregistering): Released all slaves [ 1741.371670][T12066] lo speed is unknown, defaulting to 1000 [ 1741.577592][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1741.776240][T12066] chnl_net:caif_netlink_parms(): no params data found [ 1741.886190][T12066] bridge0: port 1(bridge_slave_0) entered blocking state [ 1741.894876][T12066] bridge0: port 1(bridge_slave_0) entered disabled state [ 1741.936307][T12066] bridge_slave_0: entered allmulticast mode [ 1741.945140][T12066] bridge_slave_0: entered promiscuous mode [ 1741.977957][T12066] bridge0: port 2(bridge_slave_1) entered blocking state [ 1741.985233][T12066] bridge0: port 2(bridge_slave_1) entered disabled state [ 1741.998861][T12066] bridge_slave_1: entered allmulticast mode [ 1742.013797][T12066] bridge_slave_1: entered promiscuous mode [ 1742.083143][T12066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1742.105804][T12066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1742.209187][T12066] team0: Port device team_slave_0 added [ 1742.223995][T12066] team0: Port device team_slave_1 added [ 1742.296972][T12066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1742.303989][T12066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1742.367090][T12066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1742.395559][T12066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1742.417048][T12066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1742.480912][T12066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1742.584777][T12066] hsr_slave_0: entered promiscuous mode [ 1742.597950][T12066] hsr_slave_1: entered promiscuous mode [ 1742.622733][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1743.257112][T11804] Bluetooth: hci0: command 0x0409 tx timeout [ 1743.657249][T30824] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1743.837029][T21005] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1744.243314][T12066] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1744.254058][T12066] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1744.265011][T12066] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1744.286329][T12066] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1744.452612][T12066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1744.488734][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1744.496800][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1744.510145][T12066] 8021q: adding VLAN 0 to HW filter on device team0 [ 1744.533133][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1744.552541][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1744.566193][T21005] bridge0: port 1(bridge_slave_0) entered blocking state [ 1744.573428][T21005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1744.615292][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1744.629565][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1744.639447][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1744.649030][T11575] bridge0: port 2(bridge_slave_1) entered blocking state [ 1744.656182][T11575] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1744.664650][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1744.674173][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1744.698521][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1744.700877][T30828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1744.710401][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1744.733102][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1744.748973][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1744.775589][T12066] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1744.803196][T12066] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1744.827699][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1744.836009][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1744.845467][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1744.854841][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1744.864113][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1744.876430][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1745.222100][T30828] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1745.231042][T30828] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1745.244985][T12066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1745.274232][T30828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1745.283890][T30828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1745.319376][T30828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1745.328596][T30828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1745.337359][T11804] Bluetooth: hci0: command 0x041b tx timeout [ 1745.348115][T12066] veth0_vlan: entered promiscuous mode [ 1745.361513][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1745.370303][T30826] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1745.381543][T12066] veth1_vlan: entered promiscuous mode [ 1745.411222][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1745.428421][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1745.445314][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1745.455653][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1745.474501][T12066] veth0_macvtap: entered promiscuous mode [ 1745.488005][T12066] veth1_macvtap: entered promiscuous mode [ 1745.501949][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1745.511805][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1745.530666][T12066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1745.551016][T12066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1745.562143][T12066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1745.572818][T12066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1745.586805][T12066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1745.602192][T12066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1745.615823][T12066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1745.625576][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1745.635529][ T4747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1745.647574][T12066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1745.662316][T12066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1745.672992][T12066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1745.683980][T12066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1745.694232][T12066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1745.705474][T12066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1745.728984][T12066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1745.741855][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1745.747006][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1745.751583][T11575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1745.773852][T12066] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1745.784226][T12066] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1745.793443][T12066] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1745.803035][T12066] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1745.975288][ T7291] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1746.007765][ T7291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1746.081323][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1746.102549][ T7291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1746.124255][ T7291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1746.165188][T21005] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1746.789094][T30828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1746.883249][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:35 executing program 2: keyctl$chown(0x9, 0x0, 0x0, 0xffffffffffffffff) 01:38:35 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:35 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:35 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:35 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:35 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1747.350116][T12171] binder: 12166:12171 unknown command 0 [ 1747.361057][T12173] binder: 12170:12173 unknown command 25348 [ 1747.377765][T12171] binder: 12166:12171 ioctl c0306201 20000080 returned -22 [ 1747.395964][T12173] binder: 12170:12173 ioctl c0306201 20000080 returned -22 [ 1747.416964][T11804] Bluetooth: hci0: command 0x040f tx timeout [ 1747.425442][T12171] binder: 12166:12171 ioctl c0306201 0 returned -14 [ 1747.433964][T12173] binder: 12170:12173 ioctl c0306201 0 returned -14 01:38:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x6, 0x25, &(0x7f00000000c0), 0x4) [ 1747.543278][T12179] binder: 12166:12179 ioctl c0306201 20001480 returned -14 [ 1747.552622][T12180] binder: 12170:12180 ioctl c0306201 20001480 returned -14 01:38:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x6, 0x1e, &(0x7f00000000c0), 0x4) 01:38:35 executing program 2: syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f0000000280)=ANY=[@ANYBLOB="00a3d9feb86e02e3b0bd5e574a822aa023067085aaf7e64385f44f1f7a3d05000000003c6de6ff0000ffdde116534a3e5390789d23a98b18f63042a868b679d93c646500b71c539601000000af70a9e8378a4dff15e4a14b1474add9a93fb480c1049542545a4b4b14d2feff8ec15164ffffba586557115ae1b2470afad956ca05000000e646ef7b00e68b71686f76f966c6f8bcbad4030fa2f87bae1c91858f33e78fd1da66212b8aedf818fea039932b8d5f454cd1214a597a12b1109c3c0bd1c3f8c02f1bc702d7359eb8be446f88b77ce92c3d943828ece9eef54e10c2b4d66fb887ed9e56e2fba8a20f3443c9c30d40c4dd0676821801a86d47e49a3dc6570ce5feb7d4c9ab5c4cc09ba9ae6276845ff55c7fdaab25776eddde89a291ebdadb122182564d38cae5597ef4d5a263415fdfe08e7dee339da4a49e99fcf977ee0d5395982f374f3802e1cf12c5849a07af1ab0e92c2d1f3316e10677569350f11a622cd46825ead30af283cbfbd18fdc1e1fc164b13cc164136a727f9a6d03cb6c067d2df577f8a0f657c102227e1c3bcf36a5c18cc22a8bf9f0bdbd82a4d9c2c8c95a2cd178c28499d5d0d2d36259f6a425c33a06810eafab5ef696d07f606d174b270d9b7f731d4f1640c29fab86b03a0e9735454868ad04e7482079b9738e8530bbfc717aaa67bee07ab665d40a72e423bfb25a1966ef2478b8599078acba7dc12378d2db23e724b1ed245c3f8e523d8e4ac32df8d91ccc1a0bb19779754e18123170d6a3644ad6f9ee83cc9e90058835b47440ec54c5df44526634aaa344891a762b45b280cd003ab626d2d1601be8ab39dd325ed104c0644e211d207e9707ff19dfc9673ccd8a2194affd3856922eccf0cefaffe8b16fe9a5ab7af13777b707fd380b13ef717c30ea64312d9a5cbe7c32b6461b198560c1b613e3af0d6b9afb9dc40039ba53d175dc1fbf733a4d3a02b07d82b2bd438f470e78ef04dadb8bea04a81218e6998f2240ffc035950442ae3bcd4396de17278df47cd3d6d924c767d0e4f40d657aa8d03ea097debf0582f52f468bbb89b34b6ab940f075494d4fb9c7cfe7bd1ef01b2815ec0920f6eaf35dd0a47d68be25b57b7a6d307278dc9859ebad481e309e1de415ef226947e1d808ba92eddd64672012f4803616d17c8692affacd597ff964364ea2fca4facbe1616db9a0a16428cae4fe89d6f19380254bc70e8c38b0a0e97b2d0ca980bf4832d746602dfbad76f8c149b258e4b4024b4c8d85b051c96e951ff43a7b684306433a4579b7eddc79040dfabe058bcf19c1a1b29f70a7bb705cc9665a5d8a9841c33caf1f146b4918b953a1612ab3da8d9a08085b7d51d0a0fe57713677db7f1977b43357f82a520094daf740605d646f3eb759edba795a241c83262e558255f120501eeb70fac1ebd4"], 0x1, 0x1ce, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZTmhkrbQPnNUHohlK64pb1uzSm/Myc9dbWWyTIztHpqy1fc0maEicml9hg1/GdgkGBmCE09sqi4sio7MScntah4IUPFreSkitMnGFiu219TaZbgdPgjz+GQpOmgw3TExyNrRmMJ5yQpTTE2tkyFs2c+yK9j0zjC8GgF88Y6z7zGusLUqXlpeUlVWVVZ8yZO3DizsbOxceXEuqg0v1WMLSkum5o6GZkctqgJbGY2VJ9koz3hXfuqh0kOrD3MUO8wXzJeWCR1akXVzAlflGYzGn5nuMNTtkJCQ8NJ4oqERYMJw5E62wZXkBNTGhjSFMIYk9TYxNq2nJkTwszP5rZAoSX5BFPoUY6lMyUsDghVnfxpqfnWIdFtxranDmxneA4f51lT0CdodFyCwWmh4H8ZkDEJDQ1lGmuZltou+FKk8VfCa7WxUwaDuz3TMliAsjSAyJVQnixYT0LyCg8dTU2jlOSEhk0SCUluBYbKDFv3cK4WaGBAijYVBgaG7YywuIWAazDGKBgFo2AUjIJRMApGwSgYBaNgFIyCEQEAAQAA//9OJJR8") [ 1747.837337][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1747.922240][T12198] loop2: detected capacity change from 0 to 8 [ 1748.030535][T12198] SQUASHFS error: zlib decompression failed, data probably corrupt [ 1748.067599][T12198] SQUASHFS error: Failed to read block 0xd: -5 [ 1748.081908][T12198] SQUASHFS error: Unable to read metadata cache entry [b] 01:38:36 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:36 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1748.127100][T12198] SQUASHFS error: Unable to read inode 0x127 [ 1748.284391][T12201] binder: 12200:12201 unknown command 25348 [ 1748.308581][T12202] binder: 12199:12202 unknown command 25348 01:38:36 executing program 2: symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 1748.337277][T12201] binder: 12200:12201 ioctl c0306201 20000080 returned -22 [ 1748.347898][T12202] binder: 12199:12202 ioctl c0306201 20000080 returned -22 [ 1748.398444][T12201] binder: 12200:12201 ioctl c0306201 0 returned -14 [ 1748.409200][T12202] binder: 12199:12202 ioctl c0306201 0 returned -14 [ 1748.451232][T12206] binder: 12200:12206 ioctl c0306201 20001480 returned -14 [ 1748.464912][T12207] binder: 12199:12207 ioctl c0306201 20001480 returned -14 01:38:36 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:36 executing program 2: pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000240)={0x5}, &(0x7f0000000280), 0x0) 01:38:36 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:36 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:37 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:37 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:37 executing program 2: creat(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) [ 1748.797285][T12216] binder: 12212:12216 unknown command 287492 [ 1748.835621][T12223] binder: 12221:12223 unknown command 25348 [ 1748.843605][T12216] binder: 12212:12216 ioctl c0306201 20000080 returned -22 [ 1748.875656][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1748.889872][T12223] binder: 12221:12223 ioctl c0306201 20000080 returned -22 [ 1748.967895][T12224] binder: 12212:12224 ioctl c0306201 0 returned -14 [ 1748.989714][T12223] binder: 12221:12223 ioctl c0306201 0 returned -14 [ 1749.036532][T12216] binder: 12212:12216 ioctl c0306201 20001480 returned -14 01:38:37 executing program 2: creat(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) [ 1749.120056][T12229] binder: BINDER_SET_CONTEXT_MGR already set [ 1749.143923][T12229] binder: 12221:12229 ioctl 4018620d 20000100 returned -16 [ 1749.259152][T12232] binder: 12221:12232 ioctl c0306201 20001480 returned -14 01:38:37 executing program 2: creat(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) [ 1749.496922][T11804] Bluetooth: hci0: command 0x0419 tx timeout 01:38:37 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:37 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:37 executing program 2: creat(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) [ 1749.718652][T12244] binder: 12243:12244 unknown command 287492 [ 1749.818904][T12244] binder: 12243:12244 ioctl c0306201 20000080 returned -22 [ 1749.839436][T12249] binder: 12247:12249 unknown command 25348 [ 1749.845385][T12249] binder: 12247:12249 ioctl c0306201 20000080 returned -22 01:38:38 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:38 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x0, r1, &(0x7f0000000000)="c3852e53afba", 0x6}]) [ 1749.898189][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1749.925378][T12248] binder: 12243:12248 ioctl c0306201 0 returned -14 [ 1749.943713][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:38 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1750.038268][T12244] binder: BINDER_SET_CONTEXT_MGR already set [ 1750.069167][T12249] binder: 12247:12249 ioctl c0306201 0 returned -14 [ 1750.087408][T12244] binder: 12243:12244 ioctl 4018620d 20000100 returned -16 [ 1750.110944][T12250] binder: 12243:12250 ioctl c0306201 20001480 returned -14 [ 1750.176573][T12255] binder: 12247:12255 ioctl c0306201 20001480 returned -14 01:38:38 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:38 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:38 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xeffdffffffffffff}]) [ 1750.377705][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1750.482935][T12274] binder: 12273:12274 unknown command 287492 01:38:38 executing program 2: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x940, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, 0x0) [ 1750.586202][T12274] binder: 12273:12274 ioctl c0306201 20000080 returned -22 01:38:38 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1750.647688][T12278] binder: 12273:12278 ioctl c0306201 0 returned -14 [ 1750.662496][T12274] binder: 12273:12274 ioctl c0306201 20001480 returned -14 01:38:38 executing program 2: r0 = socket(0x11, 0x2, 0x0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={0x0}}, 0x0) [ 1750.802187][T12286] binder: 12285:12286 unknown command 287492 01:38:39 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1750.894080][T12286] binder: 12285:12286 ioctl c0306201 20000080 returned -22 [ 1750.945092][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:39 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, 0x0, 0x48, 0x800000000000) [ 1751.019998][T12286] binder: 12285:12286 ioctl c0306201 0 returned -14 [ 1751.063148][T12292] binder: 12290:12292 ioctl c0306201 0 returned -14 [ 1751.199791][T12288] binder: 12285:12288 ioctl c0306201 20001480 returned -14 01:38:39 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1751.276085][T12294] binder: BINDER_SET_CONTEXT_MGR already set [ 1751.287731][T12294] binder: 12290:12294 ioctl 4018620d 20000100 returned -16 01:38:39 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:39 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, 0x0, 0x48, 0x800000000000) [ 1751.326079][T12294] binder: 12290:12294 ioctl c0306201 20001480 returned -14 01:38:39 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:39 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:39 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, 0x0, 0x48, 0x800000000000) [ 1751.759361][T12316] binder: 12315:12316 unknown command 287492 01:38:40 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1751.836968][T12316] binder: 12315:12316 ioctl c0306201 20000080 returned -22 [ 1751.925315][T12320] binder: 12315:12320 ioctl c0306201 0 returned -14 [ 1751.986035][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1752.034078][T12325] binder: 12321:12325 ioctl c0306201 0 returned -14 01:38:40 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') pread64(r0, 0x0, 0x48, 0x800000000000) [ 1752.132275][T12317] binder: BINDER_SET_CONTEXT_MGR already set [ 1752.166593][T12317] binder: 12315:12317 ioctl 4018620d 20000100 returned -16 [ 1752.207509][T12329] binder: BINDER_SET_CONTEXT_MGR already set [ 1752.261980][T12320] binder: 12315:12320 ioctl c0306201 20001480 returned -14 [ 1752.275247][T12329] binder: 12321:12329 ioctl 4018620d 20000100 returned -16 [ 1752.275499][T12332] binder: 12321:12332 ioctl c0306201 20001480 returned -14 01:38:40 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr\x00') openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) 01:38:40 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:40 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:40 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:40 executing program 2: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='x'}) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) [ 1752.739100][T12343] binder: 12336:12343 unknown command 287492 01:38:41 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1752.797727][T12343] binder: 12336:12343 ioctl c0306201 20000080 returned -22 [ 1752.817882][T12343] binder: 12336:12343 ioctl c0306201 0 returned -14 [ 1752.865359][T12352] binder: 12351:12352 ioctl c0306201 0 returned -14 [ 1752.959971][T12355] binder: BINDER_SET_CONTEXT_MGR already set [ 1752.960788][T12353] binder: 12336:12353 ioctl c0306201 20001480 returned -14 [ 1752.965992][T12355] binder: 12351:12355 ioctl 4018620d 20000100 returned -16 [ 1753.017392][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1753.030459][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1753.045356][T12355] binder: 12351:12355 ioctl c0306201 20001480 returned -14 01:38:41 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:41 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:41 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:41 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1753.710239][T12367] binder: 12366:12367 ioctl c0306201 0 returned -14 01:38:41 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) [ 1753.791296][T12369] binder: BINDER_SET_CONTEXT_MGR already set [ 1753.839926][T12369] binder: 12366:12369 ioctl 4018620d 20000100 returned -16 [ 1753.850633][T12372] binder: BINDER_SET_CONTEXT_MGR already set [ 1753.885416][T12372] binder: 12368:12372 ioctl 40046207 0 returned -16 01:38:42 executing program 2: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) inotify_init() syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') epoll_create(0x2) pselect6(0x40, &(0x7f0000000200)={0x72}, 0x0, 0x0, 0x0, 0x0) 01:38:42 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1753.939712][T12369] binder: 12366:12369 ioctl c0306201 20001480 returned -14 [ 1753.952250][T12372] binder: 12368:12372 ioctl c0306201 0 returned -14 [ 1754.029203][T12381] binder: 12368:12381 ioctl c0306201 20001480 returned -14 [ 1754.057147][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:42 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x70}}, 0x0) [ 1754.267931][T12389] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 01:38:42 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:42 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_mr_cache\x00') pread64(r0, 0x0, 0x0, 0x2) 01:38:42 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:42 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:42 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000001400)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='L', 0x1}]) fadvise64(r0, 0x0, 0x6, 0x4) [ 1754.670337][T12393] binder: 12392:12393 ioctl c0306201 0 returned -14 [ 1754.778119][T12398] binder: 12395:12398 ioctl c0306201 0 returned -14 [ 1754.808031][T12397] binder: BINDER_SET_CONTEXT_MGR already set [ 1754.844641][T12397] binder: 12392:12397 ioctl 4018620d 20000100 returned -16 [ 1754.889245][T12401] binder: