last executing test programs: 23.473363986s ago: executing program 3 (id=1793): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x13, 0x4}) (async) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x291, 0x0, 0x2}]}) (async) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) (async) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f0000000040)={@my=0x1}) (async) close_range(r4, 0xffffffffffffffff, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) (async) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) (async) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000140)={0x0, 0x2000000, 0x1, 0x0, 0x1, "ff00f7000000af88008300"}) (async) ioctl$TIOCGPTPEER(r7, 0x5441, 0x8) (async) close(0x3) (async) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@increfs], 0x0, 0x0, 0x0}) (async) close(r3) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000001b"]) (async) r11 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TCSETA(r11, 0x802c542a, 0xffffffffffffffff) (async) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x1000000, 0x0}) 23.228150159s ago: executing program 3 (id=1798): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0xe7, 0x6, 0xfffffffe, 0x9, "ea7174ddb80fc7000002f7ffffffffd2a2d975", 0x2, 0x4}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x2) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x4004e502, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000002400)={0x80, 0x0, &(0x7f0000000280)=[@increfs_done={0x40106308, 0x2}, @acquire={0x40046305, 0x2}, @increfs_done={0x40106308, 0x2}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_handle={0x77682a85, 0x100, 0x2}, @flat=@weak_handle={0x77682a85, 0x100, 0x1}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}, @register_looper], 0x4, 0x0, &(0x7f0000000240)="eae7db1c"}) 23.105796421s ago: executing program 3 (id=1800): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r0, &(0x7f0000000440)=ANY=[@ANYBLOB='unlock me'], 0xb) mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x200000, &(0x7f0000000000)=ANY=[@ANYRES16=0x0]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xa500, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) (async) write$vga_arbiter(r0, &(0x7f0000000440)=ANY=[@ANYBLOB='unlock me'], 0xb) (async) mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x200000, &(0x7f0000000000)=ANY=[@ANYRES16=0x0]) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xa500, 0x0) (async) 22.968117783s ago: executing program 3 (id=1802): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) syz_clone(0x800000, &(0x7f0000000000)="5ed7b142a9eb00bcbbc9f6efd8b8bc9be47e4062c6f5c8da455801296566f72a1f7fafd3345a609ab1a53c62a0b88a1be047cbf4c110d2abf70521176f179d71391b93ae7e45c934edaea4ef8d0498961962d5b05cb37a0c3f10f4b89a2c4a821195c6fd88ededbe4bdf1938f1611d", 0x6f, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="79c135e14c4de2e11eb5369892a3a249f36893666d322b7004b7b7db6fe89a7b12313d03b3f7417ca211296c005e18697c255b2801ee5ab8f112e16ae0fdacfed744d7ba9aa173024fb6e62929b9f2094d3658d66726552aa41b9a3168f8d0a89f8d9a2df3c8bccbdb6dee9796dc98cada3d531e159004dcc29e129c1efd52296b4c62fe231b8d66c3e7cadd94264f07691cc68fb921379962c32cc07d88ccef53a525ce2ca0f514ede98684a17470c6a58d70d305a43537b32ad15113112f3749b054249b4ad3dde0afaa1a9d21cc204804a3df62738192a15ef6c62e6736f2f36551c99b6d3e9f9522b67c41f01dc3211479fdea88") 22.765173816s ago: executing program 3 (id=1805): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"]) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000000)=0x8000000) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x3fe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0x0, 0x2011c0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x2000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x4052, r7, 0xffffd000) mmap$binder(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x7) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x24, 0x0, &(0x7f0000000040)=[@clear_death, @acquire_done={0x40106309, 0x1}], 0x0, 0x0, 0x0}) r8 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000e00), 0x0, 0x0) read$FUSE(r8, &(0x7f0000000e40)={0x2020}, 0x2020) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000440), 0x22121, 0x0) write$vga_arbiter(r9, &(0x7f0000000180)=ANY=[@ANYRESHEX=r3], 0xe) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) 19.039198113s ago: executing program 3 (id=1847): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_TSC_KHZ(r3, 0xaea2, 0xd) (async) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x81b}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0) (async) write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x10}}, 0x50) write$ppp(r5, &(0x7f0000000280)="1a5b1939fcb3937c0ab836b1ad8de544081c3593bc6b98e48b333481e11af448ccced6e6024ad98876708dd336755d17ec01289f2b370aead701fb76368b6baf54201d1f265617c7d1998237cc7820531fa718ba78deeaee6d66fc85e224b49f649f9c88cc1e922f18084c9f6e5c080107436d8f64e9b41a3f0257a154d7dfdf15ae1c5694402c0c3e2ac6b96966e3a73bed138067f9ec3cd85bde0668eba3e1e0c712a248cb7f8622b45660e71a05337cf9ace8514ad70d4fa5067534d1358b76a7464dc55c437324f60af321ed9cce76515c428d2919b220", 0xd9) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 18.897528035s ago: executing program 32 (id=1847): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_TSC_KHZ(r3, 0xaea2, 0xd) (async) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x81b}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0) (async) write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x10}}, 0x50) write$ppp(r5, &(0x7f0000000280)="1a5b1939fcb3937c0ab836b1ad8de544081c3593bc6b98e48b333481e11af448ccced6e6024ad98876708dd336755d17ec01289f2b370aead701fb76368b6baf54201d1f265617c7d1998237cc7820531fa718ba78deeaee6d66fc85e224b49f649f9c88cc1e922f18084c9f6e5c080107436d8f64e9b41a3f0257a154d7dfdf15ae1c5694402c0c3e2ac6b96966e3a73bed138067f9ec3cd85bde0668eba3e1e0c712a248cb7f8622b45660e71a05337cf9ace8514ad70d4fa5067534d1358b76a7464dc55c437324f60af321ed9cce76515c428d2919b220", 0xd9) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.236205606s ago: executing program 1 (id=2035): ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000000)={'ip6gre0\x00'}) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313, 0x400}], 0x0, 0x1000000, 0x0}) 2.203059657s ago: executing program 1 (id=2037): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x12c457b9fd9d4e06, 0x0) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000040)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0xd, 0x0, &(0x7f0000000140)=[@clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0}) 2.028068309s ago: executing program 1 (id=2039): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="030000000000dfff84000040"]) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40082, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(0x3) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f00000000c0), 0x12) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r11, 0xae64, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r14, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x187, 0x0, 0xfff}]}) ioctl$KVM_SET_PIT2(r11, 0x4070aea0, &(0x7f0000000680)={[{0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x3}, {0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfc}]}) r15 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r15, 0x4068aea3, &(0x7f0000000040)) close(r5) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x51) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000280)={0x6000, 0x80600}) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f0000000000)=')}%!:\xb9+\x00') openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x4201, 0x0) 1.813341322s ago: executing program 0 (id=2042): r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r0, 0xc040aed5, &(0x7f0000000040)={0x8080000, 0xe000}) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/custom0\x00', 0x800, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000000c0)=@arm64={0x3, 0x3, 0x7f, '\x00', 0x9}) (async) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0) (async, rerun: 32) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4008ae93, &(0x7f0000000100)=0x10000) (async, rerun: 32) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140)) (async) write$cgroup_subtree(r0, &(0x7f00000001c0)={[{0x2d, 'net_cls'}, {0x0, 'io'}]}, 0xd) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0x0) (async) close_range(r0, r2, 0x2) (async, rerun: 64) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000280), 0x20a800, 0x0) (rerun: 64) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x74, 0x0, &(0x7f0000000380)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/75, 0x4b, 0x1, 0x3f}, @flat=@weak_binder, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000340)={0x0, 0x28, 0x40}}}, @request_death={0x400c630e, 0x3}, @clear_death={0x400c630f, 0x1}, @decrefs={0x40046307, 0x3}, @decrefs={0x40046307, 0x3}], 0x9e, 0x0, &(0x7f0000000400)="a79bd649b859c9562a85039f079355fac2d6168f148334151821ac20a9c5e2a9ac8876a8654e80daa2b4ebbe964dc665502285503ecd7e5d304032ea6b0811351b3b6f91aec0d84def7e004d931e60f247f4262cc56122752988e82733c8947f71127d8de153035f552698e55af5d5f8d268a64f33cf599727d02c4fb76bf28a9a39e3a74771ddea47fbfcb1bf91ea1f97f54010f8f798d23d9889c9f036"}) (async) syz_clone(0x8060000, &(0x7f0000000500)="e333c5efeb61fe19d9a8b24d27743c4ff0bfe7af3b289a4a6e34453284aa78cf38b2813630b135fcf0613866db0c530e454ebf5d001228973f9c9077efc99a88139691948478b814994c1d4bb992eae96ff78659a39f", 0x56, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)="35fed8b3f1403d1007162d599a0c6c35dbaf85cc3b3641094ac5fd427de436323f8c07522db6d11e56522153a5091e3b377e50b4746f1655b1746c383d32fd1584fc021d886b0a505aeb22bb976351ba12f1c84fdfa90ee1b18cb525e83b44b598b92af7118a46e7fa5ccaba98c9a79c4233e3fec76b480b1a0222feb1bbb3aa773001d02be8905beaffd0f06997ceb0fd0f1b22f02c7bba9026038401efebbead449b7ff0d0ab76e7068a") (async) mkdirat(r0, &(0x7f00000006c0)='./file0\x00', 0xd7) (async) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f0000000900)={{'\x00', 0x3}, {0x200}, 0xf0, 0x0, 0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='./file0\x00', &(0x7f0000000780)="e5d2726120", 0x5, 0x0, &(0x7f00000007c0)={0x2, 0x58, {0x1, 0xc, 0x1f, "72605ae509243f2096641ef738f9452382ed8fd31c7d22836ed062ec3a56e5", 0x2c, "bed2be7f444558b9b39a145541445530dfbe5d1ddb733774f5fc207588b92de9a1c423415309b3b479e51c67"}, 0xc1, "a546c311b6c09df535c1ca3d09e7655f5e9bd4a49901ef4c49dca45c4cb466328ff9494feaf0984ae8807f2ef1ed9d15804236eb66582109abd71de0e7981b431b700d6ae453a87ff24878ad8ad812f176d81af0024e39573a09e9eac73b1cd815606a5f3209e1ca24d6dc50348aaa96cbc448a819caada30b604f8f41a8d4cf0be0dc471bd76bbce5ee81fad12358818155c046c5f3dbf7c8a280018000e35c915f0b15da090dddc11f4c96ac46f3f2f813f4ad76ee950d9afc6b75b000c6f69c"}, 0x125}) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000980)={0x7, 0x0, [{0x8a1, 0x0, 0x8}, {0x2f4, 0x0, 0x6}, {0xb01, 0x0, 0x1}, {0x31f, 0x0, 0x3}, {0xae2, 0x0, 0x9}, {0x1ae, 0x0, 0x1}, {0x908, 0x0, 0x7c7}]}) (async) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) (async) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f0000000a00)={0x0, 0x0, @ioapic}) (async) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000c40), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000c80)=0x1) (async) ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000cc0)={0xa, 0x400}) (async) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000d00)={{0x2, 0x3, 0x9, 0x1, 0x3}, 0x3, 0x6, 0x8}) (async) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000d80)=0x6) (async) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r5, 0x1000004, 0x4010, r0, 0x0) ioctl$EXT4_IOC_GETSTATE(r0, 0x40046629, &(0x7f0000000dc0)) r6 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) ioctl$NS_GET_USERNS(r6, 0xb701, 0x0) 1.696133344s ago: executing program 2 (id=2043): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r1, &(0x7f0000000000), 0x2002) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101140, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000e40)={0x1, &(0x7f0000000e00)=[{0x6, 0xfb}]}) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1000000) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000580)={@fda={0x66646185, 0x2, 0x2, 0x3b}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x20, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 1.664382135s ago: executing program 0 (id=2044): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x2fb) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) 1.577954626s ago: executing program 0 (id=2045): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000000)={'veth0_to_hsr\x00', 0x200}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x6a800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0x1, 0xdddd1000, 0x0, 0x2, 0x4, 0x0, 0x0, 0x4, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x4056000, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xfe}, {0x3000, 0x5000, 0xc, 0xfe, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xffff1000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x2, 0x0, 0x4}, {0xdddd0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0xdddd1000, 0x0, 0x0, 0x2, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x1, 0xb, 0x6, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x10}, {0x0, 0x3000, 0x0, 0x0, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5, 0x0, 0x3}, {0x80a0000, 0xfffc}, {0xdddd1000, 0xff}, 0xddf8ffdb, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0xd801, 0x0, [0x6, 0x0, 0x1, 0xfffffffffffffffe]}) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000002c0)={{0x1, 0x8080000, 0x8, 0x9, 0xf9, 0x3, 0xdc, 0x0, 0x0, 0x8, 0x1, 0x10}, {0x5000, 0xeeee6000, 0x8, 0x3, 0x3, 0x94, 0x9, 0x3, 0x0, 0xfb, 0x2, 0x3}, {0xd000, 0x0, 0x3, 0xc, 0x9, 0xb0, 0xf, 0xfb, 0x9, 0x8, 0x3, 0x8}, {0x2000, 0x10000, 0xd, 0x9, 0xc, 0x10, 0x2, 0x9, 0x9, 0x0, 0x5, 0x9}, {0x3000, 0x80a0000, 0x10, 0x3, 0xd, 0x2, 0x5, 0x7f, 0x2, 0x3e, 0x72, 0x4}, {0x0, 0x0, 0x8, 0x40, 0x5, 0x6, 0x9, 0x7, 0xec, 0x9, 0x2, 0x4}, {0x8080000, 0x2, 0xa, 0x40, 0xfb, 0xc, 0xa, 0x6b, 0x0, 0x4, 0x1, 0x5}, {0x2000, 0xdddd1000, 0x3, 0x0, 0x4, 0xf6, 0x3, 0x5, 0x0, 0x86, 0x4, 0x36}, {0xeeef0000}, {0x8080000, 0x5}, 0x10000, 0x0, 0x5000, 0x30, 0xf, 0x2900, 0xf000, [0x49, 0xe, 0x1, 0xbd]}) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r7, &(0x7f0000000040)=0x7, 0x12) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r9 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r8, 0x0) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000280)={0x2}) r11 = openat$random(0xffffffffffffff9c, &(0x7f0000000180), 0x503400, 0x0) r12 