last executing test programs: 1.042985833s ago: executing program 0 (id=1): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, 0x0) bind$bt_l2cap(r0, &(0x7f00000003c0)={0x1f, 0x6, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xfffa}, 0xe) listen(r0, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000004c0), 0x33d000, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_buf(r3, 0x0, 0x2f, 0x0, &(0x7f0000000340)) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffa) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00') r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000a00), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000340)={{0x1, 0x0, 0x0, 0x0, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f0000000000)={0x7, 0x41546}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000480)={{0x1, 0x3, 0xfffffffd, 0x0, 0x86}}) r6 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x1, 0x1cd, 0xfffffff9}}, 0x30) ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f00000034c0)='\x00\x00\x03\x86\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x94\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcbzA\x8e\xf6\x89\xc2\'\xdfn\x054Y\xd4\x91s\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\xe0\\\x98\xe1%\x1c\xf4\xd0\xf5\xd5\x80\xc4\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\a\x00\x00\x00\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xa5a\xfb\xa6\xff\xfbj\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\x05\x00\xeb\xd8\t\x00\x00\x00CvNx461\x04Nl\xedV\xcet\xaa~\x01j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\f\x00\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg\xc52\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xdeZ%\xa7\x01\x00\x00\x00\x01\x00\x00\x00\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x1c\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\"Y\xad\xaf\x83\xaf\x93\xdaHg\xd4\x8c\xee\x0f\x00\x1c/\x9a\xf83\';:q\x92\x010g\\Ym\xd8,\x8d\b\xab\x9dq\xed\xcc\xba\x06\x1ej\xb7s33\xe5\xec\xe90M\xd1\xfd\xbb\xdf\xedc\xd1\xbbI\xa3\xbdqU\x02\x00\x00\x00\x00\x00\x00\x00\xee\xb0\v\x84\xc7\xac\xec\x92t\x00\x00\x00\x92\x1a\f\xbbM\x1cG\xb8\xa4\x05\x16\x06\xb6\x1a\tL\xe3C$K~\xf7\xa1mt\x87E\xc4\xb6h\xf3\x8cG=&\xbd\xa16\xaa\xa2N\xac\xad,Q\x97\xd6\x15\xc46v\x9a\x97\xa6\xb9`\x03\x8ff,V\xe8\xeb\x8bJn\x12o\x8b\xe7K)+\xe0\x06\x8a\\\xfc\nw\xf8\x01\xc4\xd8\x97\xd2\x9cF\xda6F\xfa6I\x03o\xa7\x15&*\xf6Wn\xb9\x00~Y\x17:\x03\xef\xf9\x03\xe7\x8d\x16\\/\xe3\xfcV\x9d\xf2g\xbcFy\xca\x8a\x10*\xbdU#\x7f\xbb\'6\x9e\x1d\n\x19\xff[\x92n\xe1\x81q\xfe\x10\xfd\xa6pL\xc6\x0fN\x06&W\xa2\x9dPWp\x94r\xe2\x92X\x12\x87\xe5\x94\xb3Aa\xb1/\\\xde\x9c\x93\xf5(,u|\f`\x8e\x86\xeb\xcb\x18J+\xdcv\x894\x01\xd0\xc6\x95\xea^j(x\xa5\x9b\xd6f1\x9d\x8fcr\x18\x1fs%\x91~\x19@\x84!u\xc8u\x8aL\x021k\xb4\b\xbb_#A{dw<\xb9\x9dR\xef\xaf]\xe0\xca\xd9x\xdab7@\xfd\x0e\x94\xf8\xab\x8c\xf4\xf1\xb0\xd6\xbe\x8e,\xa2Y\x000F\xe6q\xe3~\xc9\xaa!\xf3\'UF\xf0\xc0\x11\x11\xc2\xc9\x93#K\xea\xc2c\xb9\xe7)\xa4\xd9X\xb9\xaay\xd1\xc7\xab\xe9F\xc6r5\xdf\xa0\'y\r\xbf\xbd\x97\x9d\x8aS\xdb\rF\x9e99\xb4\xf7\x8c\xf9\xca;\xef\xc7]\xa4\xdd<6wc5\xc6\xdeS\xe5*H\xed\xc8^a-\xe8\xb1\xc2\xca\xfa\t\xd0\\\xfc\xe9\x90\x83oj\xa9E\xfb\x8du\x94\x97\x1cF\x0f\xe9d\xf2\xe4\fc\xdf\xde\x1c\xd8u\x9b\xd7\x9c\x11\xbe\b\xb5\x1e\x04\xa0\xdc\xe1Oxu\xd7O#\n%\x89+\xcc\x9f\x8e\xb2:\xa0\xb0\xdc\xd1\xba\xbd@\xf4\x00\x00\xfd\aqn:\x83\x84N\x83K\xbf^\xd8&\xde\x14\x17\x9d\xcd\xed\x19\xd0\xc1$*K\b$\x12\xf3\x88#\xb1#\xb6RX\x11\x86X\x94\x84\x8e\xdd\x82b\x19b\x9fQ\x91\x98\x9e\xf7\xf6`\x03\xb3\x8a\x86\xf9\x00\x00\x00\x00\x00P\x00'/1066) ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000040)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00') ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = creat(&(0x7f0000000400)='./file0\x00', 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r10, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="2100000000000000034d564b001e0000feff000000000000"]) 1.014908983s ago: executing program 1 (id=2): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3) sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) (async) setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r9, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfdfff034}, {0x6}]}, 0x10) r10 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r10, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r10, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) write$bt_hci(r5, &(0x7f0000000080)={0x1, @add_sco={{0x407, 0x4}, {0xc9, 0x3}}}, 0x8) splice(r6, 0x0, r8, 0x0, 0x88000cc, 0x0) (async) splice(r6, 0x0, r8, 0x0, 0x88000cc, 0x0) fcntl$setpipe(r7, 0x407, 0x100004) openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) (async) r11 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$cgroup_subtree(r11, 0x0, 0x7) (async) write$cgroup_subtree(r11, 0x0, 0x7) write$eventfd(r7, &(0x7f0000000240)=0xffffffffffffffff, 0x8) pselect6(0x40, &(0x7f0000000180)={0xfffffdfffffffffd, 0xffffffff, 0x0, 0x0, 0xffffffffffffff01}, 0x0, 0x0, 0x0, 0x0) 888.285245ms ago: executing program 0 (id=5): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0/../file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x100000, 0x0) syz_clone(0xc00e4000, 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x80000, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x100000, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000040)={@private=0xa010101, @loopback}, 0x8) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') mount$9p_unix(0x0, 