BINDER_SET_CONTEXT_MGR already set [ 1754.897114][T12401] binder: 12395:12401 ioctl 4018620d 20000100 returned -16 [ 1754.908479][T12397] binder: 12392:12397 ioctl c0306201 20001480 returned -14 [ 1754.943631][T12406] binder: 12395:12406 ioctl c0306201 20001480 returned -14 01:38:43 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:43 executing program 2: io_setup(0x100, &(0x7f0000000000)=0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_submit(r0, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x73af, r1, &(0x7f0000000040)="191249460cd4", 0x6, 0x0, 0x0, 0x2}]) 01:38:43 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1755.102860][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000100)) 01:38:43 executing program 2: symlinkat(&(0x7f00000014c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0x0) 01:38:43 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:43 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1755.644352][T12426] binder: 12424:12426 ioctl c0306201 0 returned -14 01:38:43 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x0, 0xab28, 0x9) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 1755.734694][T12427] binder: 12423:12427 ioctl c0306201 0 returned -14 [ 1755.772084][T12429] binder: BINDER_SET_CONTEXT_MGR already set [ 1755.813551][T12429] binder: 12424:12429 ioctl 4018620d 20000100 returned -16 [ 1755.860213][T12431] binder: BINDER_SET_CONTEXT_MGR already set [ 1755.897172][T12431] binder: 12423:12431 ioctl 4018620d 20000100 returned -16 01:38:44 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:38:44 executing program 2: epoll_create(0x8001) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) [ 1755.905984][T12432] binder: 12424:12432 ioctl c0306201 20001480 returned -14 [ 1755.944740][T12427] binder: 12423:12427 ioctl c0306201 20001480 returned -14 01:38:44 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1756.057080][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1756.161442][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:44 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:44 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1756.376475][T12442] binder: 12440:12442 ioctl c0306201 0 returned -14 01:38:44 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1756.464466][T12446] binder: BINDER_SET_CONTEXT_MGR already set [ 1756.490201][T12446] binder: 12440:12446 ioctl 4018620d 20000100 returned -16 [ 1756.528194][T12446] binder: 12440:12446 ioctl c0306201 20001480 returned -14 [ 1756.599357][T12452] binder: 12451:12452 ioctl c0306201 0 returned -14 [ 1756.666675][T12455] binder: BINDER_SET_CONTEXT_MGR already set [ 1756.678355][T12455] binder: 12451:12455 ioctl 4018620d 20000100 returned -16 [ 1756.693061][T12455] binder: 12451:12455 ioctl c0306201 20001480 returned -14 01:38:45 executing program 2: epoll_create(0x8001) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) 01:38:45 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:45 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1757.218487][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1757.236406][T12461] binder: 12460:12461 ioctl c0306201 0 returned -14 [ 1757.363533][T12463] binder: BINDER_SET_CONTEXT_MGR already set [ 1757.386582][T12463] binder: 12460:12463 ioctl 4018620d 20000100 returned -16 01:38:45 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:45 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1757.475101][T12468] binder: 12460:12468 ioctl c0306201 20001480 returned -14 01:38:45 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1757.756297][T12473] binder: 12471:12473 ioctl c0306201 0 returned -14 01:38:46 executing program 2: epoll_create(0x8001) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) [ 1757.891882][T12481] binder: BINDER_SET_CONTEXT_MGR already set [ 1757.969572][T12484] binder: 12471:12484 ioctl c0306201 20001480 returned -14 [ 1757.970728][T12481] binder: 12471:12481 ioctl 4018620d 20000100 returned -16 01:38:46 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1758.204398][T12487] binder: 12486:12487 ioctl c0306201 0 returned -14 [ 1758.323766][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1758.341141][T12488] binder: BINDER_SET_CONTEXT_MGR already set 01:38:46 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1758.372178][T12488] binder: 12486:12488 ioctl 4018620d 20000100 returned -16 [ 1758.401153][T12489] binder: 12486:12489 ioctl c0306201 20001480 returned -14 01:38:46 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:46 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1758.627909][T12491] binder: 12490:12491 ioctl c0306201 0 returned -14 01:38:46 executing program 2: epoll_create(0x8001) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) [ 1758.741813][T12496] binder: BINDER_SET_CONTEXT_MGR already set [ 1758.788841][T12496] binder: 12490:12496 ioctl 4018620d 20000100 returned -16 01:38:47 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1758.888511][T12503] binder: 12490:12503 ioctl c0306201 20001480 returned -14 01:38:47 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1759.107144][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1759.237975][T12515] binder: 12511:12515 ioctl c0306201 0 returned -14 [ 1759.300527][T12516] binder: BINDER_SET_CONTEXT_MGR already set [ 1759.319953][T12516] binder: 12511:12516 ioctl 4018620d 20000100 returned -16 01:38:47 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1759.377107][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1759.388789][T12516] binder: 12511:12516 ioctl c0306201 20001480 returned -14 [ 1759.585246][T12518] binder: 12517:12518 ioctl c0306201 20001480 returned -14 01:38:47 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x127b, 0x0) 01:38:47 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:48 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x1278, 0x0) 01:38:48 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x301, 0x0) 01:38:48 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:48 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1759.941877][T12523] binder: 12522:12523 ioctl c0306201 20001480 returned -14 01:38:48 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1760.122708][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1760.154453][T12531] binder: BINDER_SET_CONTEXT_MGR already set [ 1760.195153][T12531] binder: 12528:12531 ioctl 4018620d 20000100 returned -16 [ 1760.215079][T12535] binder: 12530:12535 ioctl c0306201 0 returned -14 [ 1760.227137][T12531] binder: 12528:12531 ioctl c0306201 20001480 returned -14 01:38:48 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:48 executing program 2: clock_gettime(0x47ee05c4dd150835, 0x0) 01:38:48 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:48 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:48 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0}}, 0x0) [ 1760.366003][T12541] binder: 12538:12541 ioctl c0306201 0 returned -14 [ 1760.374083][T12539] binder: BINDER_SET_CONTEXT_MGR already set [ 1760.385425][T12539] binder: 12530:12539 ioctl 4018620d 20000100 returned -16 [ 1760.444731][T12549] binder: 12530:12549 ioctl c0306201 20001480 returned -14 [ 1760.464898][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1760.491239][T12547] binder: 12538:12547 ioctl c0306201 20001480 returned -14 [ 1760.506112][T12547] binder_alloc: 12538: binder_alloc_buf, no vma 01:38:48 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') r1 = epoll_create(0x81) sendfile(r1, r0, 0x0, 0x0) 01:38:48 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/udplite6\x00') pread64(r0, 0x0, 0x0, 0x63) 01:38:49 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:49 executing program 2: openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x517882, 0x0) 01:38:49 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1761.181448][T12562] binder: 12561:12562 ioctl c0306201 0 returned -14 01:38:49 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:49 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') pread64(r0, 0x0, 0x0, 0x0) [ 1761.300040][T12566] binder: 12563:12566 ioctl c0306201 0 returned -14 [ 1761.331053][T12567] binder: BINDER_SET_CONTEXT_MGR already set [ 1761.347212][T12567] binder: 12561:12567 ioctl 4018620d 20000100 returned -16 [ 1761.383675][T12568] binder: 12561:12568 ioctl c0306201 20001480 returned -14 [ 1761.470438][T12569] binder: 12563:12569 ioctl c0306201 20001480 returned -14 [ 1761.490987][T12569] binder_alloc: 12563: binder_alloc_buf, no vma [ 1761.509959][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:49 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x127c, 0x0) 01:38:49 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:49 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:49 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x57b802, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000100)={{r0}}) 01:38:50 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) flock(r0, 0x2) close(r0) 01:38:50 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:50 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:50 executing program 2: r0 = socket(0x2, 0x2, 0x1) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) [ 1762.137418][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1762.151494][T12594] binder: 12592:12594 ioctl c0306201 20001480 returned -14 01:38:50 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1762.307250][T12599] binder: 12596:12599 ioctl c0306201 0 returned -14 01:38:50 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x0, r1, 0x0}]) [ 1762.402064][T12601] binder: 12596:12601 ioctl c0306201 20001480 returned -14 [ 1762.481573][T12601] binder_alloc: 12596: binder_alloc_buf, no vma 01:38:50 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1762.547923][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1762.602340][T12606] binder: 12604:12606 ioctl c0306201 20001480 returned -14 01:38:50 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:50 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:50 executing program 2: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x123043, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, 0x0) 01:38:51 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:51 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') sendfile(r0, r0, &(0x7f0000000000)=0x1ff, 0x1000) 01:38:51 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00') pread64(r0, 0x0, 0x0, 0x0) 01:38:51 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) [ 1762.903464][T12618] binder: 12617:12618 ioctl c0306201 20001480 returned -14 01:38:51 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:51 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stack\x00') pread64(r0, 0x0, 0x0, 0x0) 01:38:51 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:51 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x20, 0x0, 0x1) [ 1763.193058][T12639] binder: 12638:12639 ioctl c0306201 0 returned -14 [ 1763.236349][T12642] binder: 12641:12642 ioctl c0306201 0 returned -14 [ 1763.257622][T12639] binder: 12638:12639 ioctl c0306201 20001480 returned -14 [ 1763.360476][T12643] binder: 12641:12643 ioctl c0306201 20001480 returned -14 [ 1763.383666][T12643] binder_alloc: 12641: binder_alloc_buf, no vma [ 1763.593170][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:51 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:51 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0xfffffffffffffffc) 01:38:51 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:52 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1763.873421][T12646] binder: 12645:12646 ioctl c0306201 0 returned -14 [ 1763.913551][T12646] binder: 12645:12646 ioctl c0306201 20001480 returned -14 01:38:52 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:52 executing program 2: statx(0xffffffffffffffff, &(0x7f00000024c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0) 01:38:52 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:52 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:52 executing program 2: select(0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f0000000180)) [ 1764.182462][T12661] binder: 12658:12661 ioctl c0306201 0 returned -14 [ 1764.214685][T12664] binder: 12660:12664 ioctl c0306201 0 returned -14 [ 1764.269191][T12661] binder: 12658:12661 ioctl c0306201 20001480 returned -14 [ 1764.353323][T12668] binder: 12660:12668 ioctl c0306201 20001480 returned -14 01:38:52 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:52 executing program 2: pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) io_setup(0x4, &(0x7f0000000e40)=0x0) io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1764.400111][T12668] binder_alloc: 12660: binder_alloc_buf, no vma 01:38:52 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000001400)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='L', 0x1, 0x10d0}]) fadvise64(r0, 0x0, 0x0, 0x4) [ 1764.623620][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1764.641820][T12676] binder: 12674:12676 ioctl c0306201 0 returned -14 [ 1764.683941][T12676] binder: 12674:12676 ioctl c0306201 0 returned -14 [ 1764.808278][T12676] binder: 12674:12676 ioctl c0306201 20001480 returned -14 01:38:53 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:53 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:53 executing program 2: creat(&(0x7f0000000040)='./file1/../file0\x00', 0x0) creat(&(0x7f0000000000)='./file1/../file0\x00', 0x0) 01:38:53 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:53 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:53 executing program 2: clock_gettime(0x8755b440554cf335, 0x0) [ 1765.112262][T12684] binder: 12681:12684 ioctl c0306201 0 returned -14 01:38:53 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') pread64(r0, 0x0, 0x0, 0x8) [ 1765.177391][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1765.194910][T12691] binder: 12689:12691 ioctl c0306201 0 returned -14 [ 1765.214295][T12684] binder: 12681:12684 ioctl c0306201 0 returned -14 [ 1765.259310][T12684] binder: 12681:12684 ioctl c0306201 20001480 returned -14 [ 1765.302176][T12699] binder: 12689:12699 ioctl c0306201 20001480 returned -14 [ 1765.373946][T12699] binder_alloc: 12689: binder_alloc_buf, no vma 01:38:53 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:53 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000080), 0x0, 0x4000, 0x0) 01:38:53 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1765.553780][T12706] binder: 12705:12706 ioctl c0306201 0 returned -14 01:38:53 executing program 2: r0 = socket(0x2, 0x2, 0x1) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x14}, 0x14}}, 0x0) [ 1765.606533][T12709] binder: 12705:12709 ioctl c0306201 0 returned -14 [ 1765.666265][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1765.707760][T12706] binder: 12705:12706 ioctl c0306201 20001480 returned -14 01:38:54 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1765.971876][T12717] binder: 12715:12717 ioctl c0306201 0 returned -14 [ 1766.092270][T12718] binder: 12715:12718 ioctl c0306201 20001480 returned -14 01:38:54 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x2, &(0x7f00000001c0)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 01:38:54 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:54 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:54 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1766.328607][T12722] binder: 12719:12722 ioctl c0306201 0 returned -14 01:38:54 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='attr/fscreate\x00') pread64(r0, 0x0, 0x0, 0x0) [ 1766.380731][T12722] binder: 12719:12722 ioctl c0306201 20001480 returned -14 01:38:54 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="8f", 0x7ffff002}], 0x1, 0x0, 0x0) 01:38:54 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1766.697611][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:54 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1766.770608][T12736] binder: 12735:12736 ioctl c0306201 0 returned -14 01:38:55 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1766.848266][T12736] binder: 12735:12736 ioctl c0306201 20001480 returned -14 01:38:55 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1766.919178][T12738] binder: 12737:12738 ioctl c0306201 0 returned -14 [ 1767.070685][T12740] binder: 12737:12740 ioctl c0306201 20001480 returned -14 [ 1767.142604][T12745] binder: 12742:12745 ioctl c0306201 0 returned -14 01:38:55 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1767.221315][T12745] binder: 12742:12745 ioctl c0306201 20001480 returned -14 01:38:55 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:55 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 01:38:55 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1767.484777][T12753] binder: 12751:12753 ioctl c0306201 0 returned -14 [ 1767.546516][T12753] binder: 12751:12753 ioctl c0306201 0 returned -14 [ 1767.619789][T12753] binder: 12751:12753 ioctl c0306201 20001480 returned -14 01:38:55 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:55 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1767.750329][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1767.880746][T12764] binder: 12761:12764 ioctl c0306201 0 returned -14 [ 1767.961715][T12762] loop2: detected capacity change from 0 to 2048 [ 1767.971553][T12767] binder: 12765:12767 ioctl c0306201 0 returned -14 [ 1768.010510][T12768] binder: 12761:12768 ioctl c0306201 20001480 returned -14 [ 1768.033415][T12762] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! 01:38:56 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1768.076399][T12762] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1768.090612][T12767] binder: 12765:12767 ioctl c0306201 0 returned -14 [ 1768.125674][T12767] binder: 12765:12767 ioctl c0306201 20001480 returned -14 01:38:56 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1768.227211][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:56 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:38:56 executing program 2: r0 = creat(&(0x7f0000001600)='./file0\x00', 0x0) fallocate(r0, 0x1, 0x0, 0x1fe) [ 1768.452764][T12776] binder: 12774:12776 ioctl c0306201 0 returned -14 [ 1768.482439][T12776] binder: 12774:12776 ioctl c0306201 0 returned -14 [ 1768.531584][T12776] binder: 12774:12776 ioctl c0306201 20001480 returned -14 01:38:56 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:56 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:57 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:38:57 executing program 2: mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000080)=""/109) [ 1768.869533][T12784] binder: 12782:12784 ioctl c0306201 0 returned -14 [ 1768.871068][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1769.042973][T12788] binder: 12782:12788 ioctl c0306201 20001480 returned -14 [ 1769.072451][T12789] binder: 12785:12789 ioctl c0306201 0 returned -14 01:38:57 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:38:57 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163342, 0x0) sync() ftruncate(r0, 0x800022) [ 1769.218035][T12794] binder: 12785:12794 ioctl c0306201 20001480 returned -14 01:38:57 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1769.411487][T12796] loop2: detected capacity change from 0 to 2048 [ 1769.436071][T12796] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1769.492729][T12796] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1769.580089][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:38:57 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:58 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1769.811134][T12806] binder: 12804:12806 ioctl c0306201 0 returned -14 01:38:58 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1769.897593][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1769.936332][T12807] binder: 12804:12807 ioctl c0306201 20001480 returned -14 01:38:58 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163342, 0x0) sync() ftruncate(r0, 0x800022) [ 1769.989197][T12809] binder: 12808:12809 ioctl c0306201 0 returned -14 [ 1770.137259][T12812] binder: 12808:12812 ioctl c0306201 20001480 returned -14 01:38:58 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:38:58 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1770.451201][T12815] loop2: detected capacity change from 0 to 2048 [ 1770.463524][T12815] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1770.518876][T12815] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) 01:38:58 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:38:58 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1770.728085][T12822] binder: 12821:12822 ioctl c0306201 0 returned -14 [ 1770.891455][T12824] binder: 12821:12824 ioctl c0306201 20001480 returned -14 01:38:59 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163342, 0x0) sync() ftruncate(r0, 0x800022) [ 1770.944744][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1770.968188][T12826] binder: 12825:12826 ioctl c0306201 0 returned -14 [ 1771.040703][T12828] binder: 12825:12828 ioctl c0306201 20001480 returned -14 01:38:59 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1771.268933][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1771.371476][T12831] loop2: detected capacity change from 0 to 2048 01:38:59 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1771.450438][T12831] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! 