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0) ioctl$RTC_IRQP_READ(r12, 0x40187013, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000001640)={0xb8, 0x0, &(0x7f0000001500)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r8}, @ptr={0x70742a85, 0x0, &(0x7f0000000100)=""/78, 0x4e, 0x0, 0xe}, @fd={0x66642a85, 0x0, r11}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x400}, @enter_looper, @decrefs={0x40046307, 0x1}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001440)={@ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/4096, 0x1000, 0x1, 0x33}, @ptr={0x70742a85, 0x0, &(0x7f00000012c0)=""/129, 0x81, 0x0, 0x19}, @fd={0x66642a85, 0x0, r1}}, &(0x7f00000014c0)={0x0, 0x28, 0x50}}}, @decrefs={0x40046307, 0x1}, @register_looper, @clear_death={0x400c630f, 0x4}], 0x64, 0x0, &(0x7f00000015c0)="7f20ae9144645cf348a9e194eb015f9b99b47ec0e7977883350ed62758e9624510d46646dc967f9dcfd00958de306a116f49b2284cd0f1dbc0afc01f547991a30f9d7987089927d9c43732961e3626b0aae2ef45c123ee33bf50ecad4f9b34d64ce67049"}) 1.392103788s ago: executing program 4 (id=2046): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000813000/0x2000)=nil, 0x2000, 0x0, 0x2010, r1, 0x8f4d8000) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0xd1383000) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000007, 0x13, r0, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 1.353966099s ago: executing program 4 (id=2047): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x44, 0x6}, {0x6, 0x1}]}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x1, 0x18}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 1.30390999s ago: executing program 0 (id=2048): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x488}]}) 1.208131372s ago: executing program 1 (id=2049): ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x100000000000004, 0x10000, 0x100, 0x9004, 0x0, 0x3, 0x5, 0x5, 0x8, 0x3ff, 0x5, 0x0, 0x9, 0x8, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x5, 0xffffffff, 0xffffffff00000000, 0x0, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x4, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x5c3e, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x7, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0xc, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x2, 0x4, 0x2, 0xcdc, 0x4, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x4, 0xab6, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x400000000008061d, 0x3, 0x8, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x2, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]}) ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x4, 0x7, 0xd, 0xb9, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0xff, 0x0, 0x4, 0x4, 0x7b, 0x20c}, {0x1, 0x6, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x7}], 0xfbffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x5ffffffffff, 0x1000000000, 0xfffffffffffffffd, 0x8000000043, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0xffffffffffffffff, 0x800000000000], 0x1, 0x296}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0x3, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4f, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001']) 1.117082453s ago: executing program 0 (id=2050): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x6000, 0x1000, &(0x7f0000090000/0x1000)=nil}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r2, 0xc018aec0, &(0x7f0000000040)={0x1}) ioctl$KVM_CREATE_VCPU(r0, 0x40087707, 0x2) 1.072356234s ago: executing program 1 (id=2051): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f00000000c0)='system_u:object_r:printer_device_t:s0\x00', 0x9) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x4800, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/cpu_byteorder', 0x0, 0x0) read$FUSE(r1, &(0x7f0000004180)={0x2020}, 0x688) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x44, 0x6}, {0x6, 0x1}]}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x113200, 0x0) ioctl$VHOST_VDPA_SET_STATUS(r2, 0x4001af72, &(0x7f0000000100)=0xb) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x3) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x10, 0xffffffffffffffff, 0xa2566000) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000400)={0x1, 0x0, [{0x8b, 0x0, 0xfffffffffffffeff}]}) r7 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$UHID_CREATE2(r7, 0x0, 0x2) r8 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x2, 0x12, r8, 0x0) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r8, 0x2) ioctl$ASHMEM_GET_SIZE(r3, 0x40087705, 0x7) 864.044487ms ago: executing program 0 (id=2052): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x63761469321c3ff0, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xaa, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) close(0x5) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close(0x5) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000080)=0x2) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00'}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x111000, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000640)={0x79, 0x0, 0x4ae}) ioctl$UI_DEV_CREATE(r5, 0x5501) read(r5, 0x0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x7a1002, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x24}, @fda={0x66646185, 0x3fffffffffffffff, 0x0, 0x12}, @flat=@weak_handle={0x77682a85, 0x110b, 0x2}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs2/custom1\x00', 0x0, 0x0) r11 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) write$UHID_INPUT(r11, &(0x7f00000009c0)={0x8, {"860f2e7999c296c0f06fa04cb5956d7d0666a7d4718069c666a94a814dad4524f389742e2df706d53adfcef8791c5188edb055152c9d36dfaf0172963752be11330e392e1d3ff179872471ca087228b7af96698acce7621acc9d8e06c4116d4ddc5077a9a240260723c03e05857392d4f1201639156319204f670e2bcb761a082964ef46c05c86c93d18737199485d08fb56b4a9fb2db771bf857a9077f9a3363227f6ab87c3b03a486ff4e7a6dc5f85b3080b1a95b8af5cba2a45750c4a704f70b456b47f6d98be68cf09cea126fa668f810724726db99ccfcd2be8341965fdf18faa01b992f21749f8dbdc40d1ca46e7cd461d39184fef69f7ea84da068b6db39672e9c6514dfc59f850c0e72de43b016cb596c8b6122ab24f61f44b01a299f700299d1ae6a2c978e388fa5531d907fe29c4306c211ecc5974ecbe6d990cd49e40445f88d99434023f97a69b2301a6ddd9961c382c2bcf028fbe1c74f99274aecdb8a864146ea383f72ceb06188033fc49baaf8c27dc914d12edfab03ea33228b1ccc5a2219a8e140a2125b91cd122975e41cfadc2f6ec8fd07878e79928927a6296ca6c994c5ba0aa24d34375d3817ecafed13cf05931d6b24378d62e77c24507c736fa37cda0c7137ffc7b9c806e3f0552d912a40969d73280e34b2e07fba4fd52f1dcdcc39514f661860049a8df60e4dd63579479caa222991313bccb6c4a02432a5596196075e034bc4fb61dec255db5144b217b1374ec04a4eba516efc9ebbb78ecd03e718b6b906f16b65323b5c414ad3e1700037cb8394635837236273173e16d095f6f984f00e7dd29be0507e4263d95b199e174fe60f799ea9787b60b522fdeceec1c3ea2db73b1e27798da56a12a28cedbd44dcd797a994b3d73bc7077e7a792fd17711c0a671701c691e27dc7f962d900498f87a05877782e0430d18c5f0f9f3c7e10009a81eb1051d729e3ed63b2cfb418f92eb1e9e4b0c3b0d2f674a11163f87df114b8c8ec680269e25c41dd9913571c08d53e4b7295a5aad22e4c1236986e47814aa41a2ca936025158a64d1f944d831a8e86d980a47fdb06568f642708cfc239970a40f072417f74551dd8e204f3d38aba564106c0058da07b123482e4dfe3e37dbaa6cae60ca671d0102de5a66c0d3fb753c4897bb444b260c5ce40312f4afb58947a18ffca59036d4facfabcf9c86683d4dbed6896729c79cdec8fe3aef3dac5bf47247d2698f46ba11ae6f1f89e6ba0962774547c6f9904f4bc11cb9853b8d6c8cfac72533b9d81a0e409c55f578b5edb780123d565d127dd4fd3f70d0388262d3b7c781e0bddc6edc58b3a6e3f0dce1d0f7a7d84ffa4e18c5277217338102619b70264e4bff98ca500c9eef5468fdf0f6806909b2b1aaf21e3ff33a26c2629fbf76843b83c0814fefad42d84fd17fac38bb3543bb164e82313e76befed2e3f61ca4e5425fea50428cc558039a5757c10e16e673587863c8b1810afa5bae60ab6d2de872f4593f25524d98b4db715636106d5d1e1b0a3c3c2ec09a93b8104a03e530e315a14288fc31d62bafbd16c956ba736e36c145c4698a443131c6ea99b3f24910b55bcd0518e180e0bf722dfde69abed3b6df084afe38eeb24638409fb0fadddc8773133adb133d311cf150bf21dfd521ea87b6c10630dee6834f8a68c45b8a1c029dd49f76473016dd98202e91dc7261300d41630f5cc937757ade1e941cff1f2165f56460bb42052f6c0068aa1b3033fd8a12f71744d92c605676399462669cd217ea9e2a884bcff7d31f3c68272709648e80d95740d9911ab94feb27bae9c042b6594524cd6e29c84e91cdf29467a1204f7f419a539304efe2bb92d44fc4a71d018e3c71a252b68ccad902555296783320273df058cbc48d2cf02b97e8daf0cd333094a11e181572d560f8a79bef78d0c616ab8f4ea26317c346977d55b1a7862e169791e7ba836e7a72900dc46e59699f638e28610fdedefdaa09a853391f9e1dec094ddc9355831a23c5cc09828920c2a91f97bf164025bca6d9f6c35fd1c78ace8bbbd5dc9e7319b7b7a6733213832c65717e4f456af60b347c13042444cacf540b84adbbd8c16c24d7810b6236d61b0634a021c80b9a6ae97ce594d25577b7522d0557d12f21d90c53e11474a3f33f3a587317c7bca0306582102feeb8ea126aefa5aff480750b8631bc1f62c2104d04620a4c3f755d5950f35962bab5fd2fd839a196e2726948d0bc9964b8de69debc704aa1959cdd4f2d68b1cbe6c20bf3a1772d9dab94046eacac54531e2ebbd381c2c5ef94d71455b957154c8131c8cb16593854a6b60d7f1b0795844c34fffe81ef5912f2b4df0ceb2e0d2bbce14db2ce98d06609b4ba5053d01a05a0573aa84a28381e67370d936427bb0cec983a635b95517deab5fd4c860d947a3196a30d5f280600071e656db37bb9ff83f76f40218e530f2ff4dd24091b06d1e7db13c31a4244736ff201120be5c25ee7e9b9f955e157ed62d4fceb1a0b4ccab6bced2e88686dd43e647eac41c0bf6b307731d7ceb0afa33e9544c05ef75e82812ec63b856a4c6ee779fb432a2a5eab2e843815b1751d5c516ed16db1fb0e99a6b8300026ef8e7ac352d8df72752ef0018ae6447cd70886719d7ffc8b958fd8c54b508cccf8b8072eb65d5459c4573e2360e50528b68034096d15a613abeb7cfda171481cb0bcdb5986a8c901ff476a3b69467e2af381bbd97f7fb80f308093a3e00174f0cee19c2a96e1aa7bfbc8f4f66d9a6b3ceb464033ea0c6e8c0bc39a85cd5e411eeae403d1028933d403535611b7b4b9a4e11fb0937588e7fdb1402848fd86d2ce59ef52de0ee2772da17e4fe185f90fdc682ed7c8e31c24e7d7ef44e808bc5318fda06e2d889193c510deac9c8e47abba443e3a72a18e2653f843f17eb3a397494cffe50e3490894c720b82c75bfe1a471a17f847b8e6201abb25b0e2049f3e5a6196e557ebc9cada978fd0ef2e6f923d2c376fa9f53bd5336399a3a404ca20aceffec04321cdd57e9bb57e91bf6dbb7c72a8bc87a3c1e39605d3c9f033bdf9673302cfa966b666997d1ea632fac15981be57af4db2df79759b53f038953802fe75a51748b6ce9d20c10c6765afd3b2ec2e6c8d303ef58e46c04ee713a2312c3e02cadb17483fb5c5a15844cc4e8874aa473f8ac9de71943b6997af9b11b646990e040275728274060adcfd0996b0556baebff917885f365737a71ea72c2e33280486961ed676705c92d4dbed226c17e86a6b8b241ad527a1598b00334f9b96c3c0444548e81f31a20de7c7e8ee03d525ac4c1fe9db58a9a45343e36deb2f086c8b8d77fa48cae205ed1a0daa9c0df51fa24f09ca44c6e3d62762469ddc4ce7fa9b0075c418918da5f2ceca1ae5dc98d15c932d5597f22cdcdd2e46ad57faf325b8d1802682f6ec0de4b1024e28497f6e848f543e8ad468619806b56e630af83900392b02169251eea49b558b2ee9a4ea070c26a4c8a34a22b099d1a2b62ca0bba4259b438d934f42adfe724808b759d2ce36d4483cee5361b11e55f64d969525671289016297838382d3c308d19fe14a1ab9ed71e52a91a4969e70dd0b0bb1145d3aea800932cb22103c9d8c31976b2e6e54ba701b45028c103d5aa94b638af2cc7e4c9dad5ea92b04bfacc7e7f93077d380d7cad1d01ce2e22630c57fb0d22f150f1a1edc52864b12a3356956fb0b608b63565b167da2b9f532021656ef16e2b0107c826be88bf4a4c3fec4d578072c38d58327524ef575e9e44d8dce8d25d5c1419151f6113e9ee85ff5a29b62320d3db129390ca301973395a316ed66a3d10579e7300855bf0fe178f5e3ce053814706fe3103dfbc5b578484f6a454f9694d8c74f58729e21e5e82f3b811061a9135450bd3f056129551667feb605f22e8cd58de04afea377c070674140c79718537d06604be0ec1d2ee7730c5840e49e66ff3202a430724b52b0fdf420a0bdf7df80ea7b198587898b70f7404fbd5dc56df9497bf2bfd10aa3e464f9a931b01dc22257382b0f318a12b2a45ace8e2e923e8bd5f64a4d55d617cfdf3fc775d52c70ef0e16a27e12a9cdf2214a51979a130fe711722cd196da359ec11f24726ed7715e4b3497678399e58fa4f73e506c4bc7708e2e6b3683e0f36db1dd2b8193a2c211e12b7cbaafb581d2cbcde0c1a3decd9ab5bb7203eea8feb131303f14d28646200f343c06ec2bd6623806c220b5ffd324f633fba1cba1b87442632536de10e328062ce74a9f7aff043ecc838c038751f4e4773025e16f0e1628b6270f7560a31c39bc7b1f67051fd735c5b45bbfd0189ca81886de32cab1ca4d0e2b41f5ce956315d6cb577aa4fbfc82a0aa5d51799bf51c2df8bcd4da2789f34f5907173083a4dd81b8d10332cbc24a5b473fd6e574e4bb58aac292c51ce675bd2c5e6f68bcf87957db64defa6ca640bc4ad336f989bbc99e2fd53944c9fa9fbd8be8f2b88164a1919d61d412ea62e97a5a87fd61a3ff9ae8d1e610ae9ea53c7cdf3790e41f484849003b4376c3299e875cec53b2b7d12c0007df30eac825183514dbcd045a20e110c1efb6a89e20b347972e2bc546569c91902492e0c09a60fcdc3a27e238b8a81d864a97319bacc1c021a26ca3e234c9682308792e535f09d167f5ce00c5131e2d83e33788a2a3b93f939da356662d0369c4c0de66f688cd1993c983d450887fb85672a3f8430a09a7436ad88a975cb27e596979609d2b2803b11bf664cdfcb24b2359d639f09f88a9555b25a416118518805c58d3b323139b22de583a528b45074986dfb1bc9ff2de0e10fcc657eefb1d885db021ab6aaa615d08db067a6426e323a75eb4b5c14aef7ae9be60b1dad094416e7c78075f6c92ac0a95cf93fb27b5f81370335132fffafb0dd9df6ff53e929656116b36a269660d2218d491c5f7ce7e1a88feecf97f69dcaefedcfb7ba31de258c9fc376f3fd7ca05f5ad13819b33f913be88707581af5d3875ef52b6d703441a2b9aaf5d89ed51b5453eb5c3503612c2be0b012f1ceaa30bc48bab7ace8021728c2639d3d3f8447613e97665513f70a0eca4d92e9f8f4a49c966f946cc7b6a12146c7c856d2eee218bcbb2ad8999b8e8d46874cbf7ab9fb4934869a273e27114c8d4401945bfa8cabbd8c04fcdf037e76168bae8e8d7e6d2be60c70a93cbd58c41917bf99e1e2ff3df82397dc5b66502f2ac2e3e0b54beae72770b86921f9ff871864eb90093e6821a32058f5c897554a1384a41bab3d272e01aa44f53c2788ae88d29d6f02c595a7686c7e95d0a0765508e11775ea449341b92806b5417a3a75f42e97ca6fb42cf6770319d0d308fc67bb46f20d98a6fc767999cbe7a6d1a09c24d2dace260d6fe1c9537ab0fe74e9780fec44dd4d6d9b577fd0fe1d3681553bd8620196431c660101eac8c8b807fe81b2a46ed2b7b16704b5a4012f6f1640391ad3f3a2b6bc9723bf22f915442b60153a0093e559ed14ad56df07c05ac92320727c77ead5fa15dc5686b77dff7c5a8ad6b77f958e94d4c2111f5c3b992b1065e57f178027c917aa71ef946b2ea4e897494ab8590e188f88e76eeebfc1f1fee739fd74641bc60a5133063bdd1b57966327215c75255ef0c3620439aa7ece5ce38545b5ddcdd922aad4295f9569d59583c951d1cb4fe3d4620de75c306e557b7970bf8bbe8bbad144a8606b74e87bf026c1504245c11d4f130194b02315eaf0c4e7303dbb38594f586fb94c47462809a4d23802d97dd6eb0cd8c9", 0x1000}}, 0x1006) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000100)={0x58, 0x0, &(0x7f0000000440)=[@dead_binder_done, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/210, 0xd2, 0x2, 0x8}, @flat=@handle={0x73682a85, 0x1, 0x3}, @fd={0x66642a85, 0x0, r9}}, &(0x7f0000000400)={0x0, 0x28, 0x40}}, 0x440}], 0x0, 0x0, 0x0}) 768.213568ms ago: executing program 2 (id=2053): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000000)=ANY=[]) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xeeef0000, 0xf000, 0xf, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x13}, {0x1, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x65, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x10000, 0xd000, 0xe, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x0, 0x8, 0x8, 0xff, 0x4, 0x81, 0xe, 0x0, 0x3c, 0x7d}, {0x0, 0x80a0000, 0xd, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0xdddd0000, 