0x0, 0x0, 0x10002, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wake_lock', 0x202, 0x0) syz_clone3(&(0x7f0000000040)={0x206361100, &(0x7f00000002c0), 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) capset(0x0, 0x0) read$FUSE(r1, &(0x7f00000020c0)={0x2020}, 0x2020) 854.450936ms ago: executing program 3 (id=4): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382) r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0}], 0x1b, "6c66e902a491bd"}) ioctl$BTRFS_IOC_TREE_SEARCH(r4, 0xd0009411, &(0x7f0000002900)={{0x0, 0x3, 0x4, 0xfc72, 0x7fffffffffffffff, 0x1, 0x7, 0x5, 0x2, 0xff, 0x49, 0xd, 0x3, 0x3ff}}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r5, 0xd000943e, &(0x7f0000003900)={r6, r7, "3d8d6fe9367fe1988a582c3910de529905dfaa1a33cb80b42b72e8a9ba11c85192ce8b1bdee27ae482e4a3440de10e0b6599a856a3b73e5b14ed2c19474055dbbc7fc3063206ec3df0464ce2dd47ce4b32b4abab27656aee85b0bec6c3d058a6d44938fc1d13ccc3beb7d7aa636f6a775a1cdbecfae15a5e1751eab3eed83d3941439036e3b250b8fd1b598257a09d79aaca307a6f11ed5fa02073db8b0e74a63861b9044629ab42274903dee23003423e60d9c297172ab970c0818df43046f9b96d5631f112151a78ac95b7da592dea5884eefe49fc6f77a060710c7caeb82c83feeef12e4b00aea8ed447442dc926c477b9ad49afe88d6c4568ace470a52c3", "ccb8a1dd32f45d3afa9250bb2cf3902f3157b428f1685ffcb0f275f89c58e671875932f837a95ef0d7ab09a75514bee64d0cd5659b279f09bde0373dc832f5afdfa5a794057a9cd628e7b10a4d662ba361b71ad1aaad7364299bc1437b691585fe67515c1918977fbcd4e79b1fd023e1506c0cadc56f86056d9eb5e1e5bf1494e167c4148bf9b533a6f18adc772ba123ada773ed6f993128393e601ec11c6abf0c3d5d87bc4f09e7a9fb37aea27b6eaa4ca037b846cda9cd6323bc87fcda2590fc6e121c92f622e8e83722088cc1be1ae6d0675031d813655cfe4a26b2ef8cfc82c8a7f8a5d47091e9144a8c89ca648e3d42a6d944d2e159ab5d4580242aa783893ddddeb8d5fb7d27957963848e10be6eb0bd20799c24aadac30104f9600bb76073541a47caf223d07088509442e409b4a1cd65e1820fbd1daba39e0961934230e6c7a9eafb0e808a8290fefe5c6925e92c8917f03a65a575475baa47dbd614d9e098b35c03d9ad7508ed5b495b142fb9c9e805878c00413acd9d382eed5b3ec033e6f12fa912ca124facc1467f686b3798a61f297825cf7be6466699f6efa856b394b1deb6e51405810dac5175c816e672a74b0d6c0dd0ab7a53dd83ebb36ac85f6cfb76fea45431d38d33e219b5118addc97034e4e1d6d7c1745b4acf52f5fe98201f4e4d3295bdfc9bc3d07d1f066b94b50799c6474c1cf889f0c4eb8469d466ede8018dd5bf3bdb6187bf84046a1aa067974e7957887258db721cf1e441b081c6d7992632dc8433f0ec5c7d4f09015ce2ccbaa73bfea07e29b4d49230d538ffa27c0ecec78300f93e0fe685fc67dd2e6e9e6d4085dcc895d4534ac2f635dd8b09bc0c4e745f38c603889dd80a086c8e088a1bbbff8a9fea008ab32fcc9b89ebc220aee67cd7ec4474f34decd3a94b96998219ceb3cfab4a8d75f43b2f4710df2cab99c64f4eb62cf094cdc499505f70853e5e511a0fafc7c4891667fbc67e38cfc063a5ecc9a5921672ada6cd04d7d50c326afd0312f3e6b473f3f7ad97794ef2546aea1887c7629deb87ebf3ff9c718590b87f766bd41e1b5de03a3c2c44c81b7156a3adf14754a62c6c3396d00a0c1f34b5aa5b38e2f8635d62e41400d92dbcfa8d71623fc094616834db0bca1117d1f8b0ac8b8edbce5aa3dbe979d1d2a85488a02b382513eb0ab37f38206d18ded9e64eef2872e1467a623a8d0986a5ba0d267368bdad7241f858e15a8065e69aab835831f84f223acafce8a98f6b7bc0a850540ddfd0fb283a95cc9739813d5651a3a2bea399828fe27e55e02f048f133f837d274f3d513b488cd15d6118749af71ce6fe6cc59612d6386fa3d97331f824e24237ff8f189c220de42a96b490663d564c63e6279742cb446009e48e37bec63bdb7cc816619fa7faf25b62e52f1f6e1bcd90b9936d0dc837e1779349b3312264469e937cede1cb6cd3a851239feb1429de6473586b9a322917209d5e30760796335afe8d0c702b467618f59fdda29df1de6e47390034f0ab3786d00a6232371f46e241498a76922a20fbf0e56587afee4fe877551e9cdccf9e04a2f5d405c7da7423ae634d42cd39e73ef724260c525ca0cbf130054eb41549c69b31e6ac7244a98a0d7d831326277a37b391c75e8c63f7900c7f4f24dd0e28fd6d7281dfd25f726942a493c19fc80452480c33fdb1adc3030417d2268e934ec7933ea47e56036a5a5ea48b999a741079ac45013a823f9d41c29e791926d53db1c620a05387ec3cc93bd36b0c36193133b23024d040df0a8e4c7360ee159b3622a373c55ccb08e11dde6fc05ea196fb7ac7f3ba387081b661ae4243b26ae1d3ce6fcf5b6eac77cfcb2e18eb810ddfcfe52475333da87293366df173c0e31f3d24af6eeed0f708dbf7f50e9b9e2078972b856d7ce8c2f09fbc4e1567a5d372655d2734ae81f90691fcd9beaac4c9480234d5ac01f43a7d84d05c915bb1a0301dfb3fd051e307dfce020ab2c466b6e8f05590ad49b7a522f03519e84cddb60110f40985391ce72d8f30b51f6a59d75c47486b85515ac6204f9adb23ea0e23d9560dd8edc74124251681b07759cb7e70edcf2d79d94f02af3463aa80de5696831ea0e42706aa8ad64d7d11bdc6b4aef36d77320477f1f629aae062be624e8b8bfa603842436453be075acc9eaea97ae6f9973a180dbd79b1074de2758197971139d4eef9ebde1ab2b9b5f0c6df66c04f0c6a82ff3598c5f9dbb5f2c55bb6c66de8b4735b33fa7984ee5c4ccf911bbbd67ba00ade8e5cebc598958a631c64d502ef2b75389e9f4c098e33393bf73212a61bb680c71fc2aad76a04554559dceee069a0930523098a6dd8835d680187f81748139b1d73efd4e64e153b0be6b412ee6fc160f3df80d7eb05327ea45fde07d7fc00d96f0de90a36150686d3bc46297561ea3e408a18343b44fdfe2966b8480a184e31fefa199dc4f007b1b6c50de0c837890013264b94ab3a42e02d93047d10bbd131ac86930d826759fc60e1a3c2d6f0dae9b3e449516993ed84f67f02178fde426d6b3ff41117c10c729fc43d3cc9ae8cd6df9764c0e40c65f26e0e1c0ba88be51aef336d1eb8f37b536ae0063cfd00d38a2253bd8502c216895dd291d0f8a19be4982c73da84133bcfadbda6b7f2f81f13d03a5a64cde277044ac1befad17db71e2f710f20026a3d767dee6214e5758a85db36cc397aa2991d40c766bcbec68d15c743cc7b1ea44575d029e5a7353cf78289ed6bf7b0dd4424d7aa072ca919f52edcdca27177a85348e54a32506c35243487f006ef9b32efc53198858f2baa36973f34c595b90ba18f5adb07e86606571f83e201f96bc6fbb9761d7bf6d11dc73749cbcc6e85e0532b2d0a4a058d04c4576bc96dc09db31d7967bab8000a1f5c5f3a0eab6aa0046f106f05a2dc6e9db63034ad641a27997283cb6a43ae2a98dc06af2e9913f547b7e5d0c4a49f2a486f0d2199be446b3505381a1e8ef9a97533