01:38:59 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:38:59 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, 0x0}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1771.539805][T12831] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1771.648618][T12840] binder: 12836:12840 ioctl c0306201 0 returned -14 01:38:59 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1771.745284][T12840] binder: 12836:12840 ioctl c0306201 20001480 returned -14 01:39:00 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, 0x0}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:00 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163342, 0x0) sync() ftruncate(r0, 0x800022) [ 1771.961713][T12846] binder: 12845:12846 ioctl c0306201 0 returned -14 [ 1771.985982][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1772.085916][T12848] binder: 12845:12848 ioctl c0306201 20001480 returned -14 [ 1772.163291][T12849] binder: 12847:12849 ioctl c0306201 0 returned -14 01:39:00 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1772.232621][T12849] binder: 12847:12849 ioctl c0306201 20001480 returned -14 01:39:00 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, 0x0}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1772.408985][T12852] loop2: detected capacity change from 0 to 2048 01:39:00 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1772.469999][T12852] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1772.497095][T12852] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) 01:39:00 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1772.571110][T12859] binder: 12855:12859 ioctl c0306201 0 returned -14 [ 1772.611408][T12859] binder: 12855:12859 ioctl c0306201 20001480 returned -14 01:39:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00') pread64(r0, 0x0, 0x0, 0x2) 01:39:00 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:00 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, &(0x7f0000000140)}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:01 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000000)) [ 1772.946037][T12870] binder: 12867:12870 ioctl c0306201 0 returned -14 [ 1772.975407][T12871] binder: 12868:12871 ioctl c0306201 0 returned -14 [ 1772.999160][T12870] binder: 12867:12870 ioctl c0306201 20001480 returned -14 [ 1773.017363][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:01 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, &(0x7f0000000140)}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1773.116663][T12872] binder: 12868:12872 ioctl c0306201 20001480 returned -14 01:39:01 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) [ 1773.295431][T12876] binder: 12875:12876 ioctl c0306201 0 returned -14 01:39:01 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1773.354691][T12876] binder: 12875:12876 ioctl c0306201 20001480 returned -14 01:39:01 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000000), 0x0, 0x0, 0x0) 01:39:01 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:01 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, &(0x7f0000000140)}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:01 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x40081271, 0x0) 01:39:01 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:01 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:01 executing program 2: keyctl$negate(0xd, 0x0, 0x0, 0xfffffffffffffffa) syz_open_dev$loop(0x0, 0x0, 0x0) clock_gettime(0x6, &(0x7f0000000040)) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000200), 0xc, 0x0}, 0x0) sendmsg$NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, 0x0, 0x4) [ 1773.739618][T12888] binder: 12884:12888 ioctl c0306201 0 returned -14 [ 1773.798056][T12888] binder: 12884:12888 ioctl c0306201 20001480 returned -14 01:39:02 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(0xffffffffffffffff, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:02 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x102) pwritev(r0, 0x0, 0x0, 0x0, 0x0) [ 1773.913636][T12895] binder: 12892:12895 ioctl c0306201 0 returned -14 [ 1774.009674][T12904] binder: 12892:12904 ioctl c0306201 20001480 returned -14 [ 1774.033792][T12902] binder: 12900:12902 ioctl c0306201 0 returned -14 [ 1774.083955][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:02 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) sync() ftruncate(r0, 0x800022) [ 1774.151951][T12907] binder: 12900:12907 ioctl c0306201 20001480 returned -14 [ 1774.223791][T12907] binder_alloc: 12900: binder_alloc_buf, no vma [ 1774.307323][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:02 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:02 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1774.546331][T12910] loop2: detected capacity change from 0 to 2048 [ 1774.570563][T12910] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! 01:39:02 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, 0x0}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1774.654596][T12910] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) 01:39:03 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(0xffffffffffffffff, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:03 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$binfmt_elf64(r0, 0x0, 0xeffdffff) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 1774.831179][T12920] binder: 12919:12920 ioctl c0306201 0 returned -14 [ 1774.954279][T12920] binder: 12919:12920 ioctl c0306201 20001480 returned -14 [ 1774.975174][T12922] binder: 12921:12922 ioctl c0306201 0 returned -14 01:39:03 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, 0x0}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:03 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:03 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x2, &(0x7f0000000040)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) [ 1775.103010][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1775.129470][T12925] binder: 12921:12925 ioctl c0306201 20001480 returned -14 [ 1775.212751][T12925] binder_alloc: 12921: binder_alloc_buf, no vma [ 1775.316074][T12930] binder: 12928:12930 ioctl c0306201 0 returned -14 01:39:03 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x2, &(0x7f0000000040)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) [ 1775.408369][T12930] binder: 12928:12930 ioctl c0306201 20001480 returned -14 01:39:03 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:03 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, 0x0}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:03 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x2, &(0x7f0000000040)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) [ 1775.663630][T12944] binder: 12940:12944 ioctl c0306201 0 returned -14 01:39:03 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(0xffffffffffffffff, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1775.764237][T12944] binder: 12940:12944 ioctl c0306201 20001480 returned -14 01:39:04 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:04 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x2, &(0x7f0000000040)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) 01:39:04 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, &(0x7f0000000140)}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1775.923915][T12952] binder: 12950:12952 ioctl c0306201 0 returned -14 [ 1776.069766][T12959] binder: 12950:12959 ioctl c0306201 20001480 returned -14 [ 1776.093273][T12958] binder: 12954:12958 ioctl c0306201 0 returned -14 [ 1776.150687][T12959] binder_alloc: 12950: binder_alloc_buf, no vma [ 1776.182726][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:04 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x8142, 0x0) [ 1776.270602][T12958] binder: 12954:12958 ioctl c0306201 20001480 returned -14 01:39:04 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:04 executing program 2: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000080)={0x9}, 0x0, 0x0, 0x0, 0x0) 01:39:04 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, &(0x7f0000000140)}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:04 executing program 2: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pselect6(0x96, &(0x7f0000000080)={0x9}, 0x0, 0x0, 0x0, 0x0) [ 1776.629384][T12981] binder: 12979:12981 ioctl c0306201 0 returned -14 01:39:04 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:04 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1776.697982][T12981] binder: 12979:12981 ioctl c0306201 20001480 returned -14 01:39:05 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:05 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x0, 0x1000000, &(0x7f0000000140)}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1776.920265][T12989] binder: 12987:12989 ioctl c0306201 0 returned -14 [ 1776.967714][T12993] binder: 12990:12993 ioctl c0306201 0 returned -14 [ 1777.008953][T12993] binder: 12990:12993 ioctl c0306201 20001480 returned -14 [ 1777.060717][T12997] binder: 12987:12997 ioctl c0306201 20001480 returned -14 [ 1777.149216][T12997] binder_alloc: 12987: binder_alloc_buf, no vma 01:39:05 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0}}, 0x5ee) 01:39:05 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(0xffffffffffffffff, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:05 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1777.274829][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:05 executing program 2: r0 = socket(0x2, 0x3, 0x2) getsockname$packet(r0, 0x0, &(0x7f0000000200)) [ 1777.326187][T13003] binder: 13002:13003 ioctl c0306201 0 returned -14 [ 1777.347175][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1777.439537][T13008] binder: 13002:13008 ioctl c0306201 20001480 returned -14 [ 1777.477093][T13008] binder_alloc: 13002: binder_alloc_buf, no vma 01:39:05 executing program 2: r0 = creat(&(0x7f0000000000)='./file1\x00', 0x0) fallocate(r0, 0x10, 0x9, 0x9) 01:39:05 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:05 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:05 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r2 = open_tree(0xffffffffffffffff, 0x0, 0x0) r3 = dup2(r2, 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_MPATH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x34, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), r2) sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x300, 0x0, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5}]}, 0x1c}}, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bf7b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6}]}}}]}, 0x3c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010700000000000000000500000008000300", @ANYRES32=0x0, @ANYBLOB="080001003800000008005200", @ANYRES32=0x0, @ANYBLOB="080001003c00000008000300", @ANYRES32=r5], 0x54}}, 0x0) r8 = fcntl$dupfd(r0, 0x0, r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r8) [ 1777.852536][T13016] binder: 13015:13016 ioctl c0306201 0 returned -14 01:39:06 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1778.001568][T13024] binder: 13015:13024 ioctl c0306201 20001480 returned -14 01:39:06 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(0xffffffffffffffff, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1778.068775][T13024] binder_alloc: 13015: binder_alloc_buf, no vma [ 1778.104562][T13020] bridge3: entered promiscuous mode [ 1778.157657][T13020] bridge3: entered allmulticast mode [ 1778.194109][T13020] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1778.224048][T13029] binder: 13027:13029 ioctl c0306201 0 returned -14 01:39:06 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r2 = open_tree(0xffffffffffffffff, 0x0, 0x0) r3 = dup2(r2, 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_MPATH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x34, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), r2) sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x300, 0x0, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5}]}, 0x1c}}, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bf7b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6}]}}}]}, 0x3c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010700000000000000000500000008000300", @ANYRES32=0x0, @ANYBLOB="080001003800000008005200", @ANYRES32=0x0, @ANYBLOB="080001003c00000008000300", @ANYRES32=r5], 0x54}}, 0x0) r8 = fcntl$dupfd(r0, 0x0, r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r8) [ 1778.304057][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1778.372547][T13033] binder: 13027:13033 ioctl c0306201 20001480 returned -14 [ 1778.391676][T13033] binder_alloc: 13027: binder_alloc_buf, no vma 01:39:06 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1778.582467][T13035] bridge4: entered promiscuous mode 01:39:06 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1778.654948][T13035] bridge4: entered allmulticast mode [ 1778.741517][T13036] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1778.799744][T13041] binder: 13040:13041 ioctl c0306201 0 returned -14 01:39:07 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:07 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r2 = open_tree(0xffffffffffffffff, 0x0, 0x0) r3 = dup2(r2, 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_MPATH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x34, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), r2) sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x300, 0x0, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5}]}, 0x1c}}, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bf7b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6}]}}}]}, 0x3c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010700000000000000000500000008000300", @ANYRES32=0x0, @ANYBLOB="080001003800000008005200", @ANYRES32=0x0, @ANYBLOB="080001003c00000008000300", @ANYRES32=r5], 0x54}}, 0x0) r8 = fcntl$dupfd(r0, 0x0, r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r8) [ 1778.926427][T13044] binder: 13040:13044 ioctl c0306201 20001480 returned -14 01:39:07 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(0xffffffffffffffff, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1778.989723][T13044] binder_alloc: 13040: binder_alloc_buf, no vma [ 1779.177557][T21005] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1779.205291][T13055] binder: 13053:13055 ioctl c0306201 0 returned -14 01:39:07 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1779.278581][T13054] bridge5: entered promiscuous mode [ 1779.319924][T13057] binder: 13053:13057 ioctl c0306201 20001480 returned -14 [ 1779.327888][T13054] bridge5: entered allmulticast mode [ 1779.345898][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1779.365890][T13056] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1779.415823][T13057] binder_alloc: 13053: binder_alloc_buf, no vma 01:39:07 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r2 = open_tree(0xffffffffffffffff, 0x0, 0x0) r3 = dup2(r2, 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_MPATH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x34, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), r2) sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x300, 0x0, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5}]}, 0x1c}}, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bf7b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6}]}}}]}, 0x3c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000740)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010700000000000000000500000008000300", @ANYRES32=0x0, @ANYBLOB="080001003800000008005200", @ANYRES32=0x0, @ANYBLOB="080001003c00000008000300", @ANYRES32=r5], 0x54}}, 0x0) r8 = fcntl$dupfd(r0, 0x0, r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r8) 01:39:07 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:07 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1779.823643][T13067] bridge6: entered promiscuous mode [ 1779.859419][T13067] bridge6: entered allmulticast mode 01:39:08 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1779.907627][T13070] binder: 13066:13070 ioctl c0306201 0 returned -14 [ 1779.929670][T13071] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 01:39:08 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1780.064833][T13077] binder: 13066:13077 ioctl c0306201 20001480 returned -14 [ 1780.122296][T13078] binder: 13076:13078 ioctl c0306201 0 returned -14 01:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000000)=0xfffffffffffffed3) [ 1780.227434][T13088] binder: 13076:13088 ioctl c0306201 20001480 returned -14 [ 1780.293648][T13088] binder_alloc: 13076: binder_alloc_buf, no vma 01:39:08 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x1, 0x4) [ 1780.387135][T21005] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1780.398288][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:08 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:08 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:08 executing program 2: r0 = epoll_create1(0x0) close(r0) 01:39:09 executing program 2: syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd/3\x00') [ 1780.787645][T13098] binder: 13093:13098 ioctl c0306201 0 returned -14 01:39:09 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1780.918294][T13102] binder: 13093:13102 ioctl c0306201 20001480 returned -14 01:39:09 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000004040)={{r0}}) [ 1781.019978][T13106] binder: 13105:13106 ioctl c0306201 0 returned -14 01:39:09 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1781.179406][T13110] binder: 13105:13110 ioctl c0306201 20001480 returned -14 01:39:09 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:09 executing program 2: socket$packet(0x11, 0x3, 0x300) pselect6(0x40, &(0x7f00000003c0), 0x0, &(0x7f0000000440)={0x9}, &(0x7f00000004c0), 0x0) [ 1781.265005][T13110] binder_alloc: 13105: binder_alloc_buf, no vma 01:39:09 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x1261, 0x0) [ 1781.429258][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:09 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') pread64(r0, 0x0, 0x0, 0x2) 01:39:09 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1781.690977][T13127] binder: 13126:13127 ioctl c0306201 0 returned -14 01:39:10 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:10 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PIO_SCRNMAP(r0, 0x4b41, 0x0) 01:39:10 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1781.829316][T13131] binder: 13126:13131 ioctl c0306201 20001480 returned -14 [ 1781.984507][T13139] binder: 13137:13139 ioctl c0306201 0 returned -14 01:39:10 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000)="c3", 0x1}]) [ 1782.037333][T13142] binder: 13137:13142 ioctl c0306201 20001480 returned -14 [ 1782.084778][T13142] binder_alloc: 13137: binder_alloc_buf, no vma 01:39:10 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:10 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1782.297479][T13146] binder: 13145:13146 ioctl c0306201 0 returned -14 01:39:10 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1782.360575][T13147] binder: 13145:13147 ioctl c0306201 20001480 returned -14 01:39:10 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1782.462901][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1782.645468][T13159] binder: 13155:13159 ioctl c0306201 0 returned -14 [ 1782.763317][T13160] binder: 13155:13160 ioctl 4018620d 0 returned -22 [ 1782.786405][T13160] binder: 13155:13160 ioctl c0306201 20001480 returned -14 01:39:11 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:11 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_tables_matches\x00') pread64(r0, 0x0, 0x0, 0x63) 01:39:11 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:11 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0xe, &(0x7f0000000140)={0x0, 0x0}, 0x10) [ 1783.263403][T13171] binder: 13169:13171 ioctl c0306201 0 returned -14 [ 1783.331091][T13173] binder: 13169:13173 ioctl c0306201 20001480 returned -14 01:39:11 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1783.434436][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:11 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:11 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x2, &(0x7f00000001c0)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2, 0x0, r1}]) [ 1783.505993][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:11 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1783.653004][T13184] binder: 13180:13184 ioctl c0306201 0 returned -14 01:39:11 executing program 2: openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x7f}, &(0x7f00000000c0), 0x0) 01:39:12 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x1267, 0x0) [ 1783.859118][T13187] binder: 13180:13187 ioctl 4018620d 0 returned -22 [ 1783.888625][T13187] binder: 13180:13187 ioctl c0306201 20001480 returned -14 01:39:12 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp\x00') read$msr(r0, 0x0, 0x0) 01:39:12 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1784.248824][T13200] binder: 13199:13200 ioctl c0306201 0 returned -14 01:39:12 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) sync_file_range(r0, 0x6, 0xfffffffffffffffd, 0x0) 01:39:12 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1784.388289][T13201] binder: 13199:13201 ioctl c0306201 20001480 returned -14 01:39:12 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:12 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ptype\x00') pread64(r0, 0x0, 0x0, 0x63) [ 1784.542821][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:12 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1784.656025][T13210] binder: 13209:13210 ioctl c0306201 0 returned -14 01:39:12 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x0, 0xab28, 0x9) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="8f", 0x1}], 0x1, 0x0, 0x0) [ 1784.796146][T13213] binder: 13209:13213 ioctl 4018620d 0 returned -22 [ 1784.810384][T13213] binder: 13209:13213 ioctl c0306201 20001480 returned -14 01:39:13 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:13 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00') pread64(r0, 0x0, 0x0, 0x2) 01:39:13 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:13 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/keycreate\x00') write$P9_RWSTAT(r0, 0x0, 0x0) [ 1785.074951][T13225] binder: 13224:13225 ioctl c0306201 0 returned -14 [ 1785.138547][T13229] binder: 13224:13229 ioctl 4018620d 0 returned -22 [ 1785.217972][T13231] binder: 13224:13231 ioctl c0306201 20001480 returned -14 01:39:13 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x10, 0x0, 0x1fe) 01:39:13 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:13 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464ce, &(0x7f0000000100)) 01:39:13 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:13 executing program 2: r0 = epoll_create(0x1) r1 = epoll_create(0xae28) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20000000}) pselect6(0x40, &(0x7f0000000080)={0x9}, 0x0, 