0xa, 0x6, 0x5, 0x0, 0x78, 0x0, 0x1, 0xff}, {0x0, 0xdddd0000, 0x8, 0x0, 0xfc, 0x1, 0x0, 0xa, 0x26, 0x0, 0x10, 0x45}, {0xf000}, {0xeeee8000}, 0xfdfcffdb, 0x0, 0xdddd0000, 0x101b8, 0x8000000000b, 0xf801, 0x10000, [0x0, 0x0, 0xffffffffffffffff, 0x7]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fd, 0x2, 0x8000000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000940), 0x800, 0x0) ioctl$RNDADDENTROPY(r3, 0x40085203, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB='max=\x00']) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000000)=ANY=[]) (async) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xeeef0000, 0xf000, 0xf, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x13}, {0x1, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x65, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x10000, 0xd000, 0xe, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x0, 0x8, 0x8, 0xff, 0x4, 0x81, 0xe, 0x0, 0x3c, 0x7d}, {0x0, 0x80a0000, 0xd, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0xdddd0000, 0xa, 0x6, 0x5, 0x0, 0x78, 0x0, 0x1, 0xff}, {0x0, 0xdddd0000, 0x8, 0x0, 0xfc, 0x1, 0x0, 0xa, 0x26, 0x0, 0x10, 0x45}, {0xf000}, {0xeeee8000}, 0xfdfcffdb, 0x0, 0xdddd0000, 0x101b8, 0x8000000000b, 0xf801, 0x10000, [0x0, 0x0, 0xffffffffffffffff, 0x7]}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fd, 0x2, 0x8000000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async) openat$random(0xffffffffffffff9c, &(0x7f0000000940), 0x800, 0x0) (async) ioctl$RNDADDENTROPY(r3, 0x40085203, 0x0) (async) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB='max=\x00']) (async) 542.992572ms ago: executing program 2 (id=2054): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000300)={0x1, 0x0, [{0xc001001b, 0x0, 0x9}]}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0) ioctl$SIOCGSKNS(r4, 0x894c, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs2/custom0\x00', 0x2, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x88801, 0x0) ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000080)=0x2) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x80200, 0x0) ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000280)=0x4) ioctl$PPPIOCGIDLE32(r7, 0x8008743f, &(0x7f0000000000)) ioctl$PPPIOCGIDLE64(r6, 0x8010743f, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x1, 0x18}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) ioctl$TUNGETDEVNETNS(r4, 0x54e3, 0x0) 412.044984ms ago: executing program 4 (id=2055): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x80000000000e) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom0\x00', 0x800, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x40800, 0x0) (async) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x4, 0x6, 0x2, 0x0, 0x5, 0x9, 0xe1e, 0x200, 0x7fff, 0x6, 0x6e216631, 0x8000, 0xfffffffffffffffd, 0x5, 0xfdfd, 0xfffffffffffffff8], 0x4, 0x10c0}) write$cgroup_type(r2, &(0x7f0000000180), 0x9) write$cgroup_int(r2, &(0x7f00000000c0), 0x12) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r4, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x8, 0xc, 0x0, '\x00', 0x6}]}}) ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000040)) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) (async) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r11, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0xc0010007, 0x0, 0x390}]}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r8, 0x0) (async) ioctl$KVM_GET_SREGS(r8, 0x8138ae83, &(0x7f0000000500)) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000440)={{0x0, 0xeeee0000, 0xe, 0x9, 0x0, 0x6, 0xc0, 0x0, 0x2, 0x83, 0x7, 0xe}, {0x4000, 0x2, 0xb, 0x7, 0x1, 0x4, 0x3, 0x6a, 0xe3, 0x7, 0xeb, 0x16}, {0x8000000, 0xffff1000, 0xe, 0x7a, 0x1, 0x3, 0xf7, 0xf, 0x9, 0xc, 0x8, 0x53}, {0x4000, 0xdddd0000, 0xf, 0x52, 0xad, 0x71, 0x9, 0x7, 0x9, 0x3, 0xfe, 0x2}, {0x2, 0xdddd3000, 0xb, 0x3, 0x8, 0x5, 0x7f, 0x0, 0x69, 0x58, 0x8, 0xe8}, {0x2002, 0x0, 0xe, 0x5, 0x3, 0x6, 0x4, 0x3, 0xa, 0xd, 0x5, 0x4}, {0x8080000, 0x10000, 0x0, 0x0, 0x45, 0x7, 0x0, 0x6, 0xfc, 0x3, 0x3, 0x9}, {0xdddd0000, 0x33320000, 0xa4191b9d8e75dd4a, 0xa, 0x1, 0x2, 0x6, 0x3, 0x1, 0x4, 0x2, 0xfb}, {0xd000, 0x4}, {0xe000, 0x20}, 0x10000, 0x0, 0x5000, 0x120074, 0x8, 0x1000, 0xeeee1000, [0x6, 0x7, 0x7, 0x2f3]}) (async, rerun: 64) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @flat=@binder={0x73622a85, 0x100a}, @flat=@binder={0x73622a85, 0xa, 0x2}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) 325.063375ms ago: executing program 2 (id=2056): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000000)={0x6, 0x0, [{0x3, 0x3, 0x0, 0x0, @adapter={0x0, 0x44481f25, 0x7ff, 0x0, 0x80000001}}, {0xc0, 0x3, 0x0, 0x0, @sint={0x3, 0x8}}, {0x3, 0x2, 0x1, 0x0, @adapter={0x1, 0x8000000000000000, 0x3, 0x2, 0x10}}, {0x6, 0x4, 0x0, 0x0, @irqchip={0x7fff, 0x2}}, {0x5, 0x4, 0x2, 0x0, @irqchip={0x2, 0x7}}, {0x5, 0x5, 0x1, 0x0, @msi={0x10000, 0x3, 0x4ae, 0xd}}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000140)={r1, 0x4, 0x7}) ioctl$FS_IOC_MEASURE_VERITY(r2, 0xc0046686, &(0x7f0000000180)={0x1, 0xf4, "b755ef19e571c49e7f9ab9b28881ac74c5ea645c538eeafcc1cf671bbc066271189d142c7090560a26364da93b745cea38db8afc091a71dafd5e5a02a292a720ca58b0e1d2a3100115fd1ac30605a33629fbb5de553a5390206404a854ea89cb7d13c6230c1a7be86f803dc59095a81a8dc834ee332ac9cd03babf6b8cfd2b65a4e265bc7c28ffb60b0b95a6701e9212ddae1d2508c5e500226e8f0ab2164bb0e9a6afb35c9676159e5e8c340fb45de17f6e430567ee6cee126adfcd909c38d78690a9d12ca90ab1147756f045230ea70cef4ee358b6589e6d4dfa63f23b2b1b68d4f1323fed41bdfb59f082136c27683049cf32"}) r3 = openat$cgroup_pressure(r2, &(0x7f00000003c0)='io.pressure\x00', 0x2, 0x0) r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/fs/binfmt_misc/syz2\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000700)={0x104, 0x0, &(0x7f0000000500)=[@increfs_done={0x40106308, 0x3}, @acquire_done={0x40106309, 0x3}, @dead_binder_done, @increfs_done={0x40106308, 0x2}, @release={0x40046306, 0x1}, @acquire={0x40046305, 0x2}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x0, 0x1, 0xd}, @fda={0x66646185, 0x4, 0x0, 0x9}, @ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/80, 0x50, 0x0, 0x1a}}, &(0x7f0000000380)={0x0, 0x20, 0x40}}}, @increfs_done={0x40106308, 0x3}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000440)={@flat=@weak_binder={0x77622a85, 0x2000}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r4}}, &(0x7f00000004c0)={0x0, 0x18, 0x30}}}, @request_death], 0x97, 0x0, &(0x7f0000000640)="90205cde6496138767f83f8f981115948978a55b5fc936da010f2ace124f13d2f57567db2a77ca114041cdc3f2092cefeb97bac4440533d562d0ebf97de687d050648865e017b40a8055cbbb5aaef821b605341f1227ef34396dcc8de98bdc2c30030b2c274b195039154792f98e53fe19b7694355a40ca93218eb35a234234a993dbcf17c5f0c0bc3514afa0a90fcd340f5d64dd3f34e"}) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000740)='/sys/power/sync_on_suspend', 0x14040, 0x2b) ioctl$BTRFS_IOC_BALANCE_CTL(r5, 0x40049421, 0x2) ioctl$KVM_CAP_DISABLE_QUIRKS2(r5, 0x4068aea3, &(0x7f0000000780)={0xd5, 0x0, 0x10}) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000c00)={0x0, 0x80, 0x0, &(0x7f0000000800)=[0x2, 0x0, 0x7fffffff, 0x4, 0x400, 0x4, 0x474a, 0x3, 0x1ff, 0xfffffffffffffff9, 0x800, 0x9, 0x11f6, 0x48, 0x1, 0x8, 0x2, 0x80000001, 0x9, 0x1, 0x86b0, 0x0, 0xffff, 0xfffffffffffffffe, 0x9, 0xfffffffffffffffa, 0x8000000000000000, 0x2, 0x2, 0x4, 0x8000000000000001, 0x0, 0x6, 0xffffffffffffff28, 0xc52, 0x0, 0x8f, 0x70, 0xfffffffffffffff9, 0xffffffffffffffff, 0x0, 0x3ff, 0x4, 0x9, 0x4, 0xffffffffc629bd3d, 0x4, 0x9800000000000000, 0x8000, 0x1, 0xf036, 0x8000000000000001, 0x8, 0x0, 0x7fff, 0x3, 0x9, 0x262469ce, 0x401, 0x2, 0x10000, 0x83, 0xffffffffffffffff, 0x10000, 0x8, 0x4, 0xffff, 0x8, 0x9, 0x8159, 0xa41, 0x7f, 0x6, 0x0, 0xeb, 0x5, 0x7, 0x6, 0x7, 0x6, 0x6, 0x3, 0xe, 0x4, 0x5, 0x9, 0x4, 0x9, 0x9, 0x75a, 0x44, 0x7, 0x5, 0x4, 0x8000000000000000, 0x9, 0x8, 0x4800000000000, 0x36b, 0x33d1, 0x56b96252, 0x9, 0x9, 0xffff, 0x1, 0x7, 0xd2, 0x7fa3, 0x0, 0xff, 0x75557376, 0x8000000000000001, 0x400, 0x9, 0x1, 0x0, 0xa, 0xedb1, 0xba6, 0x0, 0x5bf, 0x1, 0x6e, 0x4, 0x3, 0xdf3, 0x3ff, 0x9]}) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000c40), 0x8002, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r6, 0x80049370, &(0x7f0000000c80)) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000cc0)={0x3, 0x0, [{0x1a6, 0x0, 0x1}, {0xaa4}, {0x950, 0x0, 0x2}]}) write$cgroup_int(r2, &(0x7f0000000d00)=0x9, 0x12) write$tcp_mem(r5, &(0x7f0000000d40)={0x1, 0x20, 0x6, 0x20, 0x3}, 0x48) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_PIT(r7, 0x8048ae66, &(0x7f0000000dc0)={[{0x8bb, 0x0, 0x81, 0x9, 0x1, 0x3, 0x5, 0x6, 0x3, 0xbd, 0x4, 0x3, 0x9}, {0x0, 0x6, 0xff, 0xf0, 0x1, 0x7, 0x0, 0x1, 0xd8, 0xd, 0xe, 0x2, 0x4}, {0x13, 0x9, 0x9, 0xc, 0x43, 0x4, 0x4, 0x2, 0x80, 0x6, 0xff, 0x6, 0x3}], 0x9}) ioctl$TIOCSISO7816(r5, 0xc0285443, &(0x7f0000000e40)={0x0, 0x167, 0x3, 0x40, 0x5}) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000e80)={0xfffffffd}) ioctl$VT_GETSTATE(r2, 0x5603, &(0x7f0000000ec0)={0x41, 0xf51b, 0x6}) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x3ff) write$cgroup_int(r2, &(0x7f0000000f00)=0xffffffffffff8001, 0x12) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000f40)=@arm64={0x7, 0x64, 0x20, '\x00', 0x4}) read$FUSE(r5, &(0x7f0000000f80)={0x2020}, 0x2020) ioctl$KVM_CAP_HYPERV_TLBFLUSH(r0, 0x4068aea3, &(0x7f0000002fc0)) ioctl$KDSETMODE(r6, 0x4b3a, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$vga_arbiter(r2, &(0x7f0000003040)=@target={'target ', {'PCI:', '19', ':', '15', ':', '1b', '.', '8'}}, 0x16) 274.812406ms ago: executing program 2 (id=2057): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x82400, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000240)=@x86={0x0, 0x0, 0x80, 0x0, 0x3, 0x5, 0x3, 0x4, 0x80, 0x10, 0x2, 0xbe, 0x0, 0x7f, 0x4, 0xef, 0xd6, 0x8, 0x28, '\x00', 0x4, 0x21}) close_range(r0, 0xffffffffffffffff, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1001, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/89, 0x59, 0x2, 0x2}, @fd, @fda={0x66646185, 0x2, 0x1, 0x3f}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 172.170917ms ago: executing program 4 (id=2058): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, 0x0, 0x2000008, 0x12, 0xffffffffffffffff, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}) 171.710197ms ago: executing program 2 (id=2059): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xc0081, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x5902}) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x5902}) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'nicvf0\x00', 0x5902}) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009002"]) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0x8000000000, 0x5, 0x1, 0x8, 0x4002004c5, 0x40000001000, 0x1, 0x0, 0x7, 0xe, 0x0, 0x6, 0x0, 0x49], 0xdddd1000, 0x186357}) (async) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0x8000000000, 0x5, 0x1, 0x8, 0x4002004c5, 0x40000001000, 0x1, 0x0, 0x7, 0xe, 0x0, 0x6, 0x0, 0x49], 0xdddd1000, 0x186357}) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_SYS_OFFSET(r8, 0xc0403d08, 0xffffffffffffffff) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$vga_arbiter(r9, &(0x7f0000000140)=ANY=[], 0xf) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000004180)={0x73622a85, 0x1, 0xfffffffffffffffe}) r11 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001200), 0x802, 0x0) write$uinput_user_dev(r11, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x800, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) (async) r12 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) read$FUSE(r12, &(0x7f0000000080)={0x2020}, 0x2020) ioctl$PTP_SYS_OFFSET(r12, 0x43403d05, &(0x7f0000000380)={0x1}) write$vga_arbiter(r12, &(0x7f0000004100)=@unlock_all, 0xb) 146.916848ms ago: executing program 4 (id=2060): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000e00)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) (async) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000011c0), 0x65101, 0x0) ioctl$BLKROGET(r2, 0x125e, &(0x7f0000001200)) (async) mkdirat(r1, &(0x7f0000000000)='./file2\x00', 0x15c) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0) (rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x50, 0x0, &(0x7f0000002040)="77062cdeb2551ff088862e47734ac7eb2e436321311317afe07822a299d606000000000000006b47868f357ba1edd6b402c7022a1fe37f5f729dd812db0800d930f67000"/80}) 93.954848ms ago: executing program 1 (id=2061): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) 0s ago: executing program 4 (id=2062): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x6) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000001c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x868]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r2, &(0x7f0000000000), 0x2002) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x6) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) (async) write$uinput_user_dev(r0, &(0x7f00000001c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x868]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) read(r2, &(0x7f0000000000), 0x2002) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) (async) kernel console output (not intermixed with test programs): [ T3819] rust_binder: Write failure EINVAL in pid:896 [ 93.376566][ T3819] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 93.414340][ T3819] rust_binder: Read failure Err(EAGAIN) in pid:896 [ 93.467635][ T3824] KVM: debugfs: duplicate directory 3824-5 [ 93.539967][ T3827] rust_binder: Failed to allocate buffer. len:4232, is_oneway:true [ 93.539994][ T3827] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 93.549900][ T3827] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:916 [ 93.584234][ T3832] rust_binder: Read failure Err(EAGAIN) in pid:899 [ 93.621805][ T3832] rust_binder: Read failure Err(EAGAIN) in pid:899 [ 93.891416][ T3837] rust_binder: Read failure Err(EAGAIN) in pid:858 [ 93.916180][ T3837] rust_binder: Read failure Err(EAGAIN) in pid:858 [ 93.916609][ T3843] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.124029][ T3849] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:920 [ 94.137936][ T3849] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 94.224052][ T3849] rust_binder: Write failure EINVAL in pid:920 [ 94.428218][ T3856] rust_binder: Write failure EINVAL in pid:820 [ 94.475289][ T3856] ptm ptm5: ldisc open failed (-12), clearing slot 5 [ 94.828052][ T3874] binder: Unknown parameter '/dev/fuse' [ 94.844364][ T3875] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.845740][ T3875] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.866034][ T3880] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.872814][ T3880] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.945439][ T3880] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.952223][ T3880] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 95.095429][ T3891] rust_binder: Error while translating object. [ 95.101927][ T3891] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 95.133986][ T3891] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:829 [ 95.211937][ T3900] rust_binder: Error in use_page_slow: ESRCH [ 95.211966][ T3900] rust_binder: use_range failure ESRCH [ 95.243503][ T3900] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 95.277696][ T3900] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 95.341750][ T3900] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:877 [ 95.694463][ T3916] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 95.733987][ T3916] rust_binder: Error while translating object. [ 95.744111][ T3916] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 95.774430][ T3916] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:936 [ 95.875052][ T3922] binder: Bad value for 'max' [ 95.999594][ T36] kauditd_printk_skb: 1148 callbacks suppressed [ 95.999613][ T36] audit: type=1400 audit(1750408493.650:12645): avc: denied { read write } for pid=291 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 96.083856][ T36] audit: type=1400 audit(1750408493.650:12646): avc: denied { read write open } for pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 96.154934][ T3926] rust_binder: Error while translating object. [ 96.154983][ T3926] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 96.167426][ T36] audit: type=1400 audit(1750408493.650:12647): avc: denied { ioctl } for pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 96.209493][ T3926] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:933 [ 96.269106][ T36] audit: type=1400 audit(1750408493.680:12648): avc: denied { read } for pid=3925 comm="syz.1.1186" name="binder0" dev="binder" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 96.374088][ T36] audit: type=1400 audit(1750408493.680:12649): avc: denied { read open } for pid=3925 comm="syz.1.1186" path="/dev/binderfs/binder0" dev="binder" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 96.435777][ T3944] rust_binder: Write failure EINVAL in pid:950 [ 96.436269][ T3944] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:950 [ 96.444017][ T36] audit: type=1400 audit(1750408493.690:12650): avc: denied { read write } for pid=3925 comm="syz.1.1186" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 96.491399][ T290] audit: audit_backlog=65 > audit_backlog_limit=64 [ 96.520009][ T290] audit: audit_lost=53 audit_rate_limit=0 audit_backlog_limit=64 [ 96.529237][ T290] audit: backlog limit exceeded [ 96.530534][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 96.854978][ T3969] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 96.970892][ T3972] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 96.970924][ T3972] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:958 [ 97.123770][ T3977] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 97.163415][ T3981] rust_binder: Write failure EINVAL in pid:960 [ 97.185856][ T3984] rust_binder: Write failure EFAULT in pid:840 [ 97.274813][ T3989] input: syz0 as /devices/virtual/input/input54 [ 97.408072][ T3994] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:962 [ 97.462401][ T3993] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 97.893249][ T4018] input: syz0 as /devices/virtual/input/input55 [ 97.968527][ T4018] binder: Bad value for 'max' [ 98.220264][ T4035] rust_binder: Write failure EFAULT in pid:910 [ 98.264010][ T4037] can0: slcan on ptm1. [ 98.314403][ T4037] rust_binder: Write failure EINVAL in pid:854 [ 98.393779][ T4036] can0 (unregistered): slcan off ptm1. [ 98.501252][ T4044] SELinux: policydb version -883601393 does not match my version range 15-33 [ 98.511492][ T4044] SELinux: failed to load policy [ 98.653885][ T4055] __vm_enough_memory: pid: 4055, comm: syz.3.1228, bytes: 281474976845824 not enough memory for the allocation [ 98.694731][ T4062] __vm_enough_memory: pid: 4062, comm: syz.3.1228, bytes: 281474976845824 not enough memory for the allocation [ 98.854413][ T4067] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.854859][ T4067] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:968 [ 98.873270][ T4067] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 98.909885][ T4067] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 98.936730][ T4067] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:968 [ 98.982975][ T4077] SELinux: policydb version 1557 does not match my version range 15-33 [ 98.986171][ T4076] input: syz0 as /devices/virtual/input/input57 [ 99.067259][ T4077] SELinux: failed to load policy [ 99.325645][ T4093] input: syz1 as /devices/virtual/input/input58 [ 99.374615][ T4093] rust_binder: Error while translating object. [ 99.374648][ T4093] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 99.402755][ T4093] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:975 [ 99.547930][ T4106] rust_binder: Write failure EFAULT in pid:878 [ 99.674531][ T4110] binder: Binderfs stats mode cannot be changed during a remount [ 100.102175][ T4135] rust_binder: Failed to allocate buffer. len:4240, is_oneway:true [ 101.005006][ T36] kauditd_printk_skb: 970 callbacks suppressed [ 101.005026][ T36] audit: type=1400 audit(1750408498.660:13607): avc: denied { ioctl } for pid=4171 comm="syz.0.1263" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 101.083990][ T36] audit: type=1400 audit(1750408498.660:13608): avc: denied { ioctl } for pid=4171 comm="syz.0.1263" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 101.141484][ T36] audit: type=1400 audit(1750408498.700:13609): avc: denied { read append } for pid=4169 comm="syz.3.1262" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 101.204015][ T36] audit: type=1400 audit(1750408498.700:13610): avc: denied { read open } for pid=4169 comm="syz.3.1262" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 101.273983][ T36] audit: type=1400 audit(1750408498.710:13611): avc: denied { ioctl } for pid=4169 comm="syz.3.1262" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0x941f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 101.274710][ T305] Bluetooth: hci0: Frame reassembly failed (-84) [ 101.329472][ T4180] rust_binder: Write failure EFAULT in pid:1006 [ 101.329917][ T4181] random: crng reseeded on system resumption [ 101.342570][ T36] audit: type=1400 audit(1750408498.710:13612): avc: denied { read } for pid=4169 comm="syz.3.1262" name="binder1" dev="binder" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 101.398545][ T36] audit: type=1400 audit(1750408498.710:13613): avc: denied { read open } for pid=4169 comm="syz.3.1262" path="/dev/binderfs/binder1" dev="binder" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 101.425626][ T4181] Restarting kernel threads ... done. [ 101.445512][ T4181] binder: Unknown parameter 'context@' [ 101.454978][ T36] audit: type=1400 audit(1750408498.730:13614): avc: denied { ioctl } for pid=4169 comm="syz.3.1262" path="/dev/binderfs/binder1" dev="binder" ino=29 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 101.481170][ T36] audit: type=1400 audit(1750408498.740:13615): avc: denied { read write } for pid=288 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 101.505518][ T36] audit: type=1400 audit(1750408498.740:13616): avc: denied { read write open } for pid=288 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 101.825334][ T4183] kvm: user requested TSC rate below hardware speed [ 101.935608][ T4185] binder: Unknown parameter 'smackfsfloor' [ 102.105992][ T4187] binder: Bad value for 'max' [ 102.289857][ T4196] rust_binder: Error while translating object. [ 102.289909][ T4196] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 102.305733][ T4196] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:957 [ 102.433286][ T4200] binder: Unknown parameter 'non' [ 102.449311][ T4202] rust_binder: Write failure EFAULT in pid:959 [ 102.586257][ T4206] rust_binder: Error while translating object. [ 102.622529][ T4200] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 102.624112][ T4206] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 102.674017][ T4206] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1013 [ 102.687762][ T4210] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1013 [ 103.023310][ T4216] SELinux: security_context_str_to_sid (dev/ttyS3) failed with errno=-22 [ 103.266801][ T4224] rust_binder: Error while translating object. [ 103.266841][ T4224] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 103.294973][ T4224] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1005 [ 103.305008][ T53] Bluetooth: hci0: command 0x1003 tx timeout [ 103.321436][ T1492] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 103.396242][ T4224] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 103.715011][ T4233] input: syz0 as /devices/virtual/input/input59 [ 103.833839][ T4233] input: syz0 as /devices/virtual/input/input60 [ 103.841691][ T4246] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:975 [ 103.842339][ T4246] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:975 [ 104.096983][ T4253] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 104.128470][ T4258] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 104.154836][ T4253] rust_binder: Error while translating object. [ 104.154872][ T4253] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 104.173302][ T4253] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:978 [ 104.216657][ T4262] rust_binder: Write failure EINVAL in pid:1024 [ 104.258443][ T4262] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.497695][ T4269] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:903 [ 104.577751][ T4273] kvm: vcpu 0: requested 16 ns lapic timer period limited to 200000 ns [ 104.604071][ T4273] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer. [ 104.964479][ T4296] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 105.004358][ T4295] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1027 [ 105.080261][ T4305] rust_binder: Write failure EINVAL in pid:1027 [ 105.488178][ T396] hid-generic 0000:0000:0000.0007: unknown main item tag 0x4 [ 105.508813][ T396] hid-generic 0000:0000:0000.0007: unknown main item tag 0x2 [ 105.520678][ T396] hid-generic 0000:0000:0000.0007: unknown main item tag 0x3 [ 105.535743][ T396] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 105.556720][ T4328] rust_binder: Write failure EFAULT in pid:1041 [ 105.577776][ T4329] random: crng reseeded on system resumption [ 105.668422][ T4330] fido_id[4330]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 105.703302][ T4333] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 105.713012][ T4333] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 105.755048][ T4333] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 105.756603][ T4333] rust_binder: Error in use_page_slow: ESRCH [ 105.774691][ T4329] __vm_enough_memory: pid: 4329, comm: syz.0.1311, bytes: 281474976845824 not enough memory for the allocation [ 105.782529][ T4333] rust_binder: use_range failure ESRCH [ 105.823436][ T4333] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 105.839346][ T4333] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 105.839710][ T4337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1044 [ 105.879534][ T4333] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1044 [ 105.916851][ T4337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1044 [ 105.951935][ T4333] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1044 [ 106.034855][ T4341] kernel profiling enabled (shift: 8) [ 106.065160][ T36] kauditd_printk_skb: 611 callbacks suppressed [ 106.065179][ T36] audit: type=1400 audit(1750408503.720:14228): avc: denied { read } for pid=4340 comm="syz.0.1314" name="binder1" dev="binder" ino=61 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 106.104066][ T36] audit: type=1400 audit(1750408503.720:14229): avc: denied { read open } for pid=4340 comm="syz.0.1314" path="/dev/binderfs/binder1" dev="binder" ino=61 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 106.153996][ T36] audit: type=1400 audit(1750408503.720:14230): avc: denied { ioctl } for pid=4340 comm="syz.0.1314" path="/dev/binderfs/binder1" dev="binder" ino=61 ioctlcmd=0x6208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 106.200764][ T4346] rust_binder: Got transaction with invalid offset. [ 106.200861][ T4346] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 106.207734][ T4346] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:933 [ 106.217291][ T36] audit: type=1400 audit(1750408503.730:14231): avc: denied { read } for pid=4338 comm="syz.1.1313" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 106.257073][ T36] audit: type=1400 audit(1750408503.730:14232): avc: denied { read open } for pid=4338 comm="syz.1.1313" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 106.283736][ T36] audit: type=1400 audit(1750408503.730:14233): avc: denied { compute_member } for pid=4338 comm="syz.1.1313" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 106.307821][ T36] audit: type=1400 audit(1750408503.730:14234): avc: denied { ioctl } for pid=4338 comm="syz.1.1313" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 106.346019][ T4348] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 106.370276][ T36] audit: type=1400 audit(1750408503.760:14235): avc: denied { mounton } for pid=4338 comm="syz.1.1313" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 106.402429][ T36] audit: type=1400 audit(1750408503.850:14236): avc: denied { read } for pid=4345 comm="syz.0.1315" name="binder0" dev="binder" ino=60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 106.447402][ T36] audit: type=1400 audit(1750408503.850:14237): avc: denied { read open } for pid=4345 comm="syz.0.1315" path="/dev/binderfs/binder0" dev="binder" ino=60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 106.964650][ T4380] input: syz0 as /devices/virtual/input/input62 [ 106.996330][ T4383] binder: Unknown parameter 'fscontext?