d701144ae630e225d4ebab5d1dca59d9dd27fc7f31e2dee0da7e57388db18a3337218db40b6b1bc5ec86e158d034a66bb0090e8cc1d9b85a0356e3aeb12050f78abb74fbc5142f945f78f78dd3a47239e948c1bc51697bf01407ece5bc22d547d610e6d930904568a7413b7f091cd48e2dcd7b28acffabe18f3f185cd96b22b5eb544a9bde5aa088341e0d8666f8cb3d3cba48bf336e3c680991e1d31e3079a1749372b7e748810207a02a2f6966927ebb17caa2b774b75ff78a0b1222028edd336455d3a3d5a339f035aee42e61f45e9cea5342e6af9e039977274dadf4bccfb52a4d4a290b2f4a2849d94b0ce5b398ef2dfbc3454d3828e479d441b45afb7a1c93b4a740abc5326619bde165ea845ee7bb4b66b37a1d671b54eec3edfb0dc6451d1c0e97f2ee507f9ebb93023c3e6012cf864e9818d10d33fba3ed015b1ac05ae4772c44b5540bc5e35c1facb2f3db1add78fafd872bb9f2310ac886754057d116bc9c4064a54b9ed2ada4d7b442e917116a4aa612084ab26900365086d3f2be9fdc9b2b163d215f7da22c424ef6a8912220831581f4bdc9fb85c9452c86e0047f87c4ded7b3b139337689095b28fc2b62fe6a68c48ca6d9b1a857d8835bc05a97b93b1a5fc7004541bc5c7f5726c365246a446fd6c4696a89bb3e0fd8978b9dd0afe8fbf1502e5d757e0fb3b34cdc53972b47b6ef06e9c145c4d01c2aadebe2bafa694825a16355efc3dacfb91f52e6e5017444f3c83e9a21d2beec8546e399f567b607b8ea2ed620f6ca318bb23dfaf28137353064721ce9e26abe9a18451041689a43dfcfb6def8a0421849cb27e1f4a2bb987aba8d25e37256c921e5cbdd2f275f2ae0ad00a49e8e2892df4e1e7fce96ed7e1f447fc9f50b3b5562e8790ba5c576b6c2d7f5d194c2d06af6f183fccc2b9e75e3714078422c534d92468063061de69845165336c189596eb7667029c53cd82e59c8c8b8251832acdfa2fe0c113b2efaad2d34e71531b174ad11898ed5c0653bc541573f5d9d96c8a20c1217afc0499f105ff98878102136db15d446e690e257385a5abf3f499d402d54c16fc54f138f37f20d89ec752e36aea86802ad5db1dd008598ed6102e6dc5e9752b73bb9a44ae82db9744805011fe0e3e2ceec384d65a6bb83a5fe6ea3bfee5a6768483dab42657b8dbcf535ee4f713308730b04ade87c08b430b33a549d13c4e7bb969ce3675dac21a6e3c5d8404d80cd872995dbd94748c85493617c249fa5943b9cdc2de06d6fc41e85890d7893c3fb4992f35d8f87d00bf07482c32b84b74c6773f86f53c9ef3624d462d806416e615edc001b6dc3fe088440890fceae0f3886e5617c3dd3a4669b66c9f0e7eec9b90f775be14103f8e09ee84b823847a0cf286b71ec7c78e7a0d5e18ae0e5be4a9e343733d5ca93cd28f40d41554ebdbb1953ceaa6fba0aea938d36c852f8682980236e2fb7d81bdeccbf31444eb1916f0200bce97711a500cadaaabd813d0321fd772180297b0e519843308615d9b76c81b37ed5343fb6d418f8240d21570bcaaeff938ff39a484e3cd380c65118fc5d16c26d744dd389df5da3f48d090ebc66abcdbc0ae1d7309c464379a1b15e873119c3eedf9d93c4761fe94b5d9307d6dda087bdd3125e45e08cae01ef47a791d8d33db12c373c5e3eae0390b79a0df6ac99410a2f90e90e56151a972b2bf9eb0c4b90853b2bfc1bc3a3a713691bee1dcd8e061dd2e09c82536e5ca6a21f53d068d55fd4ee12a419f8ca7461b8b6792acb9c9c5409e6cfedb95fe30135d7732c3faea4521dcc1be0e603e97d67af0db52ee5df8fa6d9c882d3a3b9a66974329a6636915e9c2a650550c6e2f0e3b8fbc21bfdd7c022253c52fd4027784085234a1638ac376a2039da08da105351bdf0ef8bb36844602c6d9910945742c14e4faccd3a734ea71e2b8d56d72848affcffc0645fc31f1e524d5822ccbea5da6a67a50f1de6866154c904e9118f497ac192416aff05fb3b45434e471c1d57ee1c81623d45e8c4681577d9d29c82e3ef3eb9db994bde425f14b345126f613de554aed2de672fdeee97ee9630fdf8df706b797ab993742660157345e31836088f8dbb94b1082be34ab34d0c4671f3e5b31ab216ccb16752317d9a7424e93ef724e43a3077321094c45db0bf24de3445da3b18e18d9d8aa56e8b8f1ae96b44728d355e1cedb5ca410ce3ac6de96e0983975162fb5476aeec40de2e5de5efae2d721bff9b92446949ac9e9d24f3d221b25826446ee84a70e00d35b30603fce751a8a07bac09df8113b31b37572d9eca2094b9b6792cf0a8a3057f3a095916096c96608e6ec3641bad9630f84d22fc767c27176d89a2873f66afdd631b9d2d41165e5478ffc31d7ddb"}) r8 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, r1, &(0x7f0000004900)={0x50000010}) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f0000004940)={'wg1\x00'}) ioctl$KDSETMODE(r1, 0x4b3a, 0x1) fcntl$getownex(r3, 0x10, &(0x7f0000004980)) ppoll(&(0x7f00000049c0)=[{r1, 0x8481}, {r8, 0x8}, {0xffffffffffffffff, 0x390}, {r2, 0x4000}], 0x4, &(0x7f0000004a00)={0x0, 0x3938700}, &(0x7f0000004a40)={[0x698d6bab]}, 0x8) r10 = eventfd(0x9) io_submit(0x0, 0x7, &(0x7f0000005040)=[&(0x7f0000004ac0)={0x0, 0x0, 0x0, 0x3, 0x88a, r4, &(0x7f0000004a80)="ec794f01b655aa91e96e", 0xa, 0x9, 0x0, 0x0, r1}, &(0x7f0000004b80)={0x0, 0x0, 0x0, 0x8, 0x7f, r5, &(0x7f0000004b00)="74b7014b6183c14fbeaa86e9b86bf5ad8093d34e4404b32b62de079d140bacbf820179c9f2f587848b8095e390b49d3feecc4433c9a076b57ad7a5dd8cc05e615c3e59af992033633286", 0x4a, 0x9, 0x0, 0x0, r2}, &(0x7f0000004cc0)={0x0, 0x0, 0x0, 0x2, 0xff, r5, &(0x7f0000004bc0)="6222e53745d6c74bc2a83db3ee4884665f4b4104b94efa972bd614449c05cc1ee6cae94ee0b9a14483dc44af8a6bf5990e3b4a100434d6d81d516fb4ac71cf2ac8c65401ed7c37057c199a581b0f6652754b1e1cbdfd48c35cd0e03cb135b71bae93a2ade021a7330b1a3c43ff054f5f068560d3435f5c2a7b0c99e986790469dc85f8c2a8945eaa8f24fcc86a7a7d697909242db6eed5e4d2dc70f776c7affccdde46b94ace322fcce03aefbb68ddff29334ffa4de3343e15f93ff441aa77df17bb30431ee62f279100cfedeacba6ac842cd3a28c049162", 0xd8, 0x101, 0x0, 0x3, r10}, &(0x7f0000004d40)={0x0, 0x0, 0x0, 0x3, 0x0, r0, &(0x7f0000004d00)="9971e7620c6b5dfc29a18f1adbf646cf56a5ac74ad535c568265723456f09ea0210f7c66b0b4be94e25d3bf50778b62e1458", 0x32, 0x5, 0x0, 0x3, r4}, &(0x7f0000004e80)={0x0, 0x0, 0x0, 0x3, 0x2, r2, &(0x7f0000004d80)="0a3ce810efab168c82bac8dafe446e0476c18f029084fdee82d78c7e3832f94c247298c5cc8db00bc7a6c3935cdffbaa731b22f0c5cae44d664fef65e58648144f69c77b4c9c06869931c9d5d86bc0dcf6f6d5faa8e22c01df89f98c36525d2b919749ef28efab75de0f4ef3dc3575f6fc855abc26d294d116507d0e272ad034e58a93b8f9328de0cfb74bfa8b661d51ca1b5e98145e7256698bd8d6fedc067c454ea1cc69e44828688acef18f6a382a99c326cfd860b4a74034fd72de1c67c0b882062eb802eace5ced7d89e597f9c4debb4f3d8ecc6fc2d4c31b3e7bd4fa8e0ebad734977d203a53", 