0x0, 0x0, 0x0) [ 1785.582571][T13240] binder: 13237:13240 ioctl c0306201 0 returned -14 [ 1785.586542][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:14 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:14 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1786.061655][T13254] binder: 13253:13254 ioctl c0306201 0 returned -14 01:39:14 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1786.154890][T13257] binder: 13253:13257 ioctl 4018620d 0 returned -22 [ 1786.173925][T13257] binder: 13253:13257 ioctl c0306201 20001480 returned -14 01:39:14 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1786.458028][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1786.474944][T13264] binder: 13263:13264 ioctl c0306201 0 returned -14 01:39:14 executing program 2: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f0000000080)='dctcp\x00', 0xfffffffffffffeb9) 01:39:14 executing program 2: io_setup(0x100, &(0x7f0000000000)=0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_submit(r0, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x73af, r1, 0x0, 0x0, 0x0, 0x0, 0x2}]) [ 1786.626468][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:14 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:15 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 01:39:15 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1787.015832][T13280] binder: 13279:13280 ioctl c0306201 0 returned -14 01:39:15 executing program 4: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:15 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/icmp6\x00') pread64(r0, 0x0, 0x0, 0x0) [ 1787.075836][T13281] binder: 13279:13281 ioctl 4018620d 0 returned -22 [ 1787.127904][T13284] binder: 13279:13284 ioctl c0306201 20001480 returned -14 01:39:15 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:15 executing program 2: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='x'}) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 01:39:15 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1787.458710][T13292] binder: 13290:13292 ioctl c0306201 0 returned -14 [ 1787.674220][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:16 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:16 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1788.035887][T13305] binder: 13303:13305 ioctl c0306201 0 returned -14 01:39:16 executing program 4: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:16 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:16 executing program 2: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='x'}) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 1788.391744][T13317] binder: 13314:13317 ioctl c0306201 0 returned -14 01:39:16 executing program 2: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='x'}) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 01:39:16 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1788.540374][T13321] binder: 13314:13321 ioctl c0306201 0 returned -14 [ 1788.715576][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:17 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1788.788843][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1788.943116][T13332] binder: 13331:13332 ioctl c0306201 0 returned -14 01:39:17 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:17 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:17 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1789.295056][T13340] binder: 13339:13340 ioctl c0306201 0 returned -14 01:39:17 executing program 4: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1789.374209][T13342] binder: 13341:13342 ioctl c0306201 0 returned -14 01:39:17 executing program 2: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000100)='x'}) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 1789.466293][T13345] binder: 13341:13345 ioctl c0306201 0 returned -14 [ 1789.498804][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:17 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1789.744312][T30828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:18 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:18 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:18 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1790.180431][T13362] binder: 13361:13362 ioctl c0306201 0 returned -14 [ 1790.248533][T13363] binder: 13361:13363 ioctl c0306201 0 returned -14 [ 1790.335574][T13367] binder: 13365:13367 ioctl c0306201 0 returned -14 01:39:18 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$alg(0x26, 0x5, 0x0) io_submit(r0, 0x2, &(0x7f0000000880)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}]) [ 1790.450323][T13370] binder: 13365:13370 ioctl c0306201 0 returned -14 01:39:18 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x4b47, 0x0) 01:39:18 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:18 executing program 2: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x1d4ddff6b667ff01) write$binfmt_elf64(r0, 0x0, 0xeffdffff) 01:39:18 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:19 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:19 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x125d, 0x0) [ 1790.850258][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:19 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:19 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) io_setup(0xdd, &(0x7f0000000000)=0x0) io_destroy(r1) io_destroy(r0) [ 1791.052543][T13394] binder: 13393:13394 ioctl c0306201 0 returned -14 01:39:19 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1791.125577][T13396] binder: 13393:13396 ioctl c0306201 0 returned -14 [ 1791.262260][T13399] binder: 13398:13399 ioctl c0306201 0 returned -14 01:39:19 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) io_setup(0xdd, &(0x7f0000000000)=0x0) io_destroy(r1) io_destroy(r0) 01:39:19 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:19 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:19 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) io_setup(0xdd, &(0x7f0000000000)=0x0) io_destroy(r1) io_destroy(r0) 01:39:20 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:20 executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1791.906151][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:20 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) io_setup(0xdd, &(0x7f0000000000)=0x0) io_destroy(r1) io_destroy(r0) [ 1792.044693][T13419] binder: 13418:13419 ioctl c0306201 0 returned -14 01:39:20 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1792.217647][T13426] binder: 13418:13426 ioctl c0306201 0 returned -14 [ 1792.258120][T13429] binder: 13425:13429 ioctl c0306201 0 returned -14 01:39:20 executing program 2: syz_open_dev$dri(&(0x7f0000000080), 0xffffffffffffffff, 0x200200) 01:39:20 executing program 2: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000004300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000004380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000002140)="9eda438838743bd4e9720bee57093515dc189a5ea685e9556c1c2c3cfc4df50d66d31a48aa312663b68d18c5826b5b55fb738208863dac0f10f423aee7a5d8ddc45ebdfeb7424bae859d7c37ecfc4b63914d5a56d91017dd22bc84f759a15969951aef9d5c88c96560896988fa18cd946cfcc3a0f1c993348377904eac32c980bdf7976ebca2b499cab63c4e841514277fc71d4620e29a92523402485de0e82896484c0ae497a4d686df23ca7b68c3fd5e624d3510d7f94838e54af877ca58a00c5a672bba11f5aa1ed1980dfef47b9973d0bf456ded5e72f1702b3dc5197fce39cba53a038d8dc0ec783ce70577107dc5e8b299e64a0b7f1191f0926bd25762370191710bab2f44e9069f55f8a3f87e4cb488a2fb3348c0bf3b3874291f83e4776b160ea73aafa3919c7c069c73c0052173a63158db8b65541d161f9c964926ad7f06bdd6cb6a32135b04e35701c2e13c49c1f75dc7a25d623378860692d172ec3f1e1f2d9dc77c015c13721efcb101c2390abb847e871132f472a37cc0163b39b1d575a5444e246a08a1afb1a696cabab29498a314429a3b9f44c43ba29f71fac1fbe0d01c3c16d22730932704bcfb0c1b7a432bc51dd3f5dd5afc3b342cbe6a6ff899039e28f9a51881b1d46fdcf31767cb6f5c5c69ab3c80615d77c4d1664fc4ec831b8cea2e752bbb7a9ce79df875b29f1e232751daf32a1a0c4ff8bd0688e2b8e2d668b8a77e20a9eb6ec2e2c23b94e507baeacbcfa31fb6e1ca3343668f43e3aa6d85e7c29bf0bb4dbdabddc92be7f4a6f5d21b19e6da17bfb6cc926e3847532fae29c7b62fb909130ec372d3c16cfe6aaf3ce2af0fe7610fde7aad61bc80d2f96b999c8ccf6d22cf903ca8ae8b879ec4a416f334982e9810c0140a18d4dc81b5edaae23e9f4abaf40ed71512aebbba5bb251545e188db789558a845a2877b14bdaeec3c738b7d730c0860531bf5517d4f0e8f95ed3571f8a35816d5116fcb8d7cbf42b7d5d5e65541508c898bb2e0fe96297d2ab7135662de39df099ebaed5871111f5346278cee5728cec512e6c0a0d65b51e3d627873195b84103341c2bc83b6c8fdd8ba17f5957413f61c69d618c9b9d0b1f08dc81921b6c662ee1da3bfa019b095e9a03c2db4d645ccb7364e895098cbf7d932c72d80663c7a1694d122f7348393079223c11d36c64a5856eae0397ab9a9d948204b74e56525a9d552dd0916de81cbb5af3c59b3d7f8f9154423ce2cb45a5bc808e24bef13212019a19545fe54ba84d01534358380192b8c7b0eda907810375bb66a578a58fec392b47991271c8367b91d710e8a176bc1a4e96f0e137d4c25fbb03eddc392f9f170dd744472b864fbbae7c93d86e682308b21b73c5652065d72cf02e1152b44024a90a3b52eb0bb3cb412e518d37a68aa4c7f46789c54ab30d3a73d0a8712fde612294cda2aa1ccf164930b9b1d17801d4fbb06e849d39bf2b5141330caa0d2618b616f1c67e1ca57080e79ed9092ba7a55e8121cfc825cd26a0199a479a7ab1b7b23d2a4dd82fa6d04ee41ca680435efc934f0451e865e8632ac2f1115f4cdd33b0fccb7a2326127faf20cba37c828613dba5a98f4e1ad25eb6b91078cf73d873df9ef91531476f64b83559ff7ccdc4c070d478b18196ea05fe8d4ea0216ee5273dfabbd04582f40f064c9781afd2cbf30901f28cd09cc934f1b2d50883778274177e3dba8af0a1b931d80ce1a6c4085780ea2195b65ecfd2953f78a5290fe560d0cd6a5e73890a5a82dc410b92a3ef2be05ec5607820fd4ca6b9c3aa258d59022fdcb21665f1ce4e8aad8fd918c43bd3c2afe3dc223ff9f48831d401c8b6996190793d1dd7551f8511b69283992398d8f9b4bd2b3398d3b8c6f3c5d8b802ca5282b70242df2b7be4b38e70c3065f8da888631375afcc05ce578089c4f783776b286b7a60d1b5e189e2742a3240c1036a953d886885422eef01413c38099b64505fd5a73488acb4e611820674c58ae74d6c64a885d4beda9bd7903bcdc71e3711e2a057c0eab2100c321050ab14c6e453c53182577ad3178603cd9afde40a701120e9a36074fd582428c74e02781318e6c65450f8f020bd22475696fe13b8c59260e53a06d16eabd135e887a0a6bbc8ad21be7661df76fec5b13844f68b8eed1a7379713738beac9f23c7a26520e19797a910cde9fb285179526889b908b7eb49bb06f70f6271fba8712c1a4269ebcf4b7d043e924e3d2c4c753fd7e547d95841e335179836f76424e728810d7f32b78256ea30c79d9238a6588426e1f2d4c0b03d5605bd826ed24f0f11326b4cf958632b86e017aa80e142db1580c44f76d9c98196f3f6852ab2bfc6a01a3553a130c2d171957f5a45c3550fbbc990ef8742a98a86b280a57b9f198ff436bc01161ada50e6f23026c3254adf2321bff7e20aa54080bbb57d8d52c6a6df6107706a2e5bc6da68f17b474c0edd39401d765086e885cf7992405f856557915603cbe8894676e996bbadbb649a5e7498b91f9bd2f697dd9ebbe4d386050218b9f4c94781e61c660651c3f1e3ae51f8c035eca365bf15d6db48ea9ce183515f4a208d010f7c23dcacbd6e225490d7e9c133525f5c9018d752b21b4897bf18b64b6a9936f538a0a8958fc934440aeeaad2b68ac844d76f0900a6c95bd0b353d85d4fb62eb88360112237fd8c636a80e3130b21d66ae8ec58a4b76cba0602f96da919f7e84fd37e3ec2379f58e389a39c78d2482e03c379e3c4649ad63a76e3707ecff07d2fcb0c9dfc524cab49e69a09c92e4f88714335cb57d3f6184d07bef9657280fb5c9fd2d8f940f7ac6c5407e3077aa2e4ba8e217e0ee19e302d6d90e3be05a86dade35d2e454e511afb5cf5936f1d11f2fa6be6ceaa817dbdc7a6aabf2fad8ff3efa8382a25099f0c5989d2ad56ae0f4968b2cfcfc67b4f1c161c75900b4848f59a3c0376dfcb7997bf28e9e85d6dd942a360516de38e1c1a038a796f9a77ff2b0c7e5e8f4932391a0e58e76dacc6f9764178a211dfde3e75d367d2911ff398126ffdf83cf2fbdf1ad5232bed9155f7a168638a572094a9e934d4969b358cf6e121d7fd2aeae2f499068b42c152f0e3403a230885d6f92f038ddaa23499f804ffb06abdbabb51f6c38c92fb1a6271a4b13d6d11125b8ec12efa5907dc65062797fb9cca15e2f254e76b182d3fcdb4e96ac4de36d6df7e7bba5c32f422286b1be3b79bffb6fd693761952d195a84ad9ceb07287a0fbefab9e0347b513c5f60233ccd4b52d90ec144a2f896d9dc7f279f8aa93038f3efa286e1c3006933a4d7183d952f8d28b141b28b2af355b5bd8198dfde1ffb8d09202aff0d16ca3fec194662892a49f829813970a4520f1228aa03d211a45bed3b2e05bf1f10b1a152761e7b6c6ddea863a3c02224256092c70ca70dc185c4c385dd98b09e2682661e1e66f71d9c4037048eb70e8a1cbe57de87ec43713abf5fdcf63b9c482f318e3bec37e878dadbae15a02d731e6c8574eb14c059d72f73be5174add786d06b585a28a06d349d8e434a491b34897b3c1ad786ec8280d7f57edd4fbc6aea5485d659b59d393e331cf91e6ed76f340fcf7cf460892fa7318fc42b883f61d888ad982a751accb613c66661fba5f3d6de751a6a9ef8a4700316aaad04e991aab7903f4ef012ec2a8c092234e74ef335daf360ae47bbd2bbc6ad8c1a4f81efe8bbd703cb55ef36b32b4e30cb5a3b165c02ba295d0e1c40ce6ff8f479a74f01275f113ebfa8ade37a59ce70e6ca2a6f48f1be085f61bf772e2c2da523a2cfe63e99c57bdb1ff23139d4fca49eff7547e9880eefd3f7511a677efa23b52098ba89037c48dfcda2e8c1cfb9f892161049e53f8cee55256279512aecab8c441600dae0fd957883273047cf5c66ba209f830aa2ce0cbe41ca08c0cef4aed7f4324009200661a7ce680e5a8df2d051c1d8b2f63d25d8d74d05c75c46c8f3f24d625539e63459650960498a54ec3b16225bbbf4d3930009df265839d72611f5332a904cdebada108236e4414a2909ad01ec44b9d7f75de4385ad7ca5152e890a0919b3639fd1bcbca3b737ebb8d9ae541b1271cf2166ba15830e66f3d3afd3b754a7f81ad4f0999704ae99c114907c5be4a4797f13b80564f234723a34dbe137dabfd7fa23562df679f54a6ab54def6d63deae9844f72fd73efd0413551f5c4b9ee826eb3b7faf92a59ea34a16723b4fea14d1c8815a4e2d39fc48d1dbce526a7c53f5a96d0ef6463a0cee73fd3505f5c764a264b83c4a21f80e8b61c82d24442d13da99d18dc1b2538e7a510f6093d9ef2bc5cc777d4f98411e93919eddfd69d6e20d227cb61c50f358ea227f4de941fb080c1cf6b1f6e25533768fe133dbfc3f9d29c603bed38aa3c5af5b81a706b0067b40b88f992610d04c7cc36b8f649697cd6a93fae51138161891ae75a7147780fc59af5a6e18c54f9d2a4fe7fa92314b399afba9a40d0cc24f70a2593acf8d179215e06b7a9a88224bafcb2cbf60caf5fe4ff38208a70793b5dc33cd572956260e1c86312d3ba9b3a4b2b44376f2e78c616a6c0880ac8dcbaa30b9f761d500fd03a8518dd0509157b184a2d95e0caf3ffc8ac2db6c54d80c71a1e5b9ea3bf51071e2118af204123daceeb04e4f6f31f32a4d3fbb76ee49440cabda2c121c1b99acab5b87cecc37c3f9066af34ab29d6598bbfd91047a2ac7ce3a8f3027ff5e6d743506f161087278896a98ed37122ba208b61cf54d3929555ab06b564cd5e4f46f4755a6cfa2ef2b30d29ea66f2749d4060d411fa9160c91b6f55cf071ac8222c6313df18759e2958cddfe3db4cbeb9cd39abcf5f0beaecae8437813995cb7ed0b87d42ca942ff7245ece204798d01361c5f008e0d82bdf76660515bc78f7f8f409ccf68614b2cb50f5af2615661326fd971bc57eeeade60ea906b8df1cb0dfafd318cd2c396309c329d0469ca192aa8f51d7c4227685440f073983255baf054b97b9d7be1d1470d7eabd5c09b2116b4e86b0567b7e97e088717a4fe3dbdd310a1c39136ea4d2c47492001f9885dba03bf97e7da376171d666441cdc2f999db137603d57df32b4260fa0165e82917bb1631ea314e7a7437e66fc68cef22cda8f456d6e583f6e3237e0bc79987a9103f7cf0918e26881f67ea582e1ff3a49177599d385bf6e42572a2547933aeddb826530e9adf30dd84c3a7fae5c4c26f6c6f3a9f0906decd314e2407825abef959c5416d18a92ff34e6c521a16e8a0a29937c77d4ee99b41d530a732acbe0bf5d274df9d496b47a9a624546bdcf9976cde12ec989cb2a70b33a7c8a3a77652023164695f9db30dfcf587f0cd4f73e385730bcbdd688f6dcb08ba0efbb9f579220afefa4acfea522e864fce9b1782ce9f14824d16e9d33a2609c23ba3c5a1af02549357a0dcc12e37819d778021762cf895abeac1125b744c8b8225a091e7be9ded9993cfa3ca9abb83e25c8f559009977a2ed9374a89619fae5ef6d164bb73d242004dc8428e44689b33ee3bbe88bb4962ab0a32a90e7aea044f08410752cb2d7aeaf3196648a3a99092665b478bb394b48f79b36db0efc7f50d6a5179c945f5298cfaac5e5dea715296f92abce7281d48a0c9c6b785a35ef5f1697c047ddb254fe9a8ab9f498b0c1ae09ffd01a3d8d427fee7e36c51e0e5c2fee2245fb8464626ab5c9857ebce91f7d22bf024d10c2d71021cd69268472de419e6cefd970cc3a8e4d1bbe6496799aa7f100411766e712aff08b731460f14f9d7356db12cf8e1c6121968dc68b1d81c086b325ca4ce6fe1f476707e08fa913144b757c6be17cf93150db29544d207f09a896f33b7335d9339215da751e7af2c6bdd19db6f521af2c8a5998dc607f97026d07111488741134c1c86eba123273d1fd5ee4b471e86f9ae9478a04c7482076ab34a1eca5c64f89e5106eed44bceec019c67c12fb4db4fdac153f4ac3b63ffeb6d30de58ec039e2dd3c181e254cd94d0a2b0b44490384cc5915b54ee1db2b6d059879bf8126c9ca976d0f7862da07ecd350930a081810a7afd72b2ad3f65b96ae9c7f91227a2b5513a559f36b90fe01be9ae5ad3ca65e2c26f358fc26b858a3633fda7ae49a5fb705220a5819b3cca41b1ccc21d7c40f5fa9c422288efa5394e4312675899d704a2aab62b8363f58fd4bc12a8bea6ffc45b4414237bf5f019321206dbba439acb5ef26641f30fdac20f964354bce94e4c9d73e137f9806deefaf6f4acaa0e76ad4fef9f6cb7fc01bbabda9612c05adbe46afcf94819e8a4b4b49ff764784fa432d47fb6d4230900043d1b4521cd6839fe8c5df4d1899fdfb13880e207cac73f0a29020bdd563bd9c2f6bcd1ec523b3e03ebf6164fc65af001830c51396f9df2d346f83a59cfc82201cf1150ea57259d579fc2ed199b3fbe42d5188c84e4354610743e5b23a265246313cc63913f103000000d98b379b80b96d936969572e11316bc8926cb23115186f3b2387b82c3898fa41bf16a308da62d5a3eb3609af1943fddde08a4036eb2a41b7292caad9eb082614b02a1fa255bc7abd4d0e3b4ec1801e131e68c7aa9da1a0ff10f9de87dec8fad1ad8bfa99caa49e203a7b9c33e044d4544a537471e7a452468b821959bc488c6b8cbf81e90081a26de273ad1203cc06adb6af242ab19f96c1c66b58c37e2c9309704fba63af99a8d9c5efc651afb631fe9f546b938cc3b8e526c4159e5c9f7afb29fd1d55fabf09367ce2a63a35e7a2062d1c772ed981fd77157a847f687a177cf9886ce41df8cc509302b46bc1e2ba896b1c1656a1bbfdf4cd9ac39cf8510d1c823075f16550fd044aacc8d42a56f03718f7b18475cdc3999faeb25ab3dd8a807ee04d8e5d831d08b4e309dff50330685138797e10c6362636f53f22bfc1f3d5090a5d369282d9de36bb4e2505411ccc6ea395afa1567b15a2fb4be2adeea7126b1a8e80034105e0d98bdd78e796ce1cdc06a4ae666fc0baec5c52614340ed997673e26ec47c88846c000bb7c9077337cd44f5c041fdcc64986e5e1c0f488148f0ee6f842c44c0b72e82109270341bba6e9080b70fcf930d0f10be5a36798e70111fed72727b72282ff164fc08319d74f1f57cde71b57cb397a9e753f87b97729bafba017a24cbfdee5dfe7fc296c112e93bb8fce560ca80a3afd8370baaa79ad783b51352b5440b144a47378c9ae22eda5794328e95bcca220fd07bb56915529b155c61858efe89ad36a79288e74c0e251addcfaf797432175a5562b46eff5e3aebeb74623e18beef85389383c604d8884431b07dc4bea0174aadc337ff41f558a63f16690feae47efa2a5d1318b7397e1e4ba398727d286791b71610e1d78d32800e7e113c12abf0f60b6ca4401ecd23b7aacd990633b2b017daf6bfef1b2361ece74b7dbcbb1a73d4bc1f9d2e5c9fb0b7980d25cc44d1b10c09ef5a6a05c84669294a5cadf0cd88ab449f9f0bcdd8c48590d416c5c1feaa494a2145949c2a3373df7c6014225f2745bbeb20ff294d22c0d96ca111e6926946207cab56a03162a49e68968e398f70690188ee3ca847ef421742d60b9a6ad029e8a3d607950b2bf8ad8ff297cb39acc94905635770436e134435e28205140331b5100d9f64469792fffac87bca0835cbc617446ff86a7b50418c305f32e658b32130e491e38709fd3697017ac8084cdf1ed81a28375aed092ab4e32ca88a933154dd3a9e99351acbada926b67b310c7070ac1a414a28c5abfe1f45476249a12f18ca2d981528d881ed3c5072e46a6eff3cdf37dcbc89c7f79c88a1f8d15d15beb66a0e4440c7b93e379c4e2bac1d5c8e85f1852887e2cfeb178fba1c67dc2adb0c87df8ca4444ca7f455509f492effb5001328b8cc696e2933207a2d78bbce8562ca34a248193c914406b161c8141479d891b0c6110ec1e25cad38299b489f2ec437017cadba67dcb58abd4933c95b3526f1d4747b8701a7d71e446e4b62e2941d4281faca0cf22914be5aad80f47100000000ceb24e82508fe55a92fb6db70d03d1c1ec09cfee31639341756a4630a0eaaecac7bfbddf9d30c42cbd45eb181d5bd341307ad26f496bb042e2b655c03ac3dcc587acbf50f79b5c239be9938b62d3251b199f8413b020605d5d0552cfd9c39c9132719d6d0a326b000e12fcb51bc274df79d11430060d05978cdd50583f1bca82c57dbee605e2d00fcb5414af13a596d35cb5ba62de6a28cbccc857d23547b1c7fd5ac8fbf6758d5b8451fa46d9acc00344dc2e565674b1dd3547eb8f8aa5fff99042f8d1d59e6ad2f53379211e6832fcb68f5777eb2db85b28f724f4e4ce6342cf55713ff7b0cb4f7f47dd12a6566b86709eaefae024373267ce72a89e7f3e42ab48edcccc96b5d0403fe93a927e5ccf470014f220b8257393226cd7b996f20e6a34f81206733a9fdce03b701943c1b560d3eab68c2c225cf7f7f2b56123be2bb173e9e5b37f4d3348f6b987764ad07c2acd44514ff264d7eda31e5e517a179414841ad4553d51c08f435e05f10aa82d74b97a9ba3a133e6c9175fdcd4f3dc9c16d3be1d5bbaf13240177081ac1d56681bfa988a93af09868afd608520c0bfd71d857a6661fdaf6f2e166987eb007449dd26334ae932c5003fefc0f983b9e49cbfcea325f2de16a9ae935caa46f5b3433957fb370971ed957f138f08a60fed5b84995e428e7ae7d5c22021ff016baef0e713a118344c016a99ad469313ba7f2452da0dd82e019f64aa229cf80a69b3e08ac5847f10d247179855546313232f23e055c2f74ecef14e0fdcc29a9bf0976fbb249bd5c7903183d2a53c70960a183630e7d4928daa7091a85ad987d2a4a5b8f6be6612fa72d9fbb33c67bb38eff19f2e784f94e0354cf6d35a5b2c62233c039de3734b38e97ec72bd673fef09fd56fec329818cc68cdf12cb52f7d37a8350c16e94208880bfcd3e895d7aa4489e3dd15db4a9026f0d2a46f1e89c35845dbd976a1992b87c15a0c7580e6424b8792a7bb7b933d7c5433d4133ba4dbbcf7995d6ed3feaa32f876a287feeb9cc6107778c1f83e0119d980b9e994c2a3ae3de24a103efb3cacb746b49d1ad85746b233ab4aaf0e988ec2a786bc93f32040d3bdc3008031634cdfded5ac95b2279e096243228296591e7ba53c4a127772cc4620e6b238ccad250629194533d0a669ff3366c52d64928693e0b0cbb0b8e2c6029089d4dfe2b4b6c5dcd85f1a02770611e65001e48a32a8b0431a3b9d77fa3a95be38a0436a704c05a8e0183f3214c25531a63796f679bf72885aa766468d42b2543542d7e82544efc5c5e81e6a91a0f5d4e68000cff687d63e45c9a11d4ef515050daa592c9a828ac7c0488e7cdb3d6fdaef5e9176ee68d981ea50d386d74df3b40660351736deb03bfceb721878cf9894b0302df15964242ab6b9f77f98ba1c7993735983d2b022600ab74a19e3636e1400d08ba45d3a5c2774cb06a1c358bbfc11d27efaf7ca53c2e7757c8c76da24707d91a4a5244262898d68083ff91c514d9b9b1ebaa0cb0b10254fda1b1e82b9a1a47f117b5b280ddbec1f6732d11117ef1a7a674699df87fe795d1243cb9c4527e364e2b711b6562a87fafc130ce0baf1701686639b05f0c8dc708f008b1e6ab89e8d623bb83f3d54b7bcdbdacd055ac4eccbd36bbe0af0f65a00e3d6dd985ae8851d176976cfb5816d1fc2a63d3546aecaa4e712ca6961d1f181315d553de6b53485faed0dcfcf819a1ba3badffe797377d3d1ddaed8e7a0acc0c3d277762262a139f94de49faca167b11bf04f2104a5ab9a73367a6461f7124c91a2c4229ef98e6ebde9aac283c7d029400d71293f488ba169b62c1e94689cf5b248ed4aea62b88d65bb764cfe27d5231a58486e7381df518f4ed81cb905108c54a5050a94ca0e94da20d3794bc5fab9127dc95b6404b1e27b4e28136fc27806f7be798444c33aca88ffd45b860eba0d5033839f5a092863954604f1952bd61dad23b11643fe14f3ade08116aa2c13eee701ccd13e506bd65a1060bf69579aea8c8143cd38c0891a3065f251eba0c20ab9c69ddf28e3bd6400cc203bac8de1882239ad4e1b97b0ae2f1abb7bac7c0d8ef82b97ebfb1f5577f06a3a1377b09ada4db87d342f20ab0eca4b9c206042471307511429cb57a578211f92d3647189861cad9145f5eb26ab696abe50a2a6c1b469df97da28aba4e79b586c348a430f5ea61c4be1032fa61d18581f05a07fb8707c8996e0fff1c3eda59b992687fa12483b9327e10224b20d42e8b3fc4670bf070ced602283273d6818acd1f6da567c44d3f5e1377065d43d87d889843ae48e7fa8ba1634815695b8c480ca271e6e833799c70da80fd79acc09b989667a2294de5da73f0363df9a33ad4dab8d27cf7bed0a06838672e3d07d52b6396e9b5576021d5e925abd533bf161c944795065fdd44e8462e3070c479f1c118276653488dd9b2f1a673f8cad3612ca1fab4388ec9c8f834a01a499adb7b3a9a977672f6d75b41bbdd7f91ceb7e7a88568d17bb432be9e4e96e115075bce197ef4754d2914c2c59e2d7f4c08f0dbe34d31f229428f211bf1d7e8f5c319ed4a8273cb6255eb318851ac4557b0278fac63107a54d407c42f300b843a12abd3b893b46c7efac2e388ab42b87aebe2543bd4c15f459bc50aad10ffe1c1196fb52c26e54bdaa7fbd52451f207ffb073ef4b3f71eedd7da40c89505019739e3fa733bcdc84ff4919e8fe2358129ef28291be1d6426b8bafe88463b1d3cd7273745381c7f65221898e6ad361e88b24c54ccc7ac9a830145b6dc096e2d71ef71ec4f03524cb870b724e08d223bdec2f6fdde6200217a13b5136004d455d66547f5a1793e0cad85677d49e5c558852107007c8136812cf021afaf6f7e8f59883371be46cda412dd9c6fcf187c31252ceb5758901d39cd5355ab386d9a7fe6ea46ebf277aaf809c3023211ea9aa189de4d422080ebb9fec50ffab6b95ba4ae5018accc497e79149ed6047ce561ccc10e9194cdccd5c9fb75175c8dbc9d0a916ad59288f010defbbb50d263041ab37aac0f93253bef6f898cd0825d99d27224f26181f9713b8979da64756c95e7505f25a2688960d6155c3613dcc31b6c337a6dbfc6b12cfde1db22b93bbd5e48534fb0bda8b212577a14dcf665c834b0bd24e5f624d2455fe048dbe930328d7cb632db3b0e244bb5d43390b420b15157a339487fc78976f867d3a361aafdd3f50a93c01882da7c220089a544381db22e2c86b228dc2be01820468460437588952a549d37498e529e62aa62bad1580546bcb1e9a6ed1870b7838d05d12f6e3a041e78b1bdb80894626f20889ccb3a468aa4fb24b9c87cbb28623ce59c6b3c6286db366d08004551a25fe4d8d194a2bb7c52e1c85a5fbe4cb15b171489da121bea1c469a6bb185d63213084e3a81ee54dc03a94dc5ecdda7bfaad1df68021aaf4627c9d529f13e5c81b5ee4dd228949ca16b9a61d186211d153294470907557e5e14ae665013f285fe4d3766e7b3d8ce5e2a14692072d4d8f79354bcc8db8a2a36c8bcd", 