}' [ 107.045525][ T4381] binder: Bad value for 'stats' [ 107.274555][ T4392] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 107.282881][ T4392] rust_binder: Error while translating object. [ 107.294016][ T4392] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 107.300278][ T4392] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1061 [ 107.432867][ T4397] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 107.521443][ T4398] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1063 [ 107.596969][ T4402] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 107.624044][ T4402] rust_binder: Write failure EINVAL in pid:1046 [ 107.738759][ T4409] kvm: kvm [4408]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 107.966255][ T4415] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:997 [ 108.164872][ T4423] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.180631][ T4423] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 108.222787][ T4427] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1055 [ 108.336585][ T4426] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 108.367788][ T4432] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.400899][ T4432] rust_binder: Error in use_page_slow: ESRCH [ 108.404811][ T4433] binder: Bad value for 'max' [ 108.415285][ T4432] rust_binder: use_range failure ESRCH [ 108.418183][ T4432] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 108.425137][ T4432] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 108.433177][ T4432] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1067 [ 108.767079][ T4450] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 108.860641][ T4450] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.875370][ T4450] rust_binder: Error while translating object. [ 108.892912][ T4450] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 108.895025][ T4448] input: syz1 as /devices/virtual/input/input63 [ 108.906747][ T4450] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1075 [ 109.290117][ T4462] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 109.299694][ T4462] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1067 [ 109.310157][ T4462] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 109.320035][ T4462] rust_binder: Read failure Err(EFAULT) in pid:1067 [ 109.467064][ T4465] random: crng reseeded on system resumption [ 109.521842][ T4470] binder: Unknown parameter 'processor : 0 [ 109.521842][ T4470] vendor_id : GenuineIntel [ 109.521842][ T4470] cpu family : 6 [ 109.521842][ T4470] model : 79 [ 109.521842][ T4470] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 109.521842][ T4470] stepping : 0 [ 109.521842][ T4470] microcode : 0xffffffff [ 109.521842][ T4470] cpu MHz : 2199.998 [ 109.521842][ T4470] cache size : 56320 KB [ 109.521842][ T4470] physical id : 0 [ 109.521842][ T4470] siblings : 2 [ 109.521842][ T4470] core id : 0 [ 109.521842][ T4470] cpu cores : 1 [ 109.521842][ T4470] apicid : 0 [ 109.521842][ T4470] initial apicid : 0 [ 109.521842][ T4470] fpu : yes [ 109.521842][ T4470] fpu_exception : yes [ 109.521842][ T4470] cpuid level : 13 [ 109.521842][ T4470] wp : yes [ 109.521842][ T4470] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 109.521842][ T4470] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 109.552043][ T4472] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:969 [ 109.710447][ T4468] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 109.754673][ T4468] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 109.774958][ T4468] rust_binder: Read failure Err(EFAULT) in pid:1069 [ 109.799926][ T4478] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:971 [ 109.811233][ T4476] rust_binder: Write failure EFAULT in pid:1069 [ 109.846262][ T4468] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 109.875234][ T4480] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 109.885225][ T4481] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 109.890044][ T4480] rust_binder: Read failure Err(EFAULT) in pid:1069 [ 109.934341][ T4469] SELinux: failed to load policy [ 110.122767][ T4498] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.130403][ T4500] rust_binder: Write failure EINVAL in pid:1076 [ 110.207692][ T4504] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.247807][ T4504] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 110.266078][ T4504] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 110.285099][ T4504] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1089 [ 110.302353][ T4509] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.319560][ T4510] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 110.329714][ T4510] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:982 [ 110.371019][ T4510] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:982 [ 110.396003][ T4515] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.419158][ T4515] rust_binder: Error while translating object. [ 110.430892][ T4517] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.433309][ T4515] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 110.449448][ T4517] rust_binder: Error while translating object. [ 110.455506][ T4515] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1084 [ 110.476042][ T4517] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 110.494878][ T4517] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1094 [ 110.654384][ T4523] rust_binder: Write failure EFAULT in pid:1088 [ 110.724174][ T4527] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.753634][ T4527] binder: Unknown parameter 'noninderfs/binder0' [ 110.780410][ T4527] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1014 [ 110.817358][ T4531] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.883333][ T4533] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.903601][ T4533] rust_binder: Error in use_page_slow: ESRCH [ 110.903867][ T4531] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 110.911603][ T4534] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 110.941865][ T4531] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1090 [ 110.945308][ T4533] rust_binder: use_range failure ESRCH [ 110.963408][ T4534] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 110.971612][ T4534] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1016 [ 111.003469][ T4533] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 111.028974][ T4533] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 111.057891][ T4533] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1016 [ 111.100246][ T36] kauditd_printk_skb: 749 callbacks suppressed [ 111.100267][ T36] audit: type=1400 audit(1750408508.750:14987): avc: denied { read } for pid=4535 comm="syz.2.1379" name="binder0" dev="binder" ino=43 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 111.102896][ T4540] rust_binder: Error while translating object. [ 111.111003][ T36] audit: type=1400 audit(1750408508.750:14988): avc: denied { read open } for pid=4535 comm="syz.2.1379" path="/dev/binderfs/binder0" dev="binder" ino=43 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 111.139316][ T4540] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 111.174051][ T4542] input: syz1 as /devices/virtual/input/input65 [ 111.227897][ T36] audit: type=1400 audit(1750408508.750:14989): avc: denied { ioctl } for pid=4535 comm="syz.2.1379" path="/dev/binderfs/binder0" dev="binder" ino=43 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 111.234037][ T4540] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1102 [ 111.255315][ T4543] binder: Bad value for 'stats' [ 111.285116][ T36] audit: type=1400 audit(1750408508.750:14990): avc: denied { call } for pid=4535 comm="syz.2.1379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 111.329350][ T36] audit: type=1400 audit(1750408508.750:14991): avc: denied { transfer } for pid=4535 comm="syz.2.1379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 111.361572][ T36] audit: type=1400 audit(1750408508.750:14992): avc: denied { transfer } for pid=4535 comm="syz.2.1379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 111.419704][ T36] audit: type=1400 audit(1750408508.820:14993): avc: denied { write } for pid=4541 comm="syz.1.1380" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 111.455876][ T4548] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 111.467941][ T4548] can0: slcan on ptm1. [ 111.475507][ T36] audit: type=1400 audit(1750408508.820:14994): avc: denied { write open } for pid=4541 comm="syz.1.1380" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 111.528448][ T4548] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 111.545166][ T36] audit: type=1400 audit(1750408508.820:14995): avc: denied { ioctl } for pid=4541 comm="syz.1.1380" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 111.554071][ T4548] rust_binder: Write failure EINVAL in pid:1106 [ 111.655928][ T4547] can0 (unregistered): slcan off ptm1. [ 111.661649][ T36] audit: type=1400 audit(1750408508.820:14996): avc: denied { ioctl } for pid=4541 comm="syz.1.1380" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 111.954845][ T4573] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1029 [ 112.036651][ T4580] rust_binder: Write failure EINVAL in pid:993 [ 112.062454][ T4583] rust_binder: Write failure EFAULT in pid:1100 [ 112.089384][ T4580] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:993 [ 112.233650][ T4590] rust_binder: Write failure EINVAL in pid:1102 [ 112.258936][ T4590] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 112.316858][ T4590] rust_binder: Error in use_page_slow: ESRCH [ 112.323328][ T4590] rust_binder: use_range failure ESRCH [ 112.354933][ T4590] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 112.362400][ T4590] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 112.394510][ T4590] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1102 [ 112.572637][ T4599] rust_binder: Write failure EINVAL in pid:1119 [ 112.796211][ T4605] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 112.801895][ T4605] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 112.822239][ T4605] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1121 [ 112.922551][ T4609] rust_binder: Error in use_page_slow: ESRCH [ 112.951711][ T4609] rust_binder: use_range failure ESRCH [ 112.971975][ T4609] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 112.982048][ T4609] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 113.003161][ T4609] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:996 [ 113.146909][ T4620] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 113.260849][ T4622] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 113.262627][ T4622] rust_binder: Error in use_page_slow: ESRCH [ 113.273340][ T4625] rust_binder: Write failure EFAULT in pid:1113 [ 113.276772][ T4622] rust_binder: use_range failure ESRCH [ 113.285695][ T4622] rust_binder: Failed to allocate buffer. len:4208, is_oneway:false [ 113.295809][ T4622] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 113.303852][ T4622] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1047 [ 113.466080][ T4629] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 113.486720][ T4629] rust_binder: Error in use_page_slow: ESRCH [ 113.493194][ T4629] rust_binder: use_range failure ESRCH [ 113.509483][ T4629] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 113.544026][ T4629] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 113.564027][ T4629] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1115 [ 113.570910][ T4631] input: syz0 as /devices/virtual/input/input67 [ 113.619206][ T4631] input: failed to attach handler leds to device input67, error: -6 [ 113.634826][ T4633] rust_binder: Error while translating object. [ 113.634856][ T4633] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 113.654552][ T4633] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1003 [ 113.760056][ T4637] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 113.836751][ T4637] rust_binder: Error while translating object. [ 113.903144][ T4637] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 113.934677][ T4637] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1124 [ 114.496040][ T4671] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 114.496897][ T4674] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 114.520657][ T4674] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1061 [ 114.557837][ T4665] input input69: cannot allocate more than FF_MAX_EFFECTS effects [ 114.618135][ T4681] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 114.705095][ T4684] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 114.724088][ T4684] rust_binder: Read failure Err(EFAULT) in pid:1063 [ 114.900818][ T4698] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 114.941208][ T4698] input: syz1 as /devices/virtual/input/input70 [ 114.944024][ T4700] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 114.984117][ T4698] rust_binder: Failed to allocate buffer. len:18446744073709551608, is_oneway:false [ 114.999744][ T4698] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 115.023980][ T4698] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1131 [ 115.080314][ T4698] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 115.383642][ T4715] rust_binder: Error in use_page_slow: ESRCH [ 115.383668][ T4715] rust_binder: use_range failure ESRCH [ 115.390175][ T4715] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 115.395909][ T4715] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 115.404045][ T4715] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1028 [ 115.466421][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.483993][ T4717] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 115.491424][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.501044][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.517950][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.534355][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.546785][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.562256][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.578479][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.588131][ T4721] rust_binder: Write failure EFAULT in pid:1066 [ 115.595191][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.603212][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.611223][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.618641][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.626081][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.632961][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.640637][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.664283][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.671078][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.690117][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.706400][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.713177][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.735461][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.754292][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.780591][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.804309][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.811106][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.831279][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.843446][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.858286][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.869492][ T4732] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.882944][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.904375][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.911173][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.924374][ T4718] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.926840][ T4732] rust_binder: Write failure EINVAL in pid:1144 [ 116.016858][ T4735] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 116.056431][ T4738] rust_binder: Write failure EINVAL in pid:1146 [ 116.073831][ T4739] rust_binder: Write failure EINVAL in pid:1146 [ 116.155364][ T36] kauditd_printk_skb: 886 callbacks suppressed [ 116.155382][ T36] audit: type=1400 audit(1750408513.810:15859): avc: denied { read write } for pid=4740 comm="syz.0.1440" name="binder0" dev="binder" ino=60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.212729][ T36] audit: type=1400 audit(1750408513.810:15860): avc: denied { read write open } for pid=4740 comm="syz.0.1440" path="/dev/binderfs/binder0" dev="binder" ino=60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.225356][ T4741] rust_binder: Read failure Err(EAGAIN) in pid:1036 [ 116.249396][ T4744] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 116.275193][ T4744] rust_binder: Write failure EINVAL in pid:1149 [ 116.277286][ T36] audit: type=1400 audit(1750408513.820:15861): avc: denied { map } for pid=4733 comm="syz.1.1437" path="/dev/binderfs/binder0" dev="binder" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.321289][ T36] audit: type=1400 audit(1750408513.820:15862): avc: denied { read } for pid=4733 comm="syz.1.1437" path="/dev/binderfs/binder0" dev="binder" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.366840][ T36] audit: type=1400 audit(1750408513.830:15863): avc: denied { read write } for pid=288 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 116.408900][ T4750] binder: Unknown parameter 'context' [ 116.444049][ T36] audit: type=1400 audit(1750408513.830:15864): avc: denied { read write open } for pid=288 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 116.528247][ T36] audit: type=1400 audit(1750408513.830:15865): avc: denied { ioctl } for pid=288 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 116.594003][ T36] audit: type=1400 audit(1750408513.840:15866): avc: denied { ioctl } for pid=4733 comm="syz.1.1437" path="/dev/binderfs/binder0" dev="binder" ino=49 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.608724][ T290] audit: audit_backlog=65 > audit_backlog_limit=64 [ 116.636486][ T36] audit: type=1400 audit(1750408513.840:15867): avc: denied { read write } for pid=4740 comm="syz.0.1440" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 116.706830][ T4758] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 116.721124][ T4761] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 116.789346][ T4765] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1070 [ 116.832526][ T4764] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 116.905135][ T4762] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 116.943096][ T4772] input: syz0 as /devices/virtual/input/input71 [ 117.230081][ T4779] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 117.230109][ T4779] rust_binder: Error while translating object. [ 117.244042][ T4779] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 117.250254][ T4779] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1050 [ 117.337236][ T4783] input: syz0 as /devices/virtual/input/input72 [ 117.372182][ T4783] input: failed to attach handler leds to device input72, error: -6 [ 117.404025][ T4785] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 117.404051][ T4785] rust_binder: Read failure Err(EFAULT) in pid:1052 [ 117.478133][ T4788] rust_binder: Write failure EINVAL in pid:1159 [ 117.554803][ T4791] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 200, size: 75) [ 117.561221][ T4791] rust_binder: Error while translating object. [ 117.564982][ T4783] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1074 [ 117.571913][ T4791] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 117.624094][ T4791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1161 [ 117.727062][ T4794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1055 [ 117.764614][ T4794] rust_binder: Write failure EINVAL in pid:1055 [ 118.620849][ T4818] rust_binder: Error while translating object. [ 118.634000][ T4818] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 118.640222][ T4818] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1173 [ 118.811118][ T4822] SELinux: security_context_str_to_sid () failed with errno=-22 [ 118.904034][ T1492] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 119.050907][ T4826] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 119.050949][ T4826] rust_binder: Error in use_page_slow: EBUSY [ 119.073800][ T4826] rust_binder: use_range failure EBUSY [ 119.079920][ T4830] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1177 [ 119.092550][ T4826] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 119.102690][ T4824] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 119.116267][ T4824] rust_binder: Error in use_page_slow: EBUSY [ 119.129211][ T4826] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 119.137082][ T4826] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 119.146532][ T4824] rust_binder: use_range failure EBUSY [ 119.158745][ T4824] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 119.164628][ T4824] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 119.172934][ T4824] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 119.183816][ T4826] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:1160 [ 119.196867][ T4824] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:1177 [ 119.228457][ T4832] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1082 [ 119.244983][ T4831] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 119.255305][ T4831] rust_binder: Error in use_page_slow: EBUSY [ 119.267122][ T4831] rust_binder: use_range failure EBUSY [ 119.273143][ T4831] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 119.279993][ T4831] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 119.288982][ T4831] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 119.304339][ T4834] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1163 [ 119.326084][ T4831] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:1082 [ 119.454473][ T4840] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1165 [ 119.482552][ T4840] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1165 [ 120.103976][ T4809] Bluetooth: hci1: command 0x1003 tx timeout [ 120.103996][ T53] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 120.226406][ T4861] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 120.470300][ T4870] deleting an unspecified loop device is not supported. [ 120.488168][ T4873] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 120.504419][ T4870] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 120.627131][ T4877] rust_binder: Error while translating object. [ 120.664905][ T4877] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 120.684526][ T4879] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 120.694051][ T4877] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1173 [ 120.703775][ T4879] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1070 [ 121.037420][ T4899] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1076 [ 121.042394][ T4896] binder: Unknown parameter 'nXIv/kvm' [ 121.172853][ T36] kauditd_printk_skb: 878 callbacks suppressed [ 121.172872][ T36] audit: type=1400 audit(1750408518.820:16717): avc: denied { read write } for pid=291 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 121.249713][ T36] audit: type=1400 audit(1750408518.820:16718): avc: denied { read write open } for pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 121.303396][ T4906] rust_binder: Error while translating object. [ 121.303440][ T4906] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 121.310262][ T36] audit: type=1400 audit(1750408518.820:16719): avc: denied { ioctl } for pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 121.322319][ T4911] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 121.358019][ T4906] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1199 [ 121.375954][ T4911] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1108 [ 121.382204][ T36] audit: type=1400 audit(1750408518.860:16720): avc: denied { read } for pid=4902 comm="syz.0.1496" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 121.418526][ T36] audit: type=1400 audit(1750408518.860:16721): avc: denied { read open } for pid=4902 comm="syz.0.1496" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 121.465831][ T4913] random: crng reseeded on system resumption [ 121.473985][ T36] audit: type=1400 audit(1750408518.860:16722): avc: denied { ioctl } for pid=4902 comm="syz.0.1496" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 121.516507][ T4915] rust_binder: Write failure EINVAL in pid:1108 [ 121.524392][ T36] audit: type=1400 audit(1750408518.870:16723): avc: denied { read } for pid=4904 comm="syz.2.1495" name="binder0" dev="binder" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 121.594113][ T36] audit: type=1400 audit(1750408518.870:16724): avc: denied { read open } for pid=4904 comm="syz.2.1495" path="/dev/binderfs/binder0" dev="binder" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 121.620998][ T36] audit: type=1400 audit(1750408518.880:16725): avc: denied { read } for pid=4904 comm="syz.2.1495" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 121.647052][ T4913] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1084 [ 121.660251][ T36] audit: type=1400 audit(1750408518.880:16726): avc: denied { read open } for pid=4904 comm="syz.2.1495" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 121.789874][ T4921] rust_binder: Write failure EFAULT in pid:1087 [ 121.968901][ T4926] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1089 [ 121.992343][ T4926] rust_binder: Write failure EINVAL in pid:1089 [ 122.025011][ T4926] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1089 [ 122.099560][ T4935] rust_binder: Write failure EFAULT in pid:1183 [ 122.142000][ T4935] binder: Bad value for 'stats' [ 122.142012][ T4937] binder: Bad value for 'stats' [ 122.434622][ T4947] binder: Unknown parameter 'obj_type' [ 122.555621][ T4945] rust_binder: Error while translating object. [ 122.555656][ T4945] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 122.561869][ T4945] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1186 [ 122.617554][ T4953] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 122.637662][ T4953] rust_binder: Read failure Err(EAGAIN) in pid:1122 [ 122.644426][ T4953] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1122 [ 122.651841][ T4953] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1122 [ 122.853792][ T4960] rust_binder: Write failure EFAULT in pid:1096 [ 123.064333][ T4967] binder: Bad value for 'max' [ 123.095235][ T4969] binder: Bad value for 'defcontext' [ 123.126563][ T4973] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 123.138444][ T4975] rust_binder: Write failure EFAULT in pid:1192 [ 123.156730][ T4975] rust_binder: Write failure EFAULT in pid:1192 [ 123.208300][ T4980] binder: Unknown parameter 'context' [ 123.418368][ T4989] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.581747][ T4997] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.596953][ T4997] rust_binder: Write failure EINVAL in pid:1108 [ 123.817124][ T5003] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1110 [ 123.955169][ T5016] binder: Bad value for 'stats' [ 124.515653][ T5032] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 124.534283][ T5032] rust_binder: Write failure EINVAL in pid:1218 [ 124.574815][ T5036] rust_binder: Write failure EFAULT in pid:1138 [ 124.762627][ T5045] can0: slcan on ptm0. [ 124.816406][ T5047] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 124.816430][ T5047] rust_binder: Read failure Err(EFAULT) in pid:1226 [ 124.928775][ T5051] rust_binder: Error in use_page_slow: ESRCH [ 124.944000][ T5051] rust_binder: use_range failure ESRCH [ 124.996870][ T5051] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 125.018380][ T5051] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 125.061745][ T5051] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1141 [ 125.184790][ T5040] can0 (unregistered): slcan off ptm0. [ 125.539972][ T5072] rust_binder: Write failure EINVAL in pid:1144 [ 125.624976][ T5085] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 125.625006][ T5085] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 125.649004][ T5085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1232 [ 126.038935][ T5106] rust_binder: Write failure EFAULT in pid:1234 [ 126.106107][ T5107] rust_binder: Failed to allocate buffer. len:120, is_oneway:true [ 126.189151][ T36] kauditd_printk_skb: 1060 callbacks suppressed [ 126.189170][ T36] audit: type=1400 audit(1750408523.840:17787): avc: denied { search } for pid=5111 comm="rm" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 126.235114][ T36] audit: type=1400 audit(1750408523.860:17788): avc: denied { read } for pid=5113 comm="syz.3.1563" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 126.278468][ T5118] rust_binder: Write failure EINVAL in pid:1236 [ 126.298471][ T36] audit: type=1400 audit(1750408523.860:17789): avc: denied { read open } for pid=5113 comm="syz.3.1563" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 126.336694][ T5118] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 126.339145][ T5118] rust_binder: Write failure EINVAL in pid:1236 [ 126.387653][ T36] audit: type=1400 audit(1750408523.860:17790): avc: denied { ioctl } for pid=5113 comm="syz.3.1563" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 126.421061][ T5120] audit: audit_backlog=65 > audit_backlog_limit=64 [ 126.432620][ T5122] audit: audit_backlog=65 > audit_backlog_limit=64 [ 126.447982][ T5120] audit: audit_lost=77 audit_rate_limit=0 audit_backlog_limit=64 [ 126.449226][ T5124] audit: audit_backlog=65 > audit_backlog_limit=64 [ 126.462365][ T5124] audit: audit_lost=78 audit_rate_limit=0 audit_backlog_limit=64 [ 126.466097][ T5122] audit: audit_lost=79 audit_rate_limit=0 audit_backlog_limit=64 [ 126.625234][ T5124] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1241 [ 126.655063][ T5124] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1241 [ 126.731158][ T5136] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 126.806988][ T5143] can0: slcan on ptm0. [ 126.926539][ T5142] can0 (unregistered): slcan off ptm0. [ 127.019433][ T5148] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 127.078064][ T5148] rust_binder: Write failure EINVAL in pid:1245 [ 127.085407][ T5148] rust_binder: Write failure EINVAL in pid:1245 [ 127.285126][ T5160] rust_binder: Error while translating object. [ 127.285172][ T5160] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 127.313998][ T5160] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1169 [ 127.475490][ T5169] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1249 [ 127.674367][ T5180] binder: Bad value for 'stats' [ 127.797478][ T5190] binder: Unknown parameter 'con6K' [ 127.909963][ T5195] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1255 [ 128.460424][ T5216] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 128.480461][ T5216] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1155 [ 128.500579][ T5216] rust_binder: Write failure EFAULT in pid:1155 [ 128.516752][ T5214] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1261 [ 128.540395][ T5214] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 128.563462][ T5214] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1261 [ 128.600698][ T5214] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 128.621345][ T5214] rust_binder: Read failure Err(EFAULT) in pid:1261 [ 128.789475][ T5228] rust_binder: Got transaction with invalid offset. [ 128.796241][ T5228] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 128.802916][ T5228] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1157 [ 129.029786][ T5236] tap0: tun_chr_ioctl cmd 1074025677 [ 129.074041][ T5236] tap0: linktype set to 776 [ 129.096991][ T5236] rust_binder: Write failure EFAULT in pid:1266 [ 129.361617][ T5246] binder: Bad value for 'max' [ 129.405930][ T5249] binder: Unknown parameter 'nXI' [ 129.445574][ T5247] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 129.447694][ T5249] syz.0.1602 (5249) used obsolete PPPIOCDETACH ioctl [ 129.505068][ T5247] random: crng reseeded on system resumption [ 129.726062][ T5259] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 129.753733][ T5256] kvm: user requested TSC rate below hardware speed [ 129.878962][ T5267] rust_binder: Error while translating object. [ 129.879010][ T5267] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 129.893998][ T5267] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1278 [ 129.949023][ T5267] KVM: debugfs: duplicate directory 5267-6 [ 130.306875][ T5283] binder: Bad value for 'stats' [ 130.560499][ T5292] rust_binder: Write failure EFAULT in pid:1287 [ 130.732570][ T388] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 130.765794][ T388] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 130.824019][ T5301] rust_binder: Write failure EINVAL in pid:1291 [ 130.825235][ T5300] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 130.840271][ T5300] rust_binder: Read failure Err(EFAULT) in pid:1291 [ 130.891028][ T5297] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 130.917375][ T5297] rust_binder: Error while translating object. [ 130.930576][ T5297] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 130.937599][ T5297] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1273 [ 131.205462][ T36] kauditd_printk_skb: 1196 callbacks suppressed [ 131.205483][ T36] audit: type=1400 audit(1750408528.860:18825): avc: denied { read append } for pid=5315 comm="syz.0.1623" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 131.298587][ T5310] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 131.319949][ T36] audit: type=1400 audit(1750408528.860:18826): avc: denied { read open } for pid=5315 comm="syz.0.1623" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 131.368745][ T36] audit: type=1400 audit(1750408528.860:18827): avc: denied { ioctl } for pid=5315 comm="syz.0.1623" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 131.399705][ T5323] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1183 [ 131.438031][ T36] audit: type=1400 audit(1750408528.920:18828): avc: denied { read } for pid=5320 comm="syz.2.1624" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 131.479352][ T36] audit: type=1400 audit(1750408528.920:18829): avc: denied { read open } for pid=5320 comm="syz.2.1624" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 131.504691][ T36] audit: type=1400 audit(1750408528.930:18830): avc: denied { read } for pid=5320 comm="syz.2.1624" name="binder0" dev="binder" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 131.565308][ T36] audit: type=1400 audit(1750408528.930:18831): avc: denied { read open } for pid=5320 comm="syz.2.1624" path="/dev/binderfs/binder0" dev="binder" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 131.610290][ T36] audit: type=1400 audit(1750408528.930:18832): avc: denied { read write } for pid=289 comm="syz-executor" name="loop0" dev="devtmpfs" ino=490 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 131.648416][ T5327] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 131.657050][ T36] audit: type=1400 audit(1750408528.930:18833): avc: denied { read write open } for pid=289 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=490 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 131.662769][ T5327] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 131.663524][ T36] audit: type=1400 audit(1750408528.940:18834): avc: denied { ioctl } for pid=5320 comm="syz.2.1624" path="/dev/binderfs/binder0" dev="binder" ino=69 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 131.865979][ T5336] binder: Unknown parameter 'nXI' [ 132.014438][ T5340] rust_binder: Write failure EFAULT in pid:1190 [ 132.308499][ T5351] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 132.354035][ T5351] rust_binder: Error while translating object. [ 132.424063][ T5351] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 132.467498][ T5351] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1195 [ 132.874778][ T5374] rust_binder: Write failure EINVAL in pid:1200 [ 133.102635][ T5381] binder: Unknown parameter 'ma' [ 133.239697][ T5383] SELinux: failed to load policy [ 133.248522][ T5383] rust_binder: Write failure EINVAL in pid:1199 [ 133.283791][ T5385] rust_binder: Error in use_page_slow: ESRCH [ 133.344589][ T5385] rust_binder: use_range failure ESRCH [ 133.352246][ T5385] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 133.381081][ T5385] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 133.414594][ T5385] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1207 [ 133.586461][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.615201][ T5407] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 133.624632][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.632404][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.658104][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.683986][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.705447][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.713234][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.729652][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.737471][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.745682][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.753442][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.761240][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.769247][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.784717][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.792491][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.801810][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.810158][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.835734][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.843563][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.851855][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.868070][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.882653][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.898935][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.906777][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.922595][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.930643][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.938455][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.947258][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.955058][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.963452][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.972865][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.980881][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.989029][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 133.996921][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.004907][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.013263][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.021251][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.029285][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.037117][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.045114][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.054015][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.062018][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.070653][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.079305][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.097489][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.108015][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.115182][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.117095][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.123958][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.134354][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.143240][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.150879][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.162202][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.165799][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.168091][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.172528][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.183411][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.187173][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.198079][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.201212][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.211385][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.215563][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.236508][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.237202][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.244926][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.251717][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.252915][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.260302][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.266953][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.274054][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.279137][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.288285][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.293895][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.304229][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.307468][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.317274][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.329115][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.329149][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.337830][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.352331][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.360091][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.364032][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.368386][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.380834][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.382245][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.387793][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.396614][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.406379][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.425791][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.433569][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.435176][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.441610][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.446260][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.448120][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.460128][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.465194][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.470648][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.477773][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.484826][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.491979][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.499284][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.513676][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.530256][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.538215][ T5436] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 134.539694][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.546422][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.554840][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.557840][ T5436] __vm_enough_memory: pid: 5436, comm: syz.2.1661, bytes: 281474976845824 not enough memory for the allocation [ 