0xe9, 0x3ff, 0x0, 0x2, r1}, &(0x7f0000004f80)={0x0, 0x0, 0x0, 0x1, 0x1, 0xffffffffffffffff, &(0x7f0000004f00)="d09b817b42c84a49254cfbf72993383893dcc155104f4bbcd81f0995f6567660c8943fcb615b1544cc373256173f306b820decada9e219f48b1afd32684a9a294611eb7d0b77db183af5db4a07e8b162b2cd58e861cd69c47b1dc3f391cb316da1b8e35286c499f2c5f0d53a8f4c9df543066be40bfc", 0x76, 0xfff, 0x0, 0x1}, &(0x7f0000005000)={0x0, 0x0, 0x0, 0x7, 0x100, r5, &(0x7f0000004fc0), 0x0, 0x8, 0x0, 0x1, r1}]) 706.714228ms ago: executing program 2 (id=3): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='cpuacct.usage_user\x00', 0x275a, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x40a02, 0x0) write$khugepaged_scan(r3, &(0x7f0000000000), 0x8) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) read(r4, &(0x7f0000000180)=""/82, 0x52) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000240)={0x1100, 0x0, 0x4, 0x7fffffffffffffff}) fsopen(&(0x7f0000000080)='cgroup\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) (async) openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000100)='cpuacct.usage_user\x00', 0x275a, 0x0) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x40a02, 0x0) (async) write$khugepaged_scan(r3, &(0x7f0000000000), 0x8) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) read(r4, &(0x7f0000000180)=""/82, 0x52) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) close(r5) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) (async) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) (async) ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000240)={0x1100, 0x0, 0x4, 0x7fffffffffffffff}) (async) fsopen(&(0x7f0000000080)='cgroup\x00', 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) (async) 705.152098ms ago: executing program 3 (id=7): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20102, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_NESTED_STATE(0xffffffffffffffff, 0xc080aebe, &(0x7f0000000d80)={{0x0, 0x0, 0x80}}) (async) r4 = accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000100)=0x1c) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e23, 0x53074865, @remote, 0x1}, 0x1c) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) signalfd4(r3, &(0x7f0000000080)={[0xfffffffffffffff7]}, 0x8, 0x80000) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 589.40767ms ago: executing program 1 (id=8): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20140, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) poll(&(0x7f0000001e40)=[{r4, 0x7183}, {r4, 0x1008}], 0x2, 0xfffffffc) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'veth1_to_bond\x00', 0x0}) r8 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r8, 0x0, 0x0, 0x8044, &(0x7f00000003c0)={0x11, 0xd, r7, 0x1, 0x7, 0x6, @random="eb68e3f58965"}, 0x14) r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000540)={0x1, 0x0, [{0xc0000103, 0x0, 0x80000000002}]}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r10, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r11, @ANYBLOB="01000000000000000000010000000800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5420800050000000000900008808c00008024210100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c640009801c000080060001000200000008000200ffffffff05000300030000001c000080060001000200000008000200ac141427050003"], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x24000010) mount_setattr(0xffffffffffffffff, 0x0, 0x8100, &(0x7f0000000300)={0x8, 0xf4, 0x40020}, 0x20) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000001000040"]) r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r12, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r12, 0x0) ioctl$BINDER_WRITE_READ(r12, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x1, 0x18}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 375.853684ms ago: executing program 3 (id=9): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x41, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) 337.361414ms ago: executing program 2 (id=10): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x41, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) (fail_nth: 2) 796.18µs ago: executing program 3 (id=11): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, 0x0) r3 = dup2(r0, 0xffffffffffffffff) ioctl$EVIOCGABS20(r3, 0x80184560, &(0x7f0000000200)=""/131) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r5 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r5, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, 0x0) (async) dup2(r0, 0xffffffffffffffff) (async) ioctl$EVIOCGABS20(r3, 0x80184560, &(0x7f0000000200)=""/131) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) memfd_secret(0x80000) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r5, 0x0) (async) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) (async) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async) ioctl$RTC_AIE_OFF(r1, 0x7002) (async) 0s ago: executing program 2 (id=12): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x11, r0, 0x147a5000) (async) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"]) (async) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000000)=0x8000000) (async) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffb, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) (async, rerun: 32) eventfd2(0x0, 0x800) (rerun: 32) setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000180)={0x20, 0x101, 0x9, 0x7, 0x0, 0x0, 0x5}, 