0x2000, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000066c0)={0x90, 0xffffffffffffffda}, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f00000020c0)='./file0/file0\x00', 0x0, 0x0) 01:39:20 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1792.597358][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:20 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:21 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001600)={0x1, &(0x7f00000015c0)=[{0x6}]}) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) io_setup(0x3ff, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f00000014c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}]) 01:39:21 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1792.960775][T30828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1793.000849][T13450] binder: 13449:13450 ioctl c0306201 0 returned -14 01:39:21 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1793.057570][ T27] audit: type=1326 audit(1680226761.252:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13451 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae5b88c0f9 code=0x0 01:39:21 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1793.331326][T13458] binder: 13456:13458 ioctl c0306201 0 returned -14 01:39:21 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:22 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:22 executing program 2: syz_open_dev$loop(0x0, 0x0, 0x0) io_setup(0xa9f2, &(0x7f0000000080)) [ 1793.983605][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:22 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:22 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1794.077775][T13473] binder: 13470:13473 ioctl c0306201 0 returned -14 01:39:22 executing program 2: clock_gettime(0x47ee05c4dd150837, 0x0) [ 1794.182892][T13478] binder: 13477:13478 ioctl c0306201 0 returned -14 01:39:22 executing program 2: r0 = creat(&(0x7f0000001600)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x7, 0x1fe) creat(&(0x7f00000015c0)='./file0\x00', 0x0) 01:39:22 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:23 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x5451, 0x0) 01:39:23 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:23 executing program 2: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) inotify_init() syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='mountinfo\x00') pselect6(0x40, &(0x7f0000000200)={0x72}, 0x0, 0x0, 0x0, 0x0) [ 1794.960308][T13496] binder: BINDER_SET_CONTEXT_MGR already set [ 1794.966461][T13496] binder: 13495:13496 ioctl 40046207 0 returned -16 [ 1794.974842][T13496] binder: 13495:13496 ioctl c0306201 0 returned -14 01:39:23 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:23 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1795.055080][T13499] binder: BINDER_SET_CONTEXT_MGR already set [ 1795.084904][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1795.103258][T13499] binder: 13495:13499 ioctl 4018620d 20000100 returned -16 01:39:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_mr_cache\x00') pread64(r0, 0x0, 0x0, 0x0) [ 1795.173044][T13506] binder: 13501:13506 ioctl c0306201 0 returned -14 01:39:23 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:23 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000580)) 01:39:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ptype\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:23 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:23 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x40086602, 0x0) 01:39:24 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:24 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x5421, 0x0) 01:39:24 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1795.941784][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1795.976139][T13527] binder: 13526:13527 ioctl c0306201 0 returned -14 [ 1796.163619][T13533] binder: 13530:13533 ioctl c0306201 0 returned -14 01:39:24 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:24 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') pread64(r0, 0x0, 0x0, 0x2) [ 1796.224638][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:24 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e27306cc", 0x2c}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:24 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$alg(0x26, 0x5, 0x0) io_submit(r0, 0x2, &(0x7f0000000880)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfcfdffffffffffff}]) 01:39:24 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x1276, 0x0) 01:39:24 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:25 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x2, 0x0, r1, 0x0}]) [ 1796.857902][T13556] binder: 13553:13556 ioctl c0306201 0 returned -14 01:39:25 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:25 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:25 executing program 2: openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x9}, 0x0, 0x0, 0x0, 0x0) [ 1797.100139][T13561] binder: 13560:13561 ioctl c0306201 0 returned -14 [ 1797.109462][ T1216] ieee802154 phy0 wpan0: encryption failed: -22 [ 1797.117647][ T1216] ieee802154 phy1 wpan1: encryption failed: -22 01:39:25 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1797.257646][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1797.260388][T13566] binder: 13560:13566 ioctl c0306201 20001480 returned -14 [ 1797.350734][T13566] binder_alloc: 13560: binder_alloc_buf, no vma 01:39:25 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:25 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1797.841360][T13578] binder: 13577:13578 ioctl c0306201 0 returned -14 01:39:26 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:26 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, r1, 0x0, 0x0, 0x0, 0x0, 0x2}]) [ 1798.134953][T13583] binder: 13582:13583 ioctl c0306201 0 returned -14 01:39:26 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:26 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1798.308969][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1798.318154][T13584] binder: 13582:13584 ioctl c0306201 20001480 returned -14 [ 1798.349552][T13584] binder_alloc: 13582: binder_alloc_buf, no vma [ 1798.387615][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:26 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x11, 0x0, 0x9) 01:39:26 executing program 2: pipe2(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$tcp_congestion(r0, &(0x7f0000000080)='reno\x00', 0xfe09) 01:39:26 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:26 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:27 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:27 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1798.920204][T13602] binder: 13599:13602 ioctl c0306201 0 returned -14 [ 1799.017402][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1799.053359][T13609] binder: 13599:13609 ioctl c0306201 20001480 returned -14 01:39:27 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) r1 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) dup3(r1, r0, 0x0) [ 1799.070332][T13611] binder: 13610:13611 ioctl c0306201 0 returned -14 [ 1799.097409][T13609] binder_alloc: 13599: binder_alloc_buf, no vma 01:39:27 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1799.221479][T13614] binder: 13610:13614 ioctl c0306201 20001480 returned -14 [ 1799.260553][T13614] binder_alloc: 13610: binder_alloc_buf, no vma [ 1799.338310][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1799.406648][T13613] loop2: detected capacity change from 0 to 2048 [ 1799.476698][T13613] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! 01:39:27 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1799.555478][T13613] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1799.655271][ T27] audit: type=1804 audit(1680226767.842:1343): pid=13613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D74657374646972333635323532333131362F73797A6B616C6C65722E644D794E30382F323735372F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6531 dev="loop2" ino=1335 res=1 errno=0 01:39:27 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:28 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) r1 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 01:39:28 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1799.964931][T13626] binder: 13624:13626 ioctl c0306201 0 returned -14 [ 1799.978782][T13627] binder: 13625:13627 ioctl c0306201 0 returned -14 01:39:28 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1800.095713][T13631] binder: 13624:13631 ioctl c0306201 20001480 returned -14 [ 1800.116448][T13629] binder: 13625:13629 ioctl c0306201 20001480 returned -14 [ 1800.127773][T13629] binder_alloc: 13625: binder_alloc_buf, no vma 01:39:28 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1800.262725][T13630] loop2: detected capacity change from 0 to 2048 [ 1800.310379][T13630] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1800.377788][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1800.431324][T13630] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1800.596705][ T27] audit: type=1804 audit(1680226768.782:1344): pid=13630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D74657374646972333635323532333131362F73797A6B616C6C65722E644D794E30382F323735382F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6531 dev="loop2" ino=1335 res=1 errno=0 01:39:28 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) r1 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 01:39:28 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:28 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:29 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1800.866620][T13641] binder: 13640:13641 ioctl c0306201 0 returned -14 [ 1800.989754][T13642] binder: 13640:13642 ioctl c0306201 20001480 returned -14 [ 1801.011418][T13645] binder: 13644:13645 ioctl c0306201 0 returned -14 [ 1801.129745][T13651] binder: 13644:13651 ioctl c0306201 20001480 returned -14 [ 1801.154370][T13647] loop2: detected capacity change from 0 to 2048 01:39:29 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r1, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1801.182863][T13651] binder_alloc: 13644: binder_alloc_buf, no vma [ 1801.188479][T13647] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1801.212822][T13647] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) 01:39:29 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780), 0x0, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1801.411018][ T27] audit: type=1804 audit(1680226769.602:1345): pid=13647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D74657374646972333635323532333131362F73797A6B616C6C65722E644D794E30382F323735392F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6531 dev="loop2" ino=1335 res=1 errno=0 [ 1801.455882][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:29 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) r1 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 01:39:29 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:29 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1801.871784][T13666] binder: 13664:13666 ioctl c0306201 0 returned -14 [ 1801.912459][T13663] loop2: detected capacity change from 0 to 2048 [ 1801.931711][T13668] binder: 13667:13668 ioctl c0306201 0 returned -14 [ 1801.985527][T13663] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1801.999854][T13669] binder: 13664:13669 ioctl c0306201 20001480 returned -14 [ 1802.023228][T13663] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1802.035624][T13670] binder: 13667:13670 ioctl c0306201 20001480 returned -14 [ 1802.057518][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:30 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:30 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1802.263823][ T27] audit: type=1804 audit(1680226770.452:1346): pid=13663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D74657374646972333635323532333131362F73797A6B616C6C65722E644D794E30382F323736302F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6531 dev="loop2" ino=1335 res=1 errno=0 01:39:30 executing program 2: syz_open_dev$loop(0x0, 0x0, 0x0) io_setup(0xa9f2, &(0x7f0000000080)) getpgrp(0xffffffffffffffff) syz_open_procfs$userns(0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) io_submit(0x0, 0x0, 0x0) r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.log\x00', 0x10000, 0x104) ioctl$PIO_SCRNMAP(r0, 0x4b41, 0x0) [ 1802.457244][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$BLKGETSIZE(r0, 0x1260, 0x0) 01:39:30 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780), 0x0, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:30 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:30 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 01:39:31 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0) [ 1802.904978][T13695] binder: 13689:13695 ioctl c0306201 0 returned -14 [ 1802.916425][T13694] binder: 13691:13694 ioctl c0306201 0 returned -14 [ 1803.012318][T13698] binder: 13689:13698 ioctl c0306201 20001480 returned -14 [ 1803.029429][T13700] binder: 13691:13700 ioctl c0306201 20001480 returned -14 [ 1803.055399][T13699] loop2: detected capacity change from 0 to 2048 [ 1803.064033][T13698] binder: 13689:13698 ioctl c0306201 0 returned -14 [ 1803.097834][T13699] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1803.196866][T13699] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1803.235609][T13699] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1328) has entry past directory size at pos 276 01:39:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000080)) 01:39:31 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:39:31 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1803.497933][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:31 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 01:39:31 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x36}}, 0x0) 01:39:31 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1803.730186][T13711] binder: 13709:13711 ioctl c0306201 0 returned -14 [ 1803.749089][T13713] binder: 13712:13713 ioctl c0306201 0 returned -14 [ 1803.791899][T13715] binder: 13709:13715 ioctl c0306201 20001480 returned -14 [ 1803.809959][T13716] binder: 13712:13716 ioctl c0306201 20001480 returned -14 01:39:32 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780), 0x0, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1803.868071][T13720] binder: 13709:13720 ioctl c0306201 0 returned -14 01:39:32 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x36}}, 0x0) 01:39:32 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x36}}, 0x0) 01:39:32 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x36}}, 0x0) 01:39:32 executing program 2: pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) write$tcp_congestion(r0, 0x0, 0x0) 01:39:32 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 1804.537363][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:32 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 1804.723486][T13735] binder: 13734:13735 ioctl c0306201 0 returned -14 [ 1804.735064][T13736] binder: 13733:13736 ioctl c0306201 0 returned -14 01:39:33 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1804.851311][T13739] binder: 13734:13739 ioctl c0306201 20001480 returned -14 [ 1804.859198][T13740] binder: 13733:13740 ioctl c0306201 20001480 returned -14 01:39:33 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:33 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x8, 0x0, 0xffffffff000) [ 1804.914447][T13739] binder: 13734:13739 ioctl c0306201 0 returned -14 [ 1804.939690][T13740] binder: 13733:13740 ioctl c0306201 0 returned -14 01:39:33 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="8f", 0xfffffdef}], 0x1, 0x0, 0x0) 01:39:33 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1805.131218][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:33 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 01:39:33 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 1805.581079][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1805.659272][T13762] binder: 13761:13762 ioctl c0306201 0 returned -14 [ 1805.681856][T13764] binder: 13763:13764 ioctl c0306201 0 returned -14 [ 1805.793106][T13766] binder: 13761:13766 ioctl c0306201 20001480 returned -14 [ 1805.829347][T13767] binder: 13763:13767 ioctl c0306201 20001480 returned -14 [ 1805.871409][T13767] binder: 13763:13767 ioctl c0306201 0 returned -14 01:39:34 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:34 executing program 2: syz_open_dev$loop(0x0, 0x0, 0x0) pipe2(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4080) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, 0x0) pipe2(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, 0x0) openat$incfs(r1, &(0x7f0000000040)='.log\x00', 0x204000, 0xc) write$cgroup_devices(r0, &(0x7f0000000000)={'b', ' *:* ', 'm\x00'}, 0x8) io_setup(0xa9f2, &(0x7f0000000080)) 01:39:34 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:34 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 01:39:34 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 01:39:34 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00') pread64(r0, 0x0, 0x0, 0x0) [ 1806.574275][T13784] binder: 13782:13784 ioctl c0306201 0 returned -14 [ 1806.617160][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1806.630549][T13785] binder: 13783:13785 ioctl c0306201 0 returned -14 [ 1806.695534][T13788] binder: 13782:13788 ioctl c0306201 20001480 returned -14 [ 1806.705608][T13790] binder: 13783:13790 ioctl c0306201 20001480 returned -14 01:39:35 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="17000000", @ANYRES16=r1, @ANYBLOB="0100000000000000000049"], 0x28}}, 0x0) [ 1806.830391][T13785] binder: 13783:13785 ioctl c0306201 0 returned -14 01:39:35 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1806.991894][T13796] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.2'. 