0xc) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.88' (ED25519) to the list of known hosts. [ 28.136240][ T36] audit: type=1400 audit(1750770985.430:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 28.137765][ T281] cgroup: Unknown subsys name 'net' [ 28.159404][ T36] audit: type=1400 audit(1750770985.430:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.188273][ T36] audit: type=1400 audit(1750770985.470:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.188497][ T281] cgroup: Unknown subsys name 'devices' [ 28.373355][ T281] cgroup: Unknown subsys name 'hugetlb' [ 28.379005][ T281] cgroup: Unknown subsys name 'rlimit' [ 28.556416][ T36] audit: type=1400 audit(1750770985.850:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.579701][ T36] audit: type=1400 audit(1750770985.850:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 28.603938][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 28.604715][ T36] audit: type=1400 audit(1750770985.850:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 28.636265][ T36] audit: type=1400 audit(1750770985.910:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.661905][ T36] audit: type=1400 audit(1750770985.910:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.666267][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.687693][ T36] audit: type=1400 audit(1750770985.960:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.721890][ T36] audit: type=1400 audit(1750770985.960:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 29.506508][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.513619][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.521428][ T288] bridge_slave_0: entered allmulticast mode [ 29.527807][ T288] bridge_slave_0: entered promiscuous mode [ 29.535325][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.542429][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.549513][ T288] bridge_slave_1: entered allmulticast mode [ 29.555885][ T288] bridge_slave_1: entered promiscuous mode [ 29.702222][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.709372][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.716710][ T290] bridge_slave_0: entered allmulticast mode [ 29.723110][ T290] bridge_slave_0: entered promiscuous mode [ 29.733926][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.741012][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.748093][ T293] bridge_slave_0: entered allmulticast mode [ 29.754830][ T293] bridge_slave_0: entered promiscuous mode [ 29.763000][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.770145][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.777335][ T290] bridge_slave_1: entered allmulticast mode [ 29.783735][ T290] bridge_slave_1: entered promiscuous mode [ 29.790478][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.797618][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.805399][ T293] bridge_slave_1: entered allmulticast mode [ 29.811751][ T293] bridge_slave_1: entered promiscuous mode [ 29.844193][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.851323][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.858660][ T294] bridge_slave_0: entered allmulticast mode [ 29.865112][ T294] bridge_slave_0: entered promiscuous mode [ 29.871655][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.878702][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.885864][ T294] bridge_slave_1: entered allmulticast mode [ 29.892420][ T294] bridge_slave_1: entered promiscuous mode [ 29.909945][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.917068][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.924394][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.931618][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.068030][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.075210][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.082517][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.089565][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.111459][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.118546][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.125966][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.133024][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.143377][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.150724][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.158774][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.166119][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.173826][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.181185][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.201773][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.208925][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.225634][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.232727][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.263350][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.270404][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.278097][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.285195][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.312118][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.319279][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.326923][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.334073][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.360166][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.367288][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.377997][ T288] veth0_vlan: entered promiscuous mode [ 30.390019][ T290] veth0_vlan: entered promiscuous mode [ 30.400525][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.408152][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.438286][ T290] veth1_macvtap: entered promiscuous mode [ 30.445650][ T288] veth1_macvtap: entered promiscuous mode [ 30.488257][ T294] veth0_vlan: entered promiscuous mode [ 30.503850][ T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 30.511682][ T293] veth0_vlan: entered promiscuous mode [ 30.528879][ T294] veth1_macvtap: entered promiscuous mode [ 30.552531][ T308] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.570304][ T308] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 30.603552][ T293] veth1_macvtap: entered promiscuous mode [ 30.625100][ T311] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 30.829645][ T318] loop8: detected capacity change from 0 to 79 [ 31.189505][ T337] netlink: 136 bytes leftover after parsing attributes in process `syz.1.8'. [ 31.229062][ T337] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 31.229098][ T337] rust_binder: Error while translating object. [ 31.260607][ T337] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.283712][ T337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:9 [ 31.301003][ T339] incfs: Unexpected inode type [ 31.341625][ T341] FAULT_INJECTION: forcing a failure. [ 31.341625][ T341] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 31.355873][ T341] CPU: 1 UID: 0 PID: 341 Comm: syz.2.10 Not tainted 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 31.355918][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.355941][ T341] Call Trace: [ 31.355948][ T341] [ 31.355956][ T341] __dump_stack+0x21/0x30 [ 31.355992][ T341] dump_stack_lvl+0x10c/0x190 [ 31.356017][ T341] ? __cfi_dump_stack_lvl+0x10/0x10 [ 31.356044][ T341] dump_stack+0x19/0x20 [ 31.356067][ T341] should_fail_ex+0x3d9/0x530 [ 31.356098][ T341] should_fail+0xf/0x20 [ 31.356120][ T341] should_fail_usercopy+0x1e/0x30 [ 31.356144][ T341] strncpy_from_user+0x28/0x270 [ 31.356167][ T341] ? getname_flags+0xc6/0x710 [ 31.356195][ T341] getname_flags+0x102/0x710 [ 31.356221][ T341] ? build_open_flags+0x487/0x600 [ 31.356242][ T341] getname+0x1b/0x30 [ 31.356267][ T341] do_sys_openat2+0xcb/0x1c0 [ 31.356287][ T341] ? fput+0x1a5/0x240 [ 31.356304][ T341] ? do_sys_open+0x100/0x100 [ 31.356323][ T341] ? ksys_write+0x1ef/0x250 [ 31.356348][ T341] ? __cfi_ksys_write+0x10/0x10 [ 31.356372][ T341] ? __se_sys_chdir+0x1ba/0x290 [ 31.356402][ T341] __x64_sys_openat+0x13a/0x170 [ 31.356424][ T341] x64_sys_call+0xe69/0x2ee0 [ 31.356450][ T341] do_syscall_64+0x58/0xf0 [ 31.356469][ T341] ? clear_bhb_loop+0x50/0xa0 [ 31.356491][ T341] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.356515][ T341] RIP: 0033:0x7f3ad578e929 [ 31.356537][ T341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 31.356554][ T341] RSP: 002b:00007f3ad65db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 31.356583][ T341] RAX: ffffffffffffffda RBX: 00007f3ad59b5fa0 RCX: 00007f3ad578e929 [ 31.356598][ T341] RDX: 0000000000000000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 31.356613][ T341] RBP: 00007f3ad65db090 R08: 0000000000000000 R09: 0000000000000000 [ 31.356626][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 31.356639][ T341] R13: 0000000000000000 R14: 00007f3ad59b5fa0 R15: 00007ffcf6c30538 [ 31.356656][ T341] [ 31.579419][ T294] ------------[ cut here ]------------ [ 31.585027][ T294] WARNING: CPU: 0 PID: 294 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 31.593002][ T294] Modules linked in: [ 31.596918][ T294] CPU: 0 UID: 0 PID: 294 Comm: syz-executor Not tainted 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 31.610547][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.620739][ T294] RIP: 0010:drop_nlink+0xce/0x110 [ 31.625974][ T294] Code: 04 00 00 be 08 00 00 00 e8 cf 55 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 5a 98 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 31.645851][ T294] RSP: 0018:ffffc9000b5efc60 EFLAGS: 00010293 [ 31.652000][ T294] RAX: ffffffff81ed45be RBX: ffff888110328070 RCX: ffff88812331df00 [ 31.660055][ T294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 31.668201][ T294] RBP: ffffc9000b5efc88 R08: 0000000000000003 R09: 0000000000000004 [ 31.676256][ T294] R10: dffffc0000000000 R11: fffff520016bdf7c R12: dffffc0000000000 [ 31.684309][ T294] R13: 1ffff11022065017 R14: ffff8881103280b8 R15: 0000000000000000 [ 31.692370][ T294] FS: 00005555811ad500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 31.701649][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.708276][ T294] CR2: 000000110c350d94 CR3: 000000012337a000 CR4: 00000000003526b0 [ 31.716332][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.724387][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.732426][ T294] Call Trace: [ 31.735736][ T294] [ 31.738694][ T294] shmem_rmdir+0x5f/0x90 [ 31.743006][ T294] vfs_rmdir+0x3dd/0x560 [ 31.747287][ T294] incfs_kill_sb+0x109/0x230 [ 31.751968][ T294] deactivate_locked_super+0xd5/0x2a0 [ 31.757378][ T294] deactivate_super+0xb8/0xe0 [ 31.762134][ T294] cleanup_mnt+0x3f1/0x480 [ 31.766599][ T294] __cleanup_mnt+0x1d/0x40 [ 31.771095][ T294] task_work_run+0x1e0/0x250 [ 31.775809][ T294] ? __cfi_task_work_run+0x10/0x10 [ 31.780979][ T294] ? __x64_sys_umount+0x126/0x170 [ 31.786064][ T294] ? __cfi___x64_sys_umount+0x10/0x10 [ 31.791507][ T294] ? __kasan_check_read+0x15/0x20 [ 