01:39:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x127e, 0x0) [ 1807.147699][T13798] binder: 13797:13798 ioctl c0306201 0 returned -14 01:39:35 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:35 executing program 2: openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x82, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) [ 1807.267916][T13801] binder: 13797:13801 ioctl c0306201 20001480 returned -14 01:39:35 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 01:39:35 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1807.480793][T13805] binder: 13804:13805 ioctl c0306201 0 returned -14 01:39:35 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f00000014c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) [ 1807.549306][T13811] binder: 13804:13811 ioctl c0306201 20001480 returned -14 01:39:35 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:36 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') sendfile(r0, r0, 0x0, 0x1000) [ 1807.764208][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:36 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 01:39:36 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x8, 0x0, r1, 0x0}]) [ 1808.031183][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1808.076235][T13829] binder: 13828:13829 ioctl c0306201 0 returned -14 [ 1808.146931][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:36 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @remote, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @remote, @rand_addr, @empty, @multicast1}}}}, 0x0) 01:39:36 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0}) [ 1808.307340][T13833] binder: 13828:13833 ioctl c0306201 20001480 returned -14 01:39:36 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x401070cd, 0x0) [ 1808.436404][T13836] binder: 13835:13836 ioctl c0306201 0 returned -14 [ 1808.619389][T13838] binder: 13835:13838 ioctl c0306201 20001480 returned -14 01:39:36 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:36 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:36 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00') openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) 01:39:37 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={0x0}}, 0x0) 01:39:37 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1809.013808][T13853] binder: 13851:13853 ioctl c0306201 0 returned -14 [ 1809.025902][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1809.175249][T13861] binder: 13851:13861 ioctl c0306201 20001480 returned -14 01:39:37 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000018c0)={&(0x7f00000005c0), 0xc, &(0x7f0000001880)={&(0x7f0000000600)={0x54, 0x13, 0x6d05ab824ce846b9, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x1, "fe4f8a72"}]}, 0x54}}, 0x0) 01:39:37 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0}) 01:39:37 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:37 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) clock_gettime(0x0, &(0x7f0000000040)) io_getevents(r0, 0x1, 0x1, &(0x7f0000000000)=[{}], 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}]) [ 1809.400975][T13866] binder: 13864:13866 ioctl c0306201 0 returned -14 [ 1809.544360][T13871] binder: 13864:13871 ioctl c0306201 20001480 returned -14 01:39:37 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) clock_gettime(0x0, &(0x7f0000000040)) io_getevents(r0, 0x1, 0x1, &(0x7f0000000000)=[{}], 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}]) 01:39:38 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0}) 01:39:38 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1809.933039][T13879] binder: 13878:13879 ioctl c0306201 0 returned -14 [ 1810.052880][T13882] binder: 13878:13882 ioctl c0306201 20001480 returned -14 01:39:38 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:39:38 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) clock_gettime(0x0, &(0x7f0000000040)) io_getevents(r0, 0x1, 0x1, &(0x7f0000000000)=[{}], 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}]) 01:39:38 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0}) [ 1810.250705][ T5199] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1810.323554][T13897] binder: 13893:13897 ioctl c0306201 0 returned -14 01:39:38 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) clock_gettime(0x0, &(0x7f0000000040)) io_getevents(r0, 0x1, 0x1, &(0x7f0000000000)=[{}], 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, 0x0, r1, 0x0}]) [ 1810.395218][T13900] binder: 13893:13900 ioctl c0306201 20001480 returned -14 01:39:38 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:38 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0}) 01:39:38 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='oom_score_adj\x00') pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="ef", 0x1}], 0x1, 0x0, 0x0) [ 1810.841873][T13913] binder: 13911:13913 ioctl c0306201 0 returned -14 01:39:39 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000000c0), &(0x7f0000000100)={'U-'}, 0x16, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 1810.943722][T13915] binder: 13911:13915 ioctl c0306201 20001480 returned -14 01:39:39 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1811.190226][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:39 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x1268, 0x0) [ 1811.352467][T13919] binder: 13918:13919 ioctl c0306201 0 returned -14 [ 1811.374914][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:39 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:39 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x8, 0x0, 0x1fe) [ 1811.490659][T13921] binder: 13918:13921 ioctl c0306201 20001480 returned -14 01:39:39 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:39:39 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0}) 01:39:39 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) ftruncate(r0, 0xa) 01:39:39 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1811.871274][T13940] loop2: detected capacity change from 0 to 2048 [ 1811.881959][T13940] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1811.938506][T13940] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1811.991514][T13946] binder: 13943:13946 ioctl c0306201 0 returned -14 01:39:40 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) ftruncate(r0, 0xa) 01:39:40 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1812.130352][T13949] binder: 13943:13949 ioctl c0306201 20001480 returned -14 [ 1812.330247][T13953] binder: 13950:13953 ioctl c0306201 0 returned -14 [ 1812.377120][ T5199] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1812.479315][T13954] loop2: detected capacity change from 0 to 2048 [ 1812.487575][T13955] binder: 13950:13955 ioctl c0306201 20001480 returned -14 [ 1812.535547][T13954] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! 01:39:40 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1812.662535][T13954] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) 01:39:40 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:41 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r2], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:39:41 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) ftruncate(r0, 0xa) 01:39:41 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1812.912400][T13959] binder: 13958:13959 ioctl c0306201 0 returned -14 [ 1813.014726][T13967] binder: 13958:13967 ioctl c0306201 20001480 returned -14 01:39:41 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1813.153937][T13978] binder: 13975:13978 ioctl c0306201 0 returned -14 [ 1813.263612][T13979] binder: 13975:13979 ioctl c0306201 20001480 returned -14 [ 1813.331323][T13969] loop2: detected capacity change from 0 to 2048 [ 1813.400629][T13969] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 1813.417058][ T5199] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1813.495530][T13969] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) 01:39:41 executing program 2: syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2004008, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES8=0x0, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x1, 0xc1d, &(0x7f0000002500)="$eJzs3V9sXfddAPDv78SOnRZtl65Ju1FNt53oQsaC7SxNK0+iocYwlrWmjjegPPQmdsIljn1lO11SwVbEQx9AwgyJF4YEQkMVD5N5GBI8DQkJISFhoUkIEFLotlKEkO7Dqr6gGp1zf9e+dtzGq+M4ST8fKfmee873d+7vz+k5597fPU0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABE/87Onh4bTftcCALidnp18fmjE9R8APlDO+vwPAAAAAAAAAAAAAAB3uhRFvBkpvvxIO71Yve4YPNOcu3J1amx8+2KHUlXyQJVf/hkcHjnxmZNPnHqyG9+7/K320Xhu8uzp+jPzl1sLM4uLM9P1qbnm+fnpmR3vYbfltzpWdUD98qUr0xcuLNZHjp/YtPlq7Y2B+4/URk8Nv3C4mzs1Nj4+2ZPT1/++332Tf1reGNetDkYRFyLFpdfeTI2IKGKbvvhu7Yfqi5scO3vtUNWIY1UjpsbGq4bMNhtzS+XGiW5HFBG1nkJPd4/9PR6LXatHvFJWv6zwsbJ5k63GQuPc7Ex9orGw1Fxqzs9NpE5tU5VexJMpohUR7YEbd9cfRXwlUrz69XY6FxEHuv3wqerB4JvXp9iDNu5AX0TU+iNWi7tgzO5gA1HENyPF1746FOdzv1bd9njEF8p4JOJKGa9HLJfx4xGpPEAejHhrm+OJu0tfFPE7keIHo+003R376rxy5ov1z81dmO/J7Z5Xdnut3Pfrw+10h5+bBqOIRnXGb6f3f7MDAAAAAMCdp4jfjxSPfudoakXvnGJz7mL9bOPcbOdb4e53//Vcam1tba2WOnEox4kcWzku57iS42qO7RxrRS6f40SOrRyXc1wp4sdPluXz63aOtQO5fI4TObZyXM5xJcfVHNs51vpy+RwncmzluJzjSo6rObb79nG4AAAAAAAAAGAbh6KIL0WKx3/qpeq54qieS//w6Knnj/9C7zPjD99kP2Xu8YhYKXb2TO7B/OjwRJpIaZ+eIabz/N9v5uf/fmu/KwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyrIop4LFK89K12ihQR9YgXoxOvD+x37QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFthMBXxVqT4w88PVq9Xi4hfiYh31t5Zi4jr76zt0r/9w5YV+91iAAAAAAAAALgHpSKuRYrHnm+nWkRcrb0xcP+R2uip4RcOH4gDkcqU3vznJs+erj8zf7m1MLO4ODNdn5prnp+fntnp2w2eac5duTo1Nr4njbmpQ3tc/0ODz8y3ri00L/7a0rbb7xs8fW5xaaFxfvvNcSiKiHrvmmNVhafGxqtKzzYbc1XRibTTGgMAAAAAAADwQdCfingnUrz656+tzzv3deb8+7bmfuOzEUVeHsvzz+vT0NXvBj5U/W6gs/zh0VO/OPKx3uVtp6yPVRPq9amx8fHJntV9/TemDub3Hdpdk+lRjv9SpPjdP66nR/O6zeN/YD33G7+xMd6vbN3Ru4z5bsf/R3vWle+ZUhF/GSl+7Jcejkeret4XN/xmIud9PlL88sojOS8OlnmP5e0PVH8PXmjOzgyVuVcjxd9e2Zz7eM79yEbu8I479i5Rjv9jkeJ/fnVlvW/y+OcR2Bi13vH/2NajY4/G/4GedbX8vp+4NU0nIhavvXypMTs7s2DBggUL6wvvfd44dLtOUOyp8vr/pUjxN3/w7+v3O/n6/yOdVxv3f29/ZeP6P7p1R3t0/f9Iz7rRfDfS3xcxuHS51f9QxODitZc/3bzcuDhzcWbuxKmnnhgZemp46ET/we7N3cbSrvvqXlSO/69Him++/hfxybxu8/3f9vf/923d0R6N/4M96+7bdL+y66aTx///IsXfj307juZ173X/3/38fzTfhK/fn+/R+B/uWVd9xvtQxE/0rDt6OOKe+1AGAAAAt1hKRXw7z6cO3WQ+9e8ixcv//ZM5Lx0p857O22vV34PPzs99+vTs7Pz5xlLj3OxMfbLVOD9Tlv1epGj/2SO5bFHNr3bnmztzvBtzsf8cKZ76+W5uZy62+93Ugxu5w2Xu8Ujxe89uzu1+j3F4I3ekzP2PSDH8wva5RzZyT5S5/xUp3v6jejf3T3/7H7//iYX6ySrroY3c4+fnZ6f3ZGAAAAAAAGAX+lMRT0SKvz7Rlz6b1+3k9583fOm9R7//e6hn3fRtel5l150KAHe48vp/tLyq//SfrM/lb77+b/x/AHqv/1v1/rsB77b8fq7/tVvTTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPnBRFzEeKLz/STtcHytcdg2eac1euTo2Nb1/sUKpKHqjyyz+DwyMnPnPyiVNPduN7l7/VPhrPTZ49XX9m/nJrYWZxcWa6PjXXPD8/PbPjPey2/FbHqg6oX750ZfrChcX6yPETmzZfrb0xcP+R2uip4RcOd3OnxsbHJ3ty+vrf97vfIL3L+oNRxP9GikuvvZn+cyCiiN33xU2Onb12qGrEsaoRU2PjVUNmm425pXLjRLcjiohaT6Gnu310G8ZiV+oRr5TVLyt8rGzeZKux0Dg3O1OfaCwsNZea83MTqVPbVKUX8WSKaEVEe+DG3fVHEf2R4tWvt9PrAxEHuv3wqWcnnx8auXl9ij1o4w70RUStP2K1uAvG7A42EEWcjBRf++pQfHeg069Vtz0e8YUyHom4UsbrEctl/HhEKg+QByPe2uZ44u7SF0U8ECl+MNpO3xvIY1+dV858sf65uQvzPbnd88pdf324ne7wc9NgFPFmdcZvp+/77xkAAAAA4B5SxMOR4tHvHE3V/OD6nGJz7mL9bOPcbOdr/e53//Vcam1tba2WOnEox4kcWyl+rozL+fVKjqs5ttO11//1uYf+5a/Gc/kil8+xleNyjis5rubYzrF2IJfPcSLHVo7LOa7kuJpjO8daXy6f40SOrRyXc1zJcTXHdt9+jhcAAAAAAADA9ooo4pOR4qVvtdPaQGeC98XoxOueB7rn/X8AAAD//3WBYC8=") r0 = open(&(0x7f0000001340)='./file1\x00', 0x163142, 0x0) ftruncate(r0, 0xa) 01:39:41 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:42 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1813.893270][T13983] binder: 13982:13983 ioctl c0306201 0 returned -14 01:39:42 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1813.969945][T13983] binder: 13982:13983 ioctl c0306201 20001480 returned -14 [ 1814.022858][T13981] loop2: detected capacity change from 0 to 2048 [ 1814.102574][T13981] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! 01:39:42 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:42 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, 0x0, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1814.145904][T13991] binder: 13988:13991 ioctl c0306201 0 returned -14 01:39:42 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1814.217331][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1814.235756][T13981] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1814.262478][T13993] binder: 13988:13993 ioctl c0306201 20001480 returned -14 [ 1814.307022][T13991] binder: 13988:13991 ioctl c0306201 200001c0 returned -14 [ 1814.327707][T13997] binder: 13994:13997 ioctl c0306201 0 returned -14 01:39:42 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 1814.429981][T14005] binder: 13994:14005 ioctl c0306201 20001480 returned -14 [ 1814.457420][ T5199] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:43 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000003380), 0x1, 0x0) write$binfmt_elf64(r0, 0x0, 0x0) [ 1814.768178][T14008] binder: 14007:14008 ioctl c0306201 0 returned -14 01:39:43 executing program 2: symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') [ 1814.890645][T14011] binder: 14007:14011 ioctl c0306201 20001480 returned -14 [ 1814.938453][T14008] binder: 14007:14008 ioctl c0306201 200001c0 returned -14 01:39:43 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:43 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:43 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) [ 1815.201287][T14018] binder: 14017:14018 ioctl c0306201 0 returned -14 [ 1815.228157][T14016] binder: 14015:14016 ioctl c0306201 0 returned -14 [ 1815.246129][T14020] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 01:39:43 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, 0x0, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1815.294658][T14023] binder: 14015:14023 ioctl c0306201 20001480 returned -14 [ 1815.304614][T14024] binder: 14017:14024 ioctl c0306201 20001480 returned -14 [ 1815.348625][T14018] binder: 14017:14018 ioctl c0306201 200001c0 returned -14 01:39:43 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:43 executing program 0: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) inotify_init() socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') pselect6(0x40, &(0x7f0000000200)={0x72}, 0x0, 0x0, &(0x7f00000002c0), 0x0) 01:39:43 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = dup2(r0, r0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f0000000100)='f', 0x1}], 0x1, 0x0, 0x0) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="8f", 0x1}], 0x1, 0x0, 0x0) [ 1815.540403][T14032] binder: 14028:14032 ioctl c0306201 0 returned -14 [ 1815.577794][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:43 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1815.602412][T14034] binder: 14028:14034 ioctl c0306201 20001480 returned -14 01:39:43 executing program 0: creat(&(0x7f0000000000)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) [ 1815.739126][T14032] binder: 14028:14032 ioctl c0306201 200001c0 returned -14 01:39:44 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='sessionid\x00') pread64(r0, 0x0, 0x2, 0x0) 01:39:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180), 0x2000018c, &(0x7f0000000280)={0x0}}, 0x0) 01:39:44 executing program 5: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x1, 0x1000000, &(0x7f0000000140)="e9"}) dup2(r2, r3) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001480)={0x8, 0x0, &(0x7f0000001380)=[@increfs={0x40046305}], 0x47, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 01:39:44 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x700}}, 0x0) [ 1816.057469][T14056] binder: 14052:14056 ioctl c0306201 0 returned -14 [ 1816.200333][T14058] binder: 14052:14058 ioctl c0306201 20001480 returned -14 [ 1816.278465][T14056] binder: 14052:14056 ioctl c0306201 200001c0 returned -14 01:39:44 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780), 0x0, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:44 executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffced, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)="662a7f34a6c128163a61b684dd2484df5b163b259bdbba09b3ddacee92e772102202e7afe6bf1a6f1aeea4a19c1abcb7ba6dcf3043eea11f5a1d3ff6eae01a0483b65bf51df98659c43f8cd333ed78319e9801000000eef5011200"}) [ 1816.447511][T14062] binder: 14061:14062 ioctl c0306201 20000180 returned -14 01:39:44 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x700}}, 0x0) 01:39:44 executing program 5: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) inotify_init() syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/stat\x00') pselect6(0x40, &(0x7f0000000200)={0x72}, 0x0, 0x0, &(0x7f00000002c0), 0x0) [ 1816.640168][T13857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:44 executing program 0: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) inotify_init() syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') pselect6(0x40, &(0x7f0000000200)={0x72}, 0x0, 0x0, &(0x7f00000002c0), 0x0) 01:39:44 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, 0x0, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:44 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:44 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x1269, 0x0) 01:39:44 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x700}}, 0x0) 01:39:45 executing program 5: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={{r0}}) 01:39:45 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x7}, 0x2000018c, &(0x7f0000000280)={0x0, 0x700}}, 0x0) 01:39:45 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x401070c9, 0x0) [ 1817.257370][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1817.579492][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1817.658767][T13857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:45 executing program 0: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x0, 0x100, 0x0, 0x2}]) 01:39:45 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000001400)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='L', 0x1, 0x10d0}]) fadvise64(r0, 0x0, 0x6, 0x4) 01:39:45 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x5460, 0x0) 01:39:45 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780), 0x0, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:46 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:46 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:46 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0xfffffffffffffff8}) 01:39:46 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/exec\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:46 executing program 5: syz_open_procfs(0x0, &(0x7f0000001080)='uid_map\x00') 01:39:46 executing program 2: syz_emit_ethernet(0x46, &(0x7f0000000140)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "938d54", 0x2, 0x11, 0x0, @local, @local, {[], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) 01:39:46 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x40049409, 0x0) 01:39:46 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x401070ca, 0x0) 01:39:46 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1fe) 01:39:46 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000600)={0x54, 0x13, 0x6d05ab824ce846b9, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x1, "fe4f8a72"}]}, 0x54}}, 0x0) 01:39:46 executing program 5: prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff8000/0x4000)=nil, 0x4000, &(0x7f0000000040)='b\x8b\x8b\xea\x7f\x14\xe5w\xc4\xe2\xd2\x0elQo\xb3\x82\xb5\x83') pkey_mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0xffffffffffffffff) [ 1818.697615][T13857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:47 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780), 0x0, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:47 executing program 0: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$alg(0x26, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000880)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 01:39:47 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:47 executing program 5: prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff8000/0x4000)=nil, 0x4000, &(0x7f0000000040)='b\x8b\x8b\xea\x7f\x14\xe5w\xc4\xe2\xd2\x0elQo\xb3\x82\xb5\x83') pkey_mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0xffffffffffffffff) 01:39:47 executing program 2: clock_gettime(0x8755b4400000000b, 0x0) 01:39:47 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:47 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000140)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "938d54", 0x10, 0x11, 0x0, @local, @local, {[], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) 01:39:47 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$binfmt_elf64(r0, 0x0, 0xeffdffff) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000000c0), &(0x7f0000000100)={'U-'}, 0x16, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 01:39:47 executing program 5: prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff8000/0x4000)=nil, 0x4000, &(0x7f0000000040)='b\x8b\x8b\xea\x7f\x14\xe5w\xc4\xe2\xd2\x0elQo\xb3\x82\xb5\x83') pkey_mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0xffffffffffffffff) 01:39:47 executing program 0: io_setup(0xc31, &(0x7f0000000000)=0x0) io_destroy(r0) 01:39:47 executing program 2: syz_open_dev$dri(&(0x7f0000000080), 0xffffffffffffffff, 0x0) 01:39:47 executing program 5: prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff8000/0x4000)=nil, 0x4000, &(0x7f0000000040)='b\x8b\x8b\xea\x7f\x14\xe5w\xc4\xe2\xd2\x0elQo\xb3\x82\xb5\x83') pkey_mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0xffffffffffffffff) [ 1819.738110][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:48 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:48 executing program 0: io_setup(0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000fc0)=[0x0]) clock_gettime(0x0, &(0x7f0000000180)) io_setup(0xa9f2, &(0x7f0000000080)=0x0) io_submit(r0, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) 01:39:48 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:48 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00') openat$cgroup_int(r0, &(0x7f00000003c0)='memory.min\x00', 0x2, 0x0) 01:39:48 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1820.381443][T21005] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:48 executing program 0: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$alg(0x26, 0x5, 0x0) io_submit(r0, 0x2, &(0x7f0000000880)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}]) 01:39:48 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:48 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x7ffff000}, 0x2000018c, &(0x7f0000000280)={0x0}}, 0x0) 01:39:48 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32", 0x16}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:48 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:48 executing program 0: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f00000001c0)='yeah\x00', 0x5) 01:39:48 executing program 5: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) [ 1820.777359][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1821.818822][T13857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:50 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:50 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') pread64(r0, 0x0, 0x0, 0x0) 01:39:50 executing program 0: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f00000001c0)='yeah\x00', 0x5) 01:39:50 executing program 5: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) 01:39:50 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32", 0x16}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:50 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:50 executing program 0: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f00000001c0)='yeah\x00', 0x5) 01:39:50 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) 01:39:51 executing program 5: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) [ 1823.334715][T13857] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:51 executing program 0: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f00000001c0)='yeah\x00', 0x5) [ 1823.421264][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:51 executing program 0: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) 01:39:52 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) [ 1824.485474][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1825.507985][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1825.520667][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1825.533579][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1825.548932][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1826.686693][T30827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1826.752640][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:55 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:55 executing program 0: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) 01:39:55 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) 01:39:55 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:55 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32", 0x16}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1827.177403][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1827.761333][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:56 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:56 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b", 