31.796569][ T294] resume_user_mode_work+0x36/0x50 [ 31.801763][ T294] syscall_exit_to_user_mode+0x64/0xb0 [ 31.807272][ T294] do_syscall_64+0x64/0xf0 [ 31.811843][ T294] ? clear_bhb_loop+0x50/0xa0 [ 31.816583][ T294] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.822567][ T294] RIP: 0033:0x7fd42298fc57 [ 31.827017][ T294] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 31.846795][ T294] RSP: 002b:00007fffa42ba648 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 31.855639][ T294] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd42298fc57 [ 31.863687][ T294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffa42ba700 [ 31.871744][ T294] RBP: 00007fffa42ba700 R08: 0000000000000000 R09: 0000000000000000 [ 31.879746][ T294] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffa42bb790 [ 31.887845][ T294] R13: 00007fd422a10925 R14: 0000000000007a69 R15: 00007fffa42bb7d0 [ 31.895887][ T294] [ 31.898933][ T294] ---[ end trace 0000000000000000 ]--- [ 31.904938][ T293] ------------[ cut here ]------------ [ 31.910452][ T293] WARNING: CPU: 1 PID: 293 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 31.918444][ T293] Modules linked in: [ 31.922399][ T293] CPU: 1 UID: 0 PID: 293 Comm: syz-executor Tainted: G W 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 31.937474][ T293] Tainted: [W]=WARN [ 31.939960][ T294] ================================================================== [ 31.941364][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.949499][ T294] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 31.959765][ T293] RIP: 0010:drop_nlink+0xce/0x110 [ 31.965960][ T294] Write of size 4 at addr 0000000000000168 by task syz-executor/294 [ 31.965982][ T294] [ 31.965993][ T294] CPU: 0 UID: 0 PID: 294 Comm: syz-executor Tainted: G W 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 31.966033][ T294] Tainted: [W]=WARN [ 31.966043][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.966058][ T294] Call Trace: [ 31.966070][ T294] [ 31.966082][ T294] __dump_stack+0x21/0x30 [ 31.966115][ T294] dump_stack_lvl+0x10c/0x190 [ 31.966145][ T294] ? __cfi_dump_stack_lvl+0x10/0x10 [ 31.966176][ T294] print_report+0x3d/0x70 [ 31.966200][ T294] kasan_report+0x163/0x1a0 [ 31.966236][ T294] ? ihold+0x24/0x70 [ 31.966272][ T294] ? _raw_spin_unlock+0x45/0x60 [ 31.966307][ T294] ? ihold+0x24/0x70 [ 31.966341][ T294] kasan_check_range+0x299/0x2a0 [ 31.966379][ T294] __kasan_check_write+0x18/0x20 [ 31.966408][ T294] ihold+0x24/0x70 [ 31.966442][ T294] vfs_rmdir+0x26a/0x560 [ 31.966467][ T294] incfs_kill_sb+0x109/0x230 [ 31.966497][ T294] deactivate_locked_super+0xd5/0x2a0 [ 31.966523][ T294] deactivate_super+0xb8/0xe0 [ 31.966548][ T294] cleanup_mnt+0x3f1/0x480 [ 31.966585][ T294] __cleanup_mnt+0x1d/0x40 [ 31.966619][ T294] task_work_run+0x1e0/0x250 [ 31.966645][ T294] ? __cfi_task_work_run+0x10/0x10 [ 31.966669][ T294] ? __x64_sys_umount+0x126/0x170 [ 31.966697][ T294] ? __cfi___x64_sys_umount+0x10/0x10 [ 31.966725][ T294] ? __kasan_check_read+0x15/0x20 [ 31.966753][ T294] resume_user_mode_work+0x36/0x50 [ 31.966777][ T294] syscall_exit_to_user_mode+0x64/0xb0 [ 31.966811][ T294] do_syscall_64+0x64/0xf0 [ 31.966831][ T294] ? clear_bhb_loop+0x50/0xa0 [ 31.966859][ T294] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.966885][ T294] RIP: 0033:0x7fd42298fc57 [ 31.966906][ T294] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 31.966927][ T294] RSP: 002b:00007fffa42ba648 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 31.966962][ T294] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd42298fc57 [ 31.966978][ T294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffa42ba700 [ 31.966995][ T294] RBP: 00007fffa42ba700 R08: 0000000000000000 R09: 0000000000000000 [ 31.967012][ T294] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffa42bb790 [ 31.967034][ T294] R13: 00007fd422a10925 R14: 0000000000007a69 R15: 00007fffa42bb7d0 [ 31.967055][ T294] [ 31.967064][ T294] ================================================================== [ 31.971022][ T293] Code: 04 00 00 be 08 00 00 00 e8 cf 55 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 5a 98 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 32.248939][ T293] RSP: 0018:ffffc9000b5dfc60 EFLAGS: 00010293 [ 32.255092][ T293] RAX: ffffffff81ed45be RBX: ffff88811032de30 RCX: ffff88812e65cc00 [ 32.263137][ T293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 32.271176][ T293] RBP: ffffc9000b5dfc88 R08: 0000000000000003 R09: 0000000000000004 [ 32.271219][ T294] Disabling lock debugging due to kernel taint [ 32.279242][ T293] R10: dffffc0000000000 R11: fffff520016bbf7c R12: dffffc0000000000 [ 32.279263][ T293] R13: 1ffff11022065bcf R14: ffff88811032de78 R15: 0000000000000000 [ 32.301408][ T294] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 32.301478][ T293] FS: 0000555561c31500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 32.309267][ T294] #PF: supervisor write access in kernel mode [ 32.318215][ T293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.324251][ T294] #PF: error_code(0x0002) - not-present page [ 32.324265][ T294] PGD 800000010c7c5067 P4D 800000010c7c5067 [ 32.330869][ T293] CR2: 00007fa13bd83338 CR3: 0000000102f6e000 CR4: 00000000003526b0 [ 32.336833][ T294] PUD 0 [ 32.342839][ T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.350779][ T294] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 32.353733][ T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.361597][ T294] CPU: 0 UID: 0 PID: 294 Comm: syz-executor Tainted: G B W 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 32.367665][ T293] Call Trace: [ 32.367674][ T293] [ 32.375651][ T294] Tainted: [B]=BAD_PAGE, [W]=WARN [ 32.375661][ T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 32.390919][ T293] shmem_rmdir+0x5f/0x90 [ 32.394169][ T294] RIP: 0010:ihold+0x2a/0x70 [ 32.397107][ T293] vfs_rmdir+0x3dd/0x560 [ 32.402139][ T294] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 51 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4c ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 32.402165][ T294] RSP: 0018:ffffc9000b5efca0 EFLAGS: 00010246 [ 32.402187][ T294] RAX: ffff88812331df00 RBX: 0000000000000000 RCX: ffff88812331df00 [ 32.412342][ T293] incfs_kill_sb+0x109/0x230 [ 32.416575][ T294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 32.421106][ T293] deactivate_locked_super+0xd5/0x2a0 [ 32.425399][ T294] RBP: ffffc9000b5efcb0 R08: ffffffff88958947 R09: 1ffffffff112b128 [ 32.445145][ T293] deactivate_super+0xb8/0xe0 [ 32.451200][ T294] R10: dffffc0000000000 R11: fffffbfff112b129 R12: ffff88811032807c [ 32.451222][ T294] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 32.459221][ T293] cleanup_mnt+0x3f1/0x480 [ 32.463817][ T294] FS: 00005555811ad500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 32.463846][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.463862][ T294] CR2: 0000000000000168 CR3: 000000012337a000 CR4: 00000000003526b0 [ 32.463881][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.471959][ T293] __cleanup_mnt+0x1d/0x40 [ 32.477223][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.485249][ T293] task_work_run+0x1e0/0x250 [ 32.489898][ T294] Call Trace: [ 32.489907][ T294] [ 32.497883][ T293] ? __cfi_task_work_run+0x10/0x10 [ 32.505830][ T294] vfs_rmdir+0x26a/0x560 [ 32.510255][ T293] ? __x64_sys_umount+0x126/0x170 [ 32.519178][ T294] incfs_kill_sb+0x109/0x230 [ 32.519208][ T294] deactivate_locked_super+0xd5/0x2a0 [ 32.525924][ T293] ? __cfi___x64_sys_umount+0x10/0x10 [ 32.533936][ T294] deactivate_super+0xb8/0xe0 [ 32.533963][ T294] cleanup_mnt+0x3f1/0x480 [ 32.541942][ T293] ? __kasan_check_read+0x15/0x20 [ 32.546368][ T294] __cleanup_mnt+0x1d/0x40 [ 32.554355][ T293] resume_user_mode_work+0x36/0x50 [ 32.558932][ T294] task_work_run+0x1e0/0x250 [ 32.562229][ T293] syscall_exit_to_user_mode+0x64/0xb0 [ 32.565149][ T294] ? __cfi_task_work_run+0x10/0x10 [ 32.570250][ T293] do_syscall_64+0x64/0xf0 [ 32.574482][ T294] ? __x64_sys_umount+0x126/0x170 [ 32.574509][ T294] ? __cfi___x64_sys_umount+0x10/0x10 [ 32.574533][ T294] ? __kasan_check_read+0x15/0x20 [ 32.579545][ T293] ? clear_bhb_loop+0x50/0xa0 [ 32.584142][ T294] resume_user_mode_work+0x36/0x50 [ 32.584178][ T294] syscall_exit_to_user_mode+0x64/0xb0 [ 32.589558][ T293] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 32.594930][ T294] do_syscall_64+0x64/0xf0 [ 32.594953][ T294] ? clear_bhb_loop+0x50/0xa0 [ 32.599628][ T293] RIP: 0033:0x7f3ad578fc57 [ 32.604050][ T294] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 32.604077][ T294] RIP: 0033:0x7fd42298fc57 [ 32.609085][ T293] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 32.613492][ T294] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 32.613512][ T294] RSP: 002b:00007fffa42ba648 EFLAGS: 00000246 [ 32.618607][ T293] RSP: 002b:00007ffcf6c2f7c8 EFLAGS: 00000246 [ 32.623213][ T294] ORIG_RAX: 00000000000000a6 [ 32.623226][ T294] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd42298fc57 [ 32.623241][ T294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffa42ba700 [ 32.623255][ T294] RBP: 00007fffa42ba700 R08: 0000000000000000 R09: 0000000000000000 [ 32.623269][ T294] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffa42bb790 [ 32.623283][ T294] R13: 00007fd422a10925 R14: 0000000000007a69 R15: 00007fffa42bb7d0 [ 32.623301][ T294] [ 32.623309][ T294] Modules linked in: [ 32.623338][ T294] CR2: 0000000000000168 [ 32.623348][ T294] ---[ end trace 0000000000000000 ]--- [ 32.623362][ T294] RIP: 0010:ihold+0x2a/0x70 [ 32.628820][ T293] ORIG_RAX: 00000000000000a6 [ 32.633928][ T294] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 51 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4c ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 32.633946][ T294] RSP: 0018:ffffc9000b5efca0 EFLAGS: 00010246 [ 32.633968][ T294] RAX: ffff88812331df00 RBX: 0000000000000000 RCX: ffff88812331df00 [ 32.638450][ T293] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3ad578fc57 [ 32.643557][ T294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 32.643573][ T294] RBP: ffffc9000b5efcb0 R08: ffffffff88958947 R09: 1ffffffff112b128 [ 32.648960][ T293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf6c2f880 [ 32.653991][ T294] R10: dffffc0000000000 R11: fffffbfff112b129 R12: ffff88811032807c [ 32.654012][ T294] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 32.654025][ T294] FS: 00005555811ad500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 32.654045][ T294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.658715][ T293] RBP: 00007ffcf6c2f880 R08: 0000000000000000 R09: 0000000000000000 [ 32.663828][ T294] CR2: 0000000000000168 CR3: 000000012337a000 CR4: 00000000003526b0 [ 32.663850][ T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.663863][ T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.663880][ T294] Kernel panic - not syncing: Fatal exception [ 32.669453][ T294] Kernel Offset: disabled