0x21}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:56 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1828.785417][T30827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:58 executing program 5: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) 01:39:58 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b", 0x21}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:58 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(0x0, 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:58 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1829.817479][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:58 executing program 0: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) [ 1830.995458][ T8158] net_ratelimit: 1 callbacks suppressed [ 1830.995482][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1831.023753][ T75] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1831.032739][T21007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:59 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(0x0, 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1831.084896][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:39:59 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:39:59 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b", 0x21}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:39:59 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) 01:40:00 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) [ 1832.586661][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1833.052178][T21006] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:01 executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xae, 0x0, &(0x7f0000000540)="028b6cf6b08395c7b86605bec900f9c176ac185de6cad78d59b0057267826147dafd2a5844b94d19a4ba5623f1aa95944e8536011e513b58ab1875c67a8cdf4517a7d15768fde2480ebea9e985c310d44aa5826c13440ec723f6ac1050ba802470491a0fcfd2e9063115445b976776ea4fd69b8d61cba2e4654602ba9e3b72bf5ad8405a49b675b81bb372f172aebbb6c7d5204e232b0604303f61c9d3948c33ffabb195f0a6f4eb9a41ad3098dc", 0x0, 0x0, 0x3}, 0x48) getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xa3, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008001be0ffff00004000632f77fbac141433ac14143362079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28", 0x0, 0x0, 0x60000000, 0x18f, 0x0, &(0x7f00000006c0)="557c560328f6fa7f67208e25e2b03f6c0f7ef913398aa9e76522c683049ced152d922f7e1284ac41d3cf67b6dace59aedc2703000000000000006d37b45d1f72fc35791db35fcd8481ded19c62c6fd8aabaa87a06d1c5b857e8c3c7163ce25c6e70ecde78fb552dbea1f6887f09d933949a92a91aef6e03f376d6592542b20c5be97ca4d1e7e07000000fda18782e6c2e87bf6cd48d8e3cfd8703cebc402fa4c2b503177249e6e71df44c92aa0cd5d6b03b311c6de4dcc91645c5876c698c702c085e7f88b12570f43b20aa1ea3cef67e2f688d7ccea1daa53caa79857c28b44fbfed92aa71bd140457b34ef99b2f9279aaee160f83c0db1344c8fd92d81c3c7f7accb35ebd30a4ad5001836714a124ed811551d7f8c207e7d56a269f639f967ad539711ec37122a32718b6429bc2e624e3c5658b01f76528d456dc18d87d8a85e7b8da30b5459feb86c7453f967def0f9175a59070eab7a12cfb1942097ad395c0f1e98f1e875731134620cd7a3f07f078bc19f96a97a8dca59625ef807318a06564f38c48ce3b20e641b2da12370", 0x0}, 0x48) syncfs(r5) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a309544842937c8d26aa0e4bc8dbc6e06eb2e6f2349079e01e8e45724fbcf153662112799e2356568b7ae64fe"], 0x3a) r9 = socket(0x2, 0x3, 0x100000001) bind$inet(r9, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0xad, &(0x7f0000000380)="d241b17e02209477e808df30c8f109416dc6ed349a8ab3a02d74d2624565dd8492b9c2a46e1e9f2f9e2e346bc8ed3365b8b7b8b36103040768bbf96177b5f8752340832c48c3da776d46a699903513cad99b690c573eec75318adbce00215e48dc05fbbe3d67d39fc363836314253cb192c1617dd69ee8116e1f3844aac8aefd9867de5c6ded3922e414c669cf92eb110b662690bfb92c36022066cbf0135f865913bd50abb0511a189c29fcfe", 0xa9, 0x0, &(0x7f0000000480)="4f85e4dbeb82bfa681fbab648bfd93dad557d7e218da2f9ce56f017cb5adc688df2e565823a57d74728d6584fd2412a022e1363556db8f1696e92a99db7cdab172253d044c989ce1c8988479df7f8f719e5470e13519bcfd366b09ea26d1a9ee66226bd6822aa19690bc89540dda07f419dc9062d2d647d9ef5b215cb08c0b520e04b5314a3f30448da626bb67c848b5e30dad59fb13ea2bb1e5ffb697d2b6c6f9608a61d4923434ef"}) connect$inet(r9, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) socket$inet(0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000900)=ANY=[], 0x1) write$binfmt_misc(r7, &(0x7f0000000640)=ANY=[@ANYBLOB="951a2c934c53eec457d14616f792fc63065c6e9bbd2405db7176fc5316fdad09f00f8d20b8a083caf7c295f1dd05fc6f903c486103e4596d45332339dc84f0875b184087a65f72f417f59ad41c470000000aae9942a686000000000000"], 0xfffffecc) splice(r6, 0x0, r8, 0x0, 0x4ffe0, 0x0) [ 1833.749944][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:02 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1834.999017][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:03 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c02367", 0x27}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:03 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(0x0, 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:40:03 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') pread64(r0, 0x0, 0x0, 0x0) 01:40:03 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:40:04 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netstat\x00') pread64(r0, 0x0, 0x0, 0x0) 01:40:04 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x63) 01:40:04 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00') pread64(r0, 0x0, 0x0, 0x397) pread64(r0, 0x0, 0x0, 0x0) 01:40:04 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$binfmt_elf64(r0, 0x0, 0xeffdffff) 01:40:04 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) 01:40:04 executing program 5: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000080), 0x0, 0x0, 0x0) [ 1836.063358][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1836.072306][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:04 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000100)) 01:40:04 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x9) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="8ffb1a2319", 0x5}], 0x1, 0x5, 0x0) [ 1836.778295][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1836.795623][T14410] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1836.804864][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1836.816575][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:05 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c02367", 0x27}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:05 executing program 5: io_setup(0x4, &(0x7f0000000e40)=0x0) io_pgetevents(r0, 0x3, 0x3, &(0x7f00000000c0)=[{}, {}, {}], 0x0, 0x0) io_destroy(r0) 01:40:05 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/tcp6\x00') pread64(r0, 0x0, 0x0, 0x0) 01:40:05 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00') pread64(r0, 0x0, 0x0, 0x0) 01:40:05 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:40:05 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16], 0xa8, 0x20000010}}], 0x1, 0x24000001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:40:05 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x80280) close(r0) 01:40:05 executing program 2: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) inotify_init() openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000000200)={0x72}, 0x0, 0x0, 0x0, 0x0) 01:40:05 executing program 5: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc0189436, &(0x7f0000000080)) 01:40:05 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') pread64(r0, 0x0, 0x0, 0x0) [ 1837.106203][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:05 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000040)={0x0, 0x8000}) 01:40:05 executing program 2: r0 = socket(0x11, 0x2, 0x0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 01:40:06 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c02367", 0x27}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:06 executing program 5: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x7d, 0x0, 0x0, r1, 0x0}]) 01:40:06 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000000080), 0x0, 0x0) fcntl$lock(r0, 0x25, &(0x7f0000000100)={0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff}) 01:40:06 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00') pread64(r0, 0x0, 0x0, 0x2) 01:40:06 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:40:06 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=") r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_procs(r0, &(0x7f0000004880)='cgroup.procs\x00', 0x2, 0x0) writev(r1, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) truncate(&(0x7f0000000000)='./file1\x00', 0x7) 01:40:06 executing program 0: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$alg(0x26, 0x5, 0x0) io_submit(r0, 0x2, &(0x7f0000000880)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x2}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 01:40:06 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000000c0)={0x0}) [ 1838.146628][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1838.215843][T14503] loop2: detected capacity change from 0 to 128 01:40:06 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x1279, 0x0) 01:40:06 executing program 2: socket$packet(0x11, 0x3, 0x300) pselect6(0x40, &(0x7f00000003c0), 0x0, &(0x7f0000000440)={0x9}, 0x0, 0x0) 01:40:06 executing program 5: openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) inotify_init() socket$inet6_tcp(0xa, 0x1, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pselect6(0x40, &(0x7f0000000200)={0x72}, 0x0, 0x0, 0x0, 0x0) [ 1839.134860][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1839.189064][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:07 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e273", 0x2a}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:07 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000004300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000004380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000002140)="9eda438838743bd4e9720bee57093515dc189a5ea685e9556c1c2c3cfc4df50d66d31a48aa312663b68d18c5826b5b55fb738208863dac0f10f423aee7a5d8ddc45ebdfeb7424bae859d7c37ecfc4b63914d5a56d91017dd22bc84f759a15969951aef9d5c88c96560896988fa18cd946cfcc3a0f1c993348377904eac32c980bdf7976ebca2b499cab63c4e841514277fc71d4620e29a92523402485de0e82896484c0ae497a4d686df23ca7b68c3fd5e624d3510d7f94838e54af877ca58a00c5a672bba11f5aa1ed1980dfef47b9973d0bf456ded5e72f1702b3dc5197fce39cba53a038d8dc0ec783ce70577107dc5e8b299e64a0b7f1191f0926bd25762370191710bab2f44e9069f55f8a3f87e4cb488a2fb3348c0bf3b3874291f83e4776b160ea73aafa3919c7c069c73c0052173a63158db8b65541d161f9c964926ad7f06bdd6cb6a32135b04e35701c2e13c49c1f75dc7a25d623378860692d172ec3f1e1f2d9dc77c015c13721efcb101c2390abb847e871132f472a37cc0163b39b1d575a5444e246a08a1afb1a696cabab29498a314429a3b9f44c43ba29f71fac1fbe0d01c3c16d22730932704bcfb0c1b7a432bc51dd3f5dd5afc3b342cbe6a6ff899039e28f9a51881b1d46fdcf31767cb6f5c5c69ab3c80615d77c4d1664fc4ec831b8cea2e752bbb7a9ce79df875b29f1e232751daf32a1a0c4ff8bd0688e2b8e2d668b8a77e20a9eb6ec2e2c23b94e507baeacbcfa31fb6e1ca3343668f43e3aa6d85e7c29bf0bb4dbdabddc92be7f4a6f5d21b19e6da17bfb6cc926e3847532fae29c7b62fb909130ec372d3c16cfe6aaf3ce2af0fe7610fde7aad61bc80d2f96b999c8ccf6d22cf903ca8ae8b879ec4a416f334982e9810c0140a18d4dc81b5edaae23e9f4abaf40ed71512aebbba5bb251545e188db789558a845a2877b14bdaeec3c738b7d730c0860531bf5517d4f0e8f95ed3571f8a35816d5116fcb8d7cbf42b7d5d5e65541508c898bb2e0fe96297d2ab7135662de39df099ebaed5871111f5346278cee5728cec512e6c0a0d65b51e3d627873195b84103341c2bc83b6c8fdd8ba17f5957413f61c69d618c9b9d0b1f08dc81921b6c662ee1da3bfa019b095e9a03c2db4d645ccb7364e895098cbf7d932c72d80663c7a1694d122f7348393079223c11d36c64a5856eae0397ab9a9d948204b74e56525a9d552dd0916de81cbb5af3c59b3d7f8f9154423ce2cb45a5bc808e24bef13212019a19545fe54ba84d01534358380192b8c7b0eda907810375bb66a578a58fec392b47991271c8367b91d710e8a176bc1a4e96f0e137d4c25fbb03eddc392f9f170dd744472b864fbbae7c93d86e682308b21b73c5652065d72cf02e1152b44024a90a3b52eb0bb3cb412e518d37a68aa4c7f46789c54ab30d3a73d0a8712fde612294cda2aa1ccf164930b9b1d17801d4fbb06e849d39bf2b5141330caa0d2618b616f1c67e1ca57080e79ed9092ba7a55e8121cfc825cd26a0199a479a7ab1b7b23d2a4dd82fa6d04ee41ca680435efc934f0451e865e8632ac2f1115f4cdd33b0fccb7a2326127faf20cba37c828613dba5a98f4e1ad25eb6b91078cf73d873df9ef91531476f64b83559ff7ccdc4c070d478b18196ea05fe8d4ea0216ee5273dfabbd04582f40f064c9781afd2cbf30901f28cd09cc934f1b2d50883778274177e3dba8af0a1b931d80ce1a6c4085780ea2195b65ecfd2953f78a5290fe560d0cd6a5e73890a5a82dc410b92a3ef2be05ec5607820fd4ca6b9c3aa258d59022fdcb21665f1ce4e8aad8fd918c43bd3c2afe3dc223ff9f48831d401c8b6996190793d1dd7551f8511b69283992398d8f9b4bd2b3398d3b8c6f3c5d8b802ca5282b70242df2b7be4b38e70c3065f8da888631375afcc05ce578089c4f783776b286b7a60d1b5e189e2742a3240c1036a953d886885422eef01413c38099b64505fd5a73488acb4e611820674c58ae74d6c64a885d4beda9bd7903bcdc71e3711e2a057c0eab2100c321050ab14c6e453c53182577ad3178603cd9afde40a701120e9a36074fd582428c74e02781318e6c65450f8f020bd22475696fe13b8c59260e53a06d16eabd135e887a0a6bbc8ad21be7661df76fec5b13844f68b8eed1a7379713738beac9f23c7a26520e19797a910cde9fb285179526889b908b7eb49bb06f70f6271fba8712c1a4269ebcf4b7d043e924e3d2c4c753fd7e547d95841e335179836f76424e728810d7f32b78256ea30c79d9238a6588426e1f2d4c0b03d5605bd826ed24f0f11326b4cf958632b86e017aa80e142db1580c44f76d9c98196f3f6852ab2bfc6a01a3553a130c2d171957f5a45c3550fbbc990ef8742a98a86b280a57b9f198ff436bc01161ada50e6f23026c3254adf2321bff7e20aa54080bbb57d8d52c6a6df6107706a2e5bc6da68f17b474c0edd39401d765086e885cf7992405f856557915603cbe8894676e996bbadbb649a5e7498b91f9bd2f697dd9ebbe4d386050218b9f4c94781e61c660651c3f1e3ae51f8c035eca365bf15d6db48ea9ce183515f4a208d010f7c23dcacbd6e225490d7e9c133525f5c9018d752b21b4897bf18b64b6a9936f538a0a8958fc934440aeeaad2b68ac844d76f0900a6c95bd0b353d85d4fb62eb88360112237fd8c636a80e3130b21d66ae8ec58a4b76cba0602f96da919f7e84fd37e3ec2379f58e389a39c78d2482e03c379e3c4649ad63a76e3707ecff07d2fcb0c9dfc524cab49e69a09c92e4f88714335cb57d3f6184d07bef9657280fb5c9fd2d8f940f7ac6c5407e3077aa2e4ba8e217e0ee19e302d6d90e3be05a86dade35d2e454e511afb5cf5936f1d11f2fa6be6ceaa817dbdc7a6aabf2fad8ff3efa8382a25099f0c5989d2ad56ae0f4968b2cfcfc67b4f1c161c75900b4848f59a3c0376dfcb7997bf28e9e85d6dd942a360516de38e1c1a038a796f9a77ff2b0c7e5e8f4932391a0e58e76dacc6f9764178a211dfde3e75d367d2911ff398126ffdf83cf2fbdf1ad5232bed9155f7a168638a572094a9e934d4969b358cf6e121d7fd2aeae2f499068b42c152f0e3403a230885d6f92f038ddaa23499f804ffb06abdbabb51f6c38c92fb1a6271a4b13d6d11125b8ec12efa5907dc65062797fb9cca15e2f254e76b182d3fcdb4e96ac4de36d6df7e7bba5c32f422286b1be3b79bffb6fd693761952d195a84ad9ceb07287a0fbefab9e0347b513c5f60233ccd4b52d90ec144a2f896d9dc7f279f8aa93038f3efa286e1c3006933a4d7183d952f8d28b141b28b2af355b5bd8198dfde1ffb8d09202aff0d16ca3fec194662892a49f829813970a4520f1228aa03d211a45bed3b2e05bf1f10b1a152761e7b6c6ddea863a3c02224256092c70ca70dc185c4c385dd98b09e2682661e1e66f71d9c4037048eb70e8a1cbe57de87ec43713abf5fdcf63b9c482f318e3bec37e878dadbae15a02d731e6c8574eb14c059d72f73be5174add786d06b585a28a06d349d8e434a491b34897b3c1ad786ec8280d7f57edd4fbc6aea5485d659b59d393e331cf91e6ed76f340fcf7cf460892fa7318fc42b883f61d888ad982a751accb613c66661fba5f3d6de751a6a9ef8a4700316aaad04e991aab7903f4ef012ec2a8c092234e74ef335daf360ae47bbd2bbc6ad8c1a4f81efe8bbd703cb55ef36b32b4e30cb5a3b165c02ba295d0e1c40ce6ff8f479a74f01275f113ebfa8ade37a59ce70e6ca2a6f48f1be085f61bf772e2c2da523a2cfe63e99c57bdb1ff23139d4fca49eff7547e9880eefd3f7511a677efa23b52098ba89037c48dfcda2e8c1cfb9f892161049e53f8cee55256279512aecab8c441600dae0fd957883273047cf5c66ba209f830aa2ce0cbe41ca08c0cef4aed7f4324009200661a7ce680e5a8df2d051c1d8b2f63d25d8d74d05c75c46c8f3f24d625539e63459650960498a54ec3b16225bbbf4d3930009df265839d72611f5332a904cdebada108236e4414a2909ad01ec44b9d7f75de4385ad7ca5152e890a0919b3639fd1bcbca3b737ebb8d9ae541b1271cf2166ba15830e66f3d3afd3b754a7f81ad4f0999704ae99c114907c5be4a4797f13b80564f234723a34dbe137dabfd7fa23562df679f54a6ab54def6d63deae9844f72fd73efd0413551f5c4b9ee826eb3b7faf92a59ea34a16723b4fea14d1c8815a4e2d39fc48d1dbce526a7c53f5a96d0ef6463a0cee73fd3505f5c764a264b83c4a21f80e8b61c82d24442d13da99d18dc1b2538e7a510f6093d9ef2bc5cc777d4f98411e93919eddfd69d6e20d227cb61c50f358ea227f4de941fb080c1cf6b1f6e25533768fe133dbfc3f9d29c603bed38aa3c5af5b81a706b0067b40b88f992610d04c7cc36b8f649697cd6a93fae51138161891ae75a7147780fc59af5a6e18c54f9d2a4fe7fa92314b399afba9a40d0cc24f70a2593acf8d179215e06b7a9a88224bafcb2cbf60caf5fe4ff38208a70793b5dc33cd572956260e1c86312d3ba9b3a4b2b44376f2e78c616a6c0880ac8dcbaa30b9f761d500fd03a8518dd0509157b184a2d95e0caf3ffc8ac2db6c54d80c71a1e5b9ea3bf51071e2118af204123daceeb04e4f6f31f32a4d3fbb76ee49440cabda2c121c1b99acab5b87cecc37c3f9066af34ab29d6598bbfd91047a2ac7ce3a8f3027ff5e6d743506f161087278896a98ed37122ba208b61cf54d3929555ab06b564cd5e4f46f4755a6cfa2ef2b30d29ea66f2749d4060d411fa9160c91b6f55cf071ac8222c6313df18759e2958cddfe3db4cbeb9cd39abcf5f0beaecae8437813995cb7ed0b87d42ca942ff7245ece204798d01361c5f008e0d82bdf76660515bc78f7f8f409ccf68614b2cb50f5af2615661326fd971bc57eeeade60ea906b8df1cb0dfafd318cd2c396309c329d0469ca192aa8f51d7c4227685440f073983255baf054b97b9d7be1d1470d7eabd5c09b2116b4e86b0567b7e97e088717a4fe3dbdd310a1c39136ea4d2c47492001f9885dba03bf97e7da376171d666441cdc2f999db137603d57df32b4260fa0165e82917bb1631ea314e7a7437e66fc68cef22cda8f456d6e583f6e3237e0bc79987a9103f7cf0918e26881f67ea582e1ff3a49177599d385bf6e42572a2547933aeddb826530e9adf30dd84c3a7fae5c4c26f6c6f3a9f0906decd314e2407825abef959c5416d18a92ff34e6c521a16e8a0a29937c77d4ee99b41d530a732acbe0bf5d274df9d496b47a9a624546bdcf9976cde12ec989cb2a70b33a7c8a3a77652023164695f9db30dfcf587f0cd4f73e385730bcbdd688f6dcb08ba0efbb9f579220afefa4acfea522e864fce9b1782ce9f14824d16e9d33a2609c23ba3c5a1af02549357a0dcc12e37819d778021762cf895abeac1125b744c8b8225a091e7be9ded9993cfa3ca9abb83e25c8f559009977a2ed9374a89619fae5ef6d164bb73d242004dc8428e44689b33ee3bbe88bb4962ab0a32a90e7aea044f08410752cb2d7aeaf3196648a3a99092665b478bb394b48f79b36db0efc7f50d6a5179c945f5298cfaac5e5dea715296f92abce7281d48a0c9c6b785a35ef5f1697c047ddb254fe9a8ab9f498b0c1ae09ffd01a3d8d427fee7e36c51e0e5c2fee2245fb8464626ab5c9857ebce91f7d22bf024d10c2d71021cd69268472de419e6cefd970cc3a8e4d1bbe6496799aa7f100411766e712aff08b731460f14f9d7356db12cf8e1c6121968dc68b1d81c086b325ca4ce6fe1f476707e08fa913144b757c6be17cf93150db29544d207f09a896f33b7335d9339215da751e7af2c6bdd19db6f521af2c8a5998dc607f97026d07111488741134c1c86eba123273d1fd5ee4b471e86f9ae9478a04c7482076ab34a1eca5c64f89e5106eed44bceec019c67c12fb4db4fdac153f4ac3b63ffeb6d30de58ec039e2dd3c181e254cd94d0a2b0b44490384cc5915b54ee1db2b6d059879bf8126c9ca976d0f7862da07ecd350930a081810a7afd72b2ad3f65b96ae9c7f91227a2b5513a559f36b90fe01be9ae5ad3ca65e2c26f358fc26b858a3633fda7ae49a5fb705220a5819b3cca41b1ccc21d7c40f5fa9c422288efa5394e4312675899d704a2aab62b8363f58fd4bc12a8bea6ffc45b4414237bf5f019321206dbba439acb5ef26641f30fdac20f964354bce94e4c9d73e137f9806deefaf6f4acaa0e76ad4fef9f6cb7fc01bbabda9612c05adbe46afcf94819e8a4b4b49ff764784fa432d47fb6d4230900043d1b4521cd6839fe8c5df4d1899fdfb13880e207cac73f0a29020bdd563bd9c2f6bcd1ec523b3e03ebf6164fc65af001830c51396f9df2d346f83a59cfc82201cf1150ea57259d579fc2ed199b3fbe42d5188c84e4354610743e5b23a265246313cc63913f103000000d98b379b80b96d936969572e11316bc8926cb23115186f3b2387b82c3898fa41bf16a308da62d5a3eb3609af1943fddde08a4036eb2a41b7292caad9eb082614b02a1fa255bc7abd4d0e3b4ec1801e131e68c7aa9da1a0ff10f9de87dec8fad1ad8bfa99caa49e203a7b9c33e044d4544a537471e7a452468b821959bc488c6b8cbf81e90081a26de273ad1203cc06adb6af242ab19f96c1c66b58c37e2c9309704fba63af99a8d9c5efc651afb631fe9f546b938cc3b8e526c4159e5c9f7afb29fd1d55fabf09367ce2a63a35e7a2062d1c772ed981fd77157a847f687a177cf9886ce41df8cc509302b46bc1e2ba896b1c1656a1bbfdf4cd9ac39cf8510d1c823075f16550fd044aacc8d42a56f03718f7b18475cdc3999faeb25ab3dd8a807ee04d8e5d831d08b4e309dff50330685138797e10c6362636f53f22bfc1f3d5090a5d369282d9de36bb4e2505411ccc6ea395afa1567b15a2fb4be2adeea7126b1a8e80034105e0d98bdd78e796ce1cdc06a4ae666fc0baec5c52614340ed997673e26ec47c88846c000bb7c9077337cd44f5c041fdcc64986e5e1c0f488148f0ee6f842c44c0b72e82109270341bba6e9080b70fcf930d0f10be5a36798e70111fed72727b72282ff164fc08319d74f1f57cde71b57cb397a9e753f87b97729bafba017a24cbfdee5dfe7fc296c112e93bb8fce560ca80a3afd8370baaa79ad783b51352b5440b144a47378c9ae22eda5794328e95bcca220fd07bb56915529b155c61858efe89ad36a79288e74c0e251addcfaf797432175a5562b46eff5e3aebeb74623e18beef85389383c604d8884431b07dc4bea0174aadc337ff41f558a63f16690feae47efa2a5d1318b7397e1e4ba398727d286791b71610e1d78d32800e7e113c12abf0f60b6ca4401ecd23b7aacd990633b2b017daf6bfef1b2361ece74b7dbcbb1a73d4bc1f9d2e5c9fb0b7980d25cc44d1b10c09ef5a6a05c84669294a5cadf0cd88ab449f9f0bcdd8c48590d416c5c1feaa494a2145949c2a3373df7c6014225f2745bbeb20ff294d22c0d96ca111e6926946207cab56a03162a49e68968e398f70690188ee3ca847ef421742d60b9a6ad029e8a3d607950b2bf8ad8ff297cb39acc94905635770436e134435e28205140331b5100d9f64469792fffac87bca0835cbc617446ff86a7b50418c305f32e658b32130e491e38709fd3697017ac8084cdf1ed81a28375aed092ab4e32ca88a933154dd3a9e99351acbada926b67b310c7070ac1a414a28c5abfe1f45476249a12f18ca2d981528d881ed3c5072e46a6eff3cdf37dcbc89c7f79c88a1f8d15d15beb66a0e4440c7b93e379c4e2bac1d5c8e85f1852887e2cfeb178fba1c67dc2adb0c87df8ca4444ca7f455509f492effb5001328b8cc696e2933207a2d78bbce8562ca34a248193c914406b161c8141479d891b0c6110ec1e25cad38299b489f2ec437017cadba67dcb58abd4933c95b3526f1d4747b8701a7d71e446e4b62e2941d4281faca0cf22914be5aad80f47100000000ceb24e82508fe55a92fb6db70d03d1c1ec09cfee31639341756a4630a0eaaecac7bfbddf9d30c42cbd45eb181d5bd341307ad26f496bb042e2b655c03ac3dcc587acbf50f79b5c239be9938b62d3251b199f8413b020605d5d0552cfd9c39c9132719d6d0a326b000e12fcb51bc274df79d11430060d05978cdd50583f1bca82c57dbee605e2d00fcb5414af13a596d35cb5ba62de6a28cbccc857d23547b1c7fd5ac8fbf6758d5b8451fa46d9acc00344dc2e565674b1dd3547eb8f8aa5fff99042f8d1d59e6ad2f53379211e6832fcb68f5777eb2db85b28f724f4e4ce6342cf55713ff7b0cb4f7f47dd12a6566b86709eaefae024373267ce72a89e7f3e42ab48edcccc96b5d0403fe93a927e5ccf470014f220b8257393226cd7b996f20e6a34f81206733a9fdce03b701943c1b560d3eab68c2c225cf7f7f2b56123be2bb173e9e5b37f4d3348f6b987764ad07c2acd44514ff264d7eda31e5e517a179414841ad4553d51c08f435e05f10aa82d74b97a9ba3a133e6c9175fdcd4f3dc9c16d3be1d5bbaf13240177081ac1d56681bfa988a93af09868afd608520c0bfd71d857a6661fdaf6f2e166987eb007449dd26334ae932c5003fefc0f983b9e49cbfcea325f2de16a9ae935caa46f5b3433957fb370971ed957f138f08a60fed5b84995e428e7ae7d5c22021ff016baef0e713a118344c016a99ad469313ba7f2452da0dd82e019f64aa229cf80a69b3e08ac5847f10d247179855546313232f23e055c2f74ecef14e0fdcc29a9bf0976fbb249bd5c7903183d2a53c70960a183630e7d4928daa7091a85ad987d2a4a5b8f6be6612fa72d9fbb33c67bb38eff19f2e784f94e0354cf6d35a5b2c62233c039de3734b38e97ec72bd673fef09fd56fec329818cc68cdf12cb52f7d37a8350c16e94208880bfcd3e895d7aa4489e3dd15db4a9026f0d2a46f1e89c35845dbd976a1992b87c15a0c7580e6424b8792a7bb7b933d7c5433d4133ba4dbbcf7995d6ed3feaa32f876a287feeb9cc6107778c1f83e0119d980b9e994c2a3ae3de24a103efb3cacb746b49d1ad85746b233ab4aaf0e988ec2a786bc93f32040d3bdc3008031634cdfded5ac95b2279e096243228296591e7ba53c4a127772cc4620e6b238ccad250629194533d0a669ff3366c52d64928693e0b0cbb0b8e2c6029089d4dfe2b4b6c5dcd85f1a02770611e65001e48a32a8b0431a3b9d77fa3a95be38a0436a704c05a8e0183f3214c25531a63796f679bf72885aa766468d42b2543542d7e82544efc5c5e81e6a91a0f5d4e68000cff687d63e45c9a11d4ef515050daa592c9a828ac7c0488e7cdb3d6fdaef5e9176ee68d981ea50d386d74df3b40660351736deb03bfceb721878cf9894b0302df15964242ab6b9f77f98ba1c7993735983d2b022600ab74a19e3636e1400d08ba45d3a5c2774cb06a1c358bbfc11d27efaf7ca53c2e7757c8c76da24707d91a4a5244262898d68083ff91c514d9b9b1ebaa0cb0b10254fda1b1e82b9a1a47f117b5b280ddbec1f6732d11117ef1a7a674699df87fe795d1243cb9c4527e364e2b711b6562a87fafc130ce0baf1701686639b05f0c8dc708f008b1e6ab89e8d623bb83f3d54b7bcdbdacd055ac4eccbd36bbe0af0f65a00e3d6dd985ae8851d176976cfb5816d1fc2a63d3546aecaa4e712ca6961d1f181315d553de6b53485faed0dcfcf819a1ba3badffe797377d3d1ddaed8e7a0acc0c3d277762262a139f94de49faca167b11bf04f2104a5ab9a73367a6461f7124c91a2c4229ef98e6ebde9aac283c7d029400d71293f488ba169b62c1e94689cf5b248ed4aea62b88d65bb764cfe27d5231a58486e7381df518f4ed81cb905108c54a5050a94ca0e94da20d3794bc5fab9127dc95b6404b1e27b4e28136fc27806f7be798444c33aca88ffd45b860eba0d5033839f5a092863954604f1952bd61dad23b11643fe14f3ade08116aa2c13eee701ccd13e506bd65a1060bf69579aea8c8143cd38c0891a3065f251eba0c20ab9c69ddf28e3bd6400cc203bac8de1882239ad4e1b97b0ae2f1abb7bac7c0d8ef82b97ebfb1f5577f06a3a1377b09ada4db87d342f20ab0eca4b9c206042471307511429cb57a578211f92d3647189861cad9145f5eb26ab696abe50a2a6c1b469df97da28aba4e79b586c348a430f5ea61c4be1032fa61d18581f05a07fb8707c8996e0fff1c3eda59b992687fa12483b9327e10224b20d42e8b3fc4670bf070ced602283273d6818acd1f6da567c44d3f5e1377065d43d87d889843ae48e7fa8ba1634815695b8c480ca271e6e833799c70da80fd79acc09b989667a2294de5da73f0363df9a33ad4dab8d27cf7bed0a06838672e3d07d52b6396e9b5576021d5e925abd533bf161c944795065fdd44e8462e3070c479f1c118276653488dd9b2f1a673f8cad3612ca1fab4388ec9c8f834a01a499adb7b3a9a977672f6d75b41bbdd7f91ceb7e7a88568d17bb432be9e4e96e115075bce197ef4754d2914c2c59e2d7f4c08f0dbe34d31f229428f211bf1d7e8f5c319ed4a8273cb6255eb318851ac4557b0278fac63107a54d407c42f300b843a12abd3b893b46c7efac2e388ab42b87aebe2543bd4c15f459bc50aad10ffe1c1196fb52c26e54bdaa7fbd52451f207ffb073ef4b3f71eedd7da40c89505019739e3fa733bcdc84ff4919e8fe2358129ef28291be1d6426b8bafe88463b1d3cd7273745381c7f65221898e6ad361e88b24c54ccc7ac9a830145b6dc096e2d71ef71ec4f03524cb870b724e08d223bdec2f6fdde6200217a13b5136004d455d66547f5a1793e0cad85677d49e5c558852107007c8136812cf021afaf6f7e8f59883371be46cda412dd9c6fcf187c31252ceb5758901d39cd5355ab386d9a7fe6ea46ebf277aaf809c3023211ea9aa189de4d422080ebb9fec50ffab6b95ba4ae5018accc497e79149ed6047ce561ccc10e9194cdccd5c9fb75175c8dbc9d0a916ad59288f010defbbb50d263041ab37aac0f93253bef6f898cd0825d99d27224f26181f9713b8979da64756c95e7505f25a2688960d6155c3613dcc31b6c337a6dbfc6b12cfde1db22b93bbd5e48534fb0bda8b212577a14dcf665c834b0bd24e5f624d2455fe048dbe930328d7cb632db3b0e244bb5d43390b420b15157a339487fc78976f867d3a361aafdd3f50a93c01882da7c220089a544381db22e2c86b228dc2be01820468460437588952a549d37498e529e62aa62bad1580546bcb1e9a6ed1870b7838d05d12f6e3a041e78b1bdb80894626f20889ccb3a468aa4fb24b9c87cbb28623ce59c6b3c6286db366d08004551a25fe4d8d194a2bb7c52e1c85a5fbe4cb15b171489da121bea1c469a6bb185d63213084e3a81ee54dc03a94dc5ecdda7bfaad1df68021aaf4627c9d529f13e5c81b5ee4dd228949ca16b9a61d186211d153294470907557e5e14ae665013f285fe4d3766e7b3d8ce5e2a14692072d4d8f79354bcc8db8a2a36c8bcd", 0x2000, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000066c0)={0x90, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f00000020c0)='./file0/file0\x00', 0x0, 0x0) 01:40:07 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:07 executing program 5: ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0) ioctl$DRM_IOCTL_UNLOCK(0xffffffffffffffff, 0x4008642b, 0x0) r0 = creat(&(0x7f0000001600)='./file0\x00', 0x4c8aaf754aa33f85) fallocate(r0, 0x0, 0x0, 0x1fe) creat(&(0x7f00000015c0)='./file0\x00', 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, 0xffffffffffffffff) 01:40:07 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:40:07 executing program 2: socketpair$unix(0x1, 0x27dfbfa7e84dcbd7, 0x0, 0x0) 01:40:07 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$vcsu(&(0x7f00000002c0), 0x1, 0x280480) dup2(r0, r1) 01:40:07 executing program 2: io_setup(0x4, &(0x7f0000000e40)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000140)={0x0, 0x0, 0x4, 0x0, 0x0, r1, 0x0}]) 01:40:07 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x2, 0x0) 01:40:07 executing program 5: syz_emit_ethernet(0x46, &(0x7f0000000040)={@multicast, @multicast, @val={@void}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @local, @ipv4={'\x00', '\xff\xff', @dev}, @remote, @local}}}}, 0x0) 01:40:07 executing program 2: move_pages(0x0, 0x2000000000000220, &(0x7f0000000040)=[&(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil], &(0x7f00000002c0), &(0x7f0000000000)=[0x0], 0x0) madvise(&(0x7f0000ada000/0x4000)=nil, 0x4000, 0x0) 01:40:08 executing program 5: syz_emit_ethernet(0x46, &(0x7f0000000040)={@multicast, @multicast, @val={@void}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @local, @ipv4={'\x00', '\xff\xff', @dev}, @remote, @local}}}}, 0x0) 01:40:08 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e273", 0x2a}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:08 executing program 5: syz_emit_ethernet(0x46, &(0x7f0000000040)={@multicast, @multicast, @val={@void}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @local, @ipv4={'\x00', '\xff\xff', @dev}, @remote, @local}}}}, 0x0) 01:40:08 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:08 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') getdents64(r0, &(0x7f0000000140)=""/70, 0x46) getdents64(r0, &(0x7f0000000080)=""/37, 0x25) getdents64(r0, &(0x7f00000006c0)=""/158, 0x9e) 01:40:08 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 01:40:08 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') getdents64(r0, &(0x7f0000000140)=""/70, 0x46) getdents64(r0, &(0x7f0000000080)=""/37, 0x25) getdents64(r0, &(0x7f00000006c0)=""/158, 0x9e) 01:40:08 executing program 5: syz_emit_ethernet(0x46, &(0x7f0000000040)={@multicast, @multicast, @val={@void}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @local, @ipv4={'\x00', '\xff\xff', @dev}, @remote, @local}}}}, 0x0) 01:40:09 executing program 5: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) syz_io_uring_setup(0x2004, &(0x7f0000000300), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000280), &(0x7f0000000380)) 01:40:09 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') getdents64(r0, &(0x7f0000000140)=""/70, 0x46) getdents64(r0, &(0x7f0000000080)=""/37, 0x25) getdents64(r0, &(0x7f00000006c0)=""/158, 0x9e) 01:40:09 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.empty_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r0, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x200) [ 1841.309250][ T8158] net_ratelimit: 1 callbacks suppressed [ 1841.309272][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1842.147712][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1842.383800][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1842.545597][T20691] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1842.554784][T11574] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1842.565562][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1843.417471][T30827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1844.466407][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1845.187252][T11575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1845.506258][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1846.537232][T30827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1847.586677][T30827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1848.224116][T11574] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1848.636320][T30826] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1849.667258][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1850.716376][T30827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1851.257467][ T4747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 01:40:19 executing program 2: move_pages(0x0, 0x2000000000000220, &(0x7f0000000040)=[&(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil], &(0x7f00000002c0), &(0x7f0000000000)=[0x0], 0x0) madvise(&(0x7f0000ada000/0x4000)=nil, 0x4000, 0x0) 01:40:19 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') getdents64(r0, &(0x7f0000000140)=""/70, 0x46) getdents64(r0, &(0x7f0000000080)=""/37, 0x25) getdents64(r0, &(0x7f00000006c0)=""/158, 0x9e) 01:40:19 executing program 5: r0 = epoll_create(0x1) fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x2, 0x0, 0x6594}) 01:40:19 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:19 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="97dba601c3cf0bd2f6bd0c69befbfad7d4e906093d32db9337792fb74e01797d2b5546e4c0236703e273", 0x2a}], 0x1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0], 0xa8, 0x20000010}}], 0x1, 0x24000001) writev(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r4], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:40:19 executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x0, r2, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x163, 0x0, {0x2}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc00c5512, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[r3], 0x1}, 0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8000000000000001, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pidfd_open(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1851.746353][T30827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1851.800180][T14593] ================================================================== [ 1851.813150][T14593] BUG: KASAN: slab-use-after-free in lockdep_register_key+0x396/0x410 [ 1851.821437][T14593] Read of size 8 at addr ffff88806fde3360 by task syz-executor.4/14593 [ 1851.829684][T14593] [ 1851.832012][T14593] CPU: 0 PID: 14593 Comm: syz-executor.4 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1851.841913][T14593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1851.851980][T14593] Call Trace: [ 1851.855264][T14593] [ 1851.858221][T14593] dump_stack_lvl+0xd9/0x150 [ 1851.862877][T14593] print_address_description.constprop.0+0x2c/0x3c0 [ 1851.869558][T14593] ? lockdep_register_key+0x396/0x410 [ 1851.874956][T14593] kasan_report+0x11c/0x130 [ 1851.879491][T14593] ? lockdep_register_key+0x396/0x410 [ 1851.884883][T14593] lockdep_register_key+0x396/0x410 [ 1851.890099][T14593] ? free_zapped_rcu+0x290/0x290 [ 1851.895077][T14593] ? lockdep_init_map_type+0x21e/0x810 [ 1851.900559][T14593] ? __raw_spin_lock_init+0x3a/0x110 [ 1851.905870][T14593] alloc_workqueue+0x3f8/0x1110 [ 1851.910837][T14593] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 1851.916638][T14593] ? debug_object_free+0x360/0x360 [ 1851.921790][T14593] ? lockdep_init_map_type+0x21e/0x810 [ 1851.927289][T14593] ? srcu_readers_active+0x260/0x260 [ 1851.932645][T14593] kvm_mmu_init_tdp_mmu+0x23/0x100 [ 1851.937884][T14593] kvm_mmu_init_vm+0x150/0x360 [ 1851.942684][T14593] kvm_arch_init_vm+0x6c/0x750 [ 1851.947493][T14593] ? __kasan_kmalloc+0xa2/0xb0 [ 1851.952287][T14593] kvm_dev_ioctl+0xa31/0x1bb0 [ 1851.957008][T14593] ? __fget_files+0x26a/0x480 [ 1851.961746][T14593] ? kvm_stat_data_open+0x380/0x380 [ 1851.966984][T14593] ? receive_fd+0x110/0x110 [ 1851.971528][T14593] ? __fget_files+0x26a/0x480 [ 1851.976251][T14593] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1851.981224][T14593] ? kvm_stat_data_open+0x380/0x380 [ 1851.986453][T14593] __x64_sys_ioctl+0x197/0x210 [ 1851.991258][T14593] do_syscall_64+0x39/0xb0 [ 1851.995738][T14593] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1852.001673][T14593] RIP: 0033:0x7f953d28c0f9 [ 1852.006113][T14593] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1852.025756][T14593] RSP: 002b:00007f953df2f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1852.034198][T14593] RAX: ffffffffffffffda RBX: 00007f953d3abf80 RCX: 00007f953d28c0f9 [ 1852.042227][T14593] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 1852.050302][T14593] RBP: 00007f953d2e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1852.058383][T14593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1852.066372][T14593] R13: 00007fff39044f3f R14: 00007f953df2f300 R15: 0000000000022000 [ 1852.074376][T14593] [ 1852.077412][T14593] [ 1852.079742][T14593] Allocated by task 12: [ 1852.083909][T14593] kasan_save_stack+0x22/0x40 [ 1852.088624][T14593] kasan_set_track+0x25/0x30 [ 1852.093253][T14593] __kasan_kmalloc+0xa2/0xb0 [ 1852.097888][T14593] __kmalloc+0x5e/0x190 [ 1852.102085][T14593] ieee802_11_parse_elems_full+0x106/0x1340 [ 1852.108081][T14593] ieee802_11_parse_elems_crc.constprop.0+0x99/0xd0 [ 1852.114739][T14593] ieee80211_bss_info_update+0x410/0xb50 [ 1852.120423][T14593] ieee80211_ibss_rx_queued_mgmt+0x18c4/0x2d50 [ 1852.126636][T14593] ieee80211_iface_work+0xa4d/0xd70 [ 1852.131867][T14593] process_one_work+0x99a/0x15e0 [ 1852.136839][T14593] worker_thread+0x67d/0x10c0 [ 1852.141547][T14593] kthread+0x33e/0x440 [ 1852.145696][T14593] ret_from_fork+0x1f/0x30 [ 1852.150155][T14593] [ 1852.152489][T14593] Freed by task 12: [ 1852.156306][T14593] kasan_save_stack+0x22/0x40 [ 1852.161013][T14593] kasan_set_track+0x25/0x30 [ 1852.165633][T14593] kasan_save_free_info+0x2e/0x40 [ 1852.170691][T14593] ____kasan_slab_free+0x160/0x1c0 [ 1852.175844][T14593] slab_free_freelist_hook+0x8b/0x1c0 [ 1852.181253][T14593] __kmem_cache_free+0xaf/0x2d0 [ 1852.186132][T14593] ieee80211_bss_info_update+0x4a2/0xb50 [ 1852.191797][T14593] ieee80211_ibss_rx_queued_mgmt+0x18c4/0x2d50 [ 1852.197971][T14593] ieee80211_iface_work+0xa4d/0xd70 [ 1852.203189][T14593] process_one_work+0x99a/0x15e0 [ 1852.208155][T14593] worker_thread+0x67d/0x10c0 [ 1852.212862][T14593] kthread+0x33e/0x440 [ 1852.216953][T14593] ret_from_fork+0x1f/0x30 [ 1852.221414][T14593] [ 1852.223840][T14593] Last potentially related work creation: [ 1852.229580][T14593] kasan_save_stack+0x22/0x40 [ 1852.234287][T14593] __kasan_record_aux_stack+0xbc/0xd0 [ 1852.239692][T14593] kvfree_call_rcu+0x70/0xad0 [ 1852.244388][T14593] neigh_destroy+0x433/0x660 [ 1852.249056][T14593] neigh_periodic_work+0x726/0xb80 [ 1852.254194][T14593] process_one_work+0x99a/0x15e0 [ 1852.259159][T14593] worker_thread+0x67d/0x10c0 [ 1852.263867][T14593] kthread+0x33e/0x440 [ 1852.267958][T14593] ret_from_fork+0x1f/0x30 [ 1852.272524][T14593] [ 1852.274853][T14593] Second to last potentially related work creation: [ 1852.281445][T14593] kasan_save_stack+0x22/0x40 [ 1852.286150][T14593] __kasan_record_aux_stack+0xbc/0xd0 [ 1852.291554][T14593] kvfree_call_rcu+0x70/0xad0 [ 1852.296248][T14593] put_css_set_locked+0xad9/0x1080 [ 1852.301380][T14593] cgroup_free+0x87/0x1d0 [ 1852.305734][T14593] __put_task_struct+0x10e/0x3d0 [ 1852.310726][T14593] delayed_put_task_struct+0x1f5/0x280 [ 1852.316221][T14593] rcu_core+0x801/0x1b80 [ 1852.320489][T14593] __do_softirq+0x1d4/0x905 [ 1852.325019][T14593] [ 1852.327352][T14593] The buggy address belongs to the object at ffff88806fde3000 [ 1852.327352][T14593] which belongs to the cache kmalloc-1k of size 1024 [ 1852.341419][T14593] The buggy address is located 864 bytes inside of [ 1852.341419][T14593] freed 1024-byte region [ffff88806fde3000, ffff88806fde3400) [ 1852.355316][T14593] [ 1852.357646][T14593] The buggy address belongs to the physical page: [ 1852.364060][T14593] page:ffffea0001bf7800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6fde0 [ 1852.374230][T14593] head:ffffea0001bf7800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1852.383182][T14593] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1852.391177][T14593] page_type: 0xffffffff() [ 1852.395522][T14593] raw: 00fff00000010200 ffff888012441dc0 ffffea0002518c00 dead000000000002 [ 1852.404126][T14593] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 1852.412717][T14593] page dumped because: kasan: bad access detected [ 1852.419137][T14593] page_owner tracks the page as allocated [ 1852.424853][T14593] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5186, tgid 5186 (kworker/1:4), ts 283030316376, free_ts 281186381095 [ 1852.444242][T14593] get_page_from_freelist+0xf75/0x2aa0 [ 1852.449741][T14593] __alloc_pages+0x1cb/0x4a0 [ 1852.454360][T14593] alloc_pages+0x1aa/0x270 [ 1852.458875][T14593] allocate_slab+0x28e/0x380 [ 1852.463489][T14593] ___slab_alloc+0xa91/0x1400 [ 1852.468191][T14593] __slab_alloc.constprop.0+0x56/0xa0 [ 1852.473590][T14593] __kmem_cache_alloc_node+0x136/0x320 [ 1852.479076][T14593] __kmalloc+0x4e/0x190 [ 1852.483284][T14593] ___neigh_create+0x156f/0x2a40 [ 1852.488247][T14593] ip6_finish_output2+0xfef/0x1570 [ 1852.493449][T14593] ip6_finish_output+0x69a/0x1170 [ 1852.498522][T14593] ip6_output+0x1f1/0x540 [ 1852.502976][T14593] ndisc_send_skb+0xa63/0x1850 [ 1852.507825][T14593] ndisc_send_rs+0x132/0x6f0 [ 1852.512465][T14593] addrconf_dad_completed+0x37a/0xe00 [ 1852.517879][T14593] addrconf_dad_work+0x75d/0x1390 [ 1852.522982][T14593] page last free stack trace: [ 1852.527753][T14593] free_unref_page_prepare+0x4d8/0xb80 [ 1852.533256][T14593] free_unref_page+0x33/0x370 [ 1852.538145][T14593] qlist_free_all+0x6a/0x170 [ 1852.542766][T14593] kasan_quarantine_reduce+0x195/0x220 [ 1852.548244][T14593] __kasan_slab_alloc+0x63/0x90 [ 1852.553128][T14593] kmem_cache_alloc_node+0x185/0x3e0 [ 1852.558440][T14593] __alloc_skb+0x288/0x330 [ 1852.562905][T14593] netlink_ack+0x357/0x1360 [ 1852.567446][T14593] netlink_rcv_skb+0x34f/0x440 [ 1852.572239][T14593] netlink_unicast+0x547/0x7f0 [ 1852.577032][T14593] netlink_sendmsg+0x925/0xe30 [ 1852.581828][T14593] sock_sendmsg+0xde/0x190 [ 1852.586284][T14593] __sys_sendto+0x23a/0x340 [ 1852.590817][T14593] __x64_sys_sendto+0xe1/0x1b0 [ 1852.595614][T14593] do_syscall_64+0x39/0xb0 [ 1852.600073][T14593] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1852.605996][T14593] [ 1852.608345][T14593] Memory state around the buggy address: [ 1852.614000][T14593] ffff88806fde3200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1852.622091][T14593] ffff88806fde3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1852.630179][T14593] >ffff88806fde3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1852.638348][T14593] ^ [ 1852.645556][T14593] ffff88806fde3380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1852.653634][T14593] ffff88806fde3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1852.661711][T14593] ================================================================== [ 1852.669784][T14593] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1852.677074][T14593] CPU: 0 PID: 14593 Comm: syz-executor.4 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0 [ 1852.686986][T14593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 1852.697136][T14593] Call Trace: [ 1852.700429][T14593] [ 1852.703379][T14593] dump_stack_lvl+0xd9/0x150 [ 1852.708013][T14593] panic+0x688/0x730 [ 1852.712029][T14593] ? panic_smp_self_stop+0x90/0x90 [ 1852.717265][T14593] ? lock_downgrade+0x690/0x690 [ 1852.722162][T14593] check_panic_on_warn+0xb1/0xc0 [ 1852.727145][T14593] end_report+0xe9/0x120 [ 1852.731421][T14593] ? lockdep_register_key+0x396/0x410 [ 1852.736821][T14593] kasan_report+0xf9/0x130 [ 1852.741273][T14593] ? lockdep_register_key+0x396/0x410 [ 1852.746681][T14593] lockdep_register_key+0x396/0x410 [ 1852.751908][T14593] ? free_zapped_rcu+0x290/0x290 [ 1852.756879][T14593] ? lockdep_init_map_type+0x21e/0x810 [ 1852.762376][T14593] ? __raw_spin_lock_init+0x3a/0x110 [ 1852.767704][T14593] alloc_workqueue+0x3f8/0x1110 [ 1852.772597][T14593] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 1852.778354][T14593] ? debug_object_free+0x360/0x360 [ 1852.783499][T14593] ? lockdep_init_map_type+0x21e/0x810 [ 1852.789004][T14593] ? srcu_readers_active+0x260/0x260 [ 1852.794416][T14593] kvm_mmu_init_tdp_mmu+0x23/0x100 [ 1852.799570][T14593] kvm_mmu_init_vm+0x150/0x360 [ 1852.804385][T14593] kvm_arch_init_vm+0x6c/0x750 [ 1852.809175][T14593] ? __kasan_kmalloc+0xa2/0xb0 [ 1852.814002][T14593] kvm_dev_ioctl+0xa31/0x1bb0 [ 1852.818710][T14593] ? __fget_files+0x26a/0x480 [ 1852.823420][T14593] ? kvm_stat_data_open+0x380/0x380 [ 1852.828649][T14593] ? receive_fd+0x110/0x110 [ 1852.833197][T14593] ? __fget_files+0x26a/0x480 [ 1852.837924][T14593] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1852.842985][T14593] ? kvm_stat_data_open+0x380/0x380 [ 1852.848211][T14593] __x64_sys_ioctl+0x197/0x210 [ 1852.853031][T14593] do_syscall_64+0x39/0xb0 [ 1852.857481][T14593] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 1852.863403][T14593] RIP: 0033:0x7f953d28c0f9 [ 1852.867838][T14593] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1852.887482][T14593] RSP: 002b:00007f953df2f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1852.895931][T14593] RAX: ffffffffffffffda RBX: 00007f953d3abf80 RCX: 00007f953d28c0f9 [ 1852.903924][T14593] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 1852.911929][T14593] RBP: 00007f953d2e7b39 R08: 0000000000000000 R09: 0000000000000000 [ 1852.919932][T14593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1852.927974][T14593] R13: 00007fff39044f3f R14: 00007f953df2f300 R15: 0000000000022000 [ 1852.936001][T14593] [ 1852.939419][T14593] Kernel Offset: disabled [ 1852.943761][T14593] Rebooting in 86400 seconds..