134.569779][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.581011][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.589631][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.590328][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.609826][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.616974][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.624373][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.631759][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.632528][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.645241][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.653707][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.662283][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.668962][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.676561][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.683252][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.689761][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.694353][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.696373][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.704977][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.710683][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.723520][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.732331][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.732750][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.739872][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.747263][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.754158][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.761423][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.768186][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.775651][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.782327][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.789836][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.796553][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.817773][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.818020][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.825699][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.832352][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.839032][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.853261][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.861386][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.861700][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.868571][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.875154][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.884495][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.889478][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.896369][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.903699][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.919328][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.919663][ T5430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.926180][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.954523][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.962304][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.980790][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 134.982739][ T5444] : tun_chr_ioctl cmd 1074025675 [ 135.001365][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.010039][ T5444] : persist disabled [ 135.014013][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.018773][ T5443] : tun_chr_ioctl cmd 1074025675 [ 135.026160][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.034538][ T5443] : persist disabled [ 135.040971][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.045142][ T5451] __vm_enough_memory: pid: 5451, comm: syz.3.1665, bytes: 281474976845824 not enough memory for the allocation [ 135.060500][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.084128][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.092041][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.105101][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.112883][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.130651][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.138508][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.147424][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.156460][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.165103][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.172870][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.185352][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.193981][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.201945][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.210175][ T5457] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 135.217875][ T5458] rust_binder: Write failure EFAULT in pid:1218 [ 135.218913][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.224011][ T5457] rust_binder: Write failure EINVAL in pid:1301 [ 135.227247][ T5458] rust_binder: got new transaction with bad transaction stack [ 135.239226][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.261521][ T5458] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1218 [ 135.269310][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.288677][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.298791][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.308031][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.316385][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.339572][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.349024][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.364099][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.371938][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.380968][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.401313][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.409141][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.416971][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.425401][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.433181][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.440978][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.448767][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.456528][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.464323][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.472055][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.489009][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.496828][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.506031][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.513800][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.521821][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.529617][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.537502][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.545587][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.555606][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.588395][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.596336][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.604134][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.611925][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.620735][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.629064][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.647262][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.663127][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.672132][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.683460][ T5479] rust_binder: Write failure EINVAL in pid:1226 [ 135.687218][ T396] hid-generic 0008:0000:FFFFFBFF.0009: unknown main item tag 0x0 [ 135.688212][ T5478] SELinux: ebitmap: truncated map [ 135.705276][ T396] hid-generic 0008:0000:FFFFFBFF.0009: hidraw0: HID v9.86 Device [syz0] on syz1 [ 135.747687][ T5478] SELinux: failed to load policy [ 136.213300][ T5514] SELinux: security_context_str_to_sid () failed with errno=-22 [ 136.222905][ T36] kauditd_printk_skb: 883 callbacks suppressed [ 136.222924][ T36] audit: type=1400 audit(1750408533.870:19712): avc: denied { ioctl } for pid=5511 comm="syz.0.1682" path="/dev/binderfs/binder1" dev="binder" ino=61 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 136.222924][ T5512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1249 [ 136.247680][ T36] audit: type=1400 audit(1750408533.880:19713): avc: denied { read write } for pid=290 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 136.286115][ T5512] rust_binder: Error while translating object. [ 136.289183][ T5512] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 136.301975][ T5512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1249 [ 136.351679][ T36] audit: type=1400 audit(1750408533.940:19714): avc: denied { ioctl } for pid=5511 comm="syz.0.1682" path="/dev/binderfs/binder0" dev="binder" ino=60 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 136.451484][ T36] audit: type=1400 audit(1750408533.940:19715): avc: denied { call } for pid=5511 comm="syz.0.1682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 136.486368][ T36] audit: type=1400 audit(1750408533.940:19716): avc: denied { transfer } for pid=5511 comm="syz.0.1682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 136.504344][ T5527] rust_binder: Write failure EINVAL in pid:1251 [ 136.513063][ T5529] audit: audit_backlog=65 > audit_backlog_limit=64 [ 136.526585][ T5527] audit: audit_backlog=65 > audit_backlog_limit=64 [ 136.532531][ T36] audit: type=1400 audit(1750408533.940:19717): avc: denied { read write open } for pid=290 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 136.558031][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 136.558048][ T288] audit: audit_lost=135 audit_rate_limit=0 audit_backlog_limit=64 [ 136.565129][ T5527] rust_binder: Write failure EINVAL in pid:1251 [ 136.594168][ T5529] random: crng reseeded on system resumption [ 136.744698][ T5540] rust_binder: Write failure EINVAL in pid:1253 [ 136.889348][ T5548] binder: Unknown parameter ': 2199.998 [ 136.889348][ T5548] cache size : 56320 KB [ 136.889348][ T5548] physical id : 0 [ 136.889348][ T5548] siblings : 2 [ 136.889348][ T5548] core id : 0 [ 136.889348][ T5548] cpu cores : 1 [ 136.889348][ T5548] apicid : 0 [ 136.889348][ T5548] initial apicid : 0 [ 136.889348][ T5548] fpu : yes [ 136.889348][ T5548] fpu_exception : yes [ 136.889348][ T5548] cpuid level : 13 [ 136.889348][ T5548] wp : yes [ 136.889348][ T5548] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 136.889348][ T5548] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapic_reg vid shadow_vmcs [ 136.889348][ T5548] bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa mmio_stale_data retbleed bhi [ 136.889348][ T5548] bogomips : 4399.99 [ 136.889348][ T5548] clfl [ 137.214383][ T5561] kvm: kvm [5560]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0xffffffffffff6253 [ 137.509417][ T5572] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 137.524796][ T5580] rust_binder: Failed to allocate buffer. len:128, is_oneway:true [ 137.544646][ T5576] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 137.603987][ T5576] SELinux: failed to load policy [ 137.631379][ T5584] rust_binder: Failed to allocate buffer. len:88, is_oneway:false [ 137.656128][ T5585] rust_binder: Error while translating object. [ 137.664206][ T5585] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 137.670510][ T5585] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1336 [ 138.151068][ T5601] fido_id[5601]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 138.570851][ T5632] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 138.657468][ T5632] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 138.675504][ T5632] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 138.710995][ T5632] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1272 [ 138.784214][ T5632] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 138.833463][ T5632] rust_binder: Error while translating object. [ 138.853984][ T5632] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 138.860211][ T5632] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1272 [ 138.962142][ T5639] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 139.212159][ T5642] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 139.635923][ T5660] binder: Bad value for 'stats' [ 139.670111][ T5660] input: syz1 as /devices/virtual/input/input77 [ 139.804593][ T5662] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 140.417369][ T305] Bluetooth: hci0: Frame reassembly failed (-84) [ 140.606371][ T5690] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1292 [ 140.623917][ T5691] binder: Unknown parameter 'fscontext?}' [ 140.805335][ T5699] rust_binder: Write failure EINVAL in pid:1292 [ 140.974698][ T5701] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 140.981011][ T5701] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1368 [ 140.997751][ T5706] rust_binder: Error while translating object. [ 141.034037][ T5706] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 141.053404][ T5706] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1261 [ 141.224496][ T36] kauditd_printk_skb: 830 callbacks suppressed [ 141.224516][ T36] audit: type=1400 audit(1750408538.870:20519): avc: denied { read } for pid=5715 comm="syz.2.1743" name="binder0" dev="binder" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 141.298045][ T5717] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1374 [ 141.334052][ T36] audit: type=1400 audit(1750408538.870:20520): avc: denied { read open } for pid=5715 comm="syz.2.1743" path="/dev/binderfs/binder0" dev="binder" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 141.428626][ T5724] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1265 [ 141.429144][ T5724] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1265 [ 141.434317][ T36] audit: type=1400 audit(1750408538.920:20521): avc: denied { read write } for pid=290 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 141.473882][ T36] audit: type=1400 audit(1750408538.920:20522): avc: denied { read write open } for pid=290 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 141.506241][ T36] audit: type=1400 audit(1750408538.920:20523): avc: denied { ioctl } for pid=290 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 141.554471][ T36] audit: type=1400 audit(1750408538.950:20524): avc: denied { ioctl } for pid=5715 comm="syz.2.1743" path="/dev/binderfs/binder0" dev="binder" ino=75 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 141.637257][ T36] audit: type=1400 audit(1750408538.950:20525): avc: denied { set_context_mgr } for pid=5715 comm="syz.2.1743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 141.679413][ T36] audit: type=1400 audit(1750408538.950:20526): avc: denied { ioctl } for pid=5715 comm="syz.2.1743" path="/dev/binderfs/binder0" dev="binder" ino=75 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 141.747217][ T5730] audit: audit_backlog=65 > audit_backlog_limit=64 [ 141.755540][ T5733] audit: audit_backlog=65 > audit_backlog_limit=64 [ 141.872442][ T5736] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1296 [ 141.999369][ T5742] binder: Unknown parameter '8@VKȷ}Oc&~qq5NVu{ N\ilgApSYVZ3`nXHYHJf%]ŸE8?tp 3;)0Pr4}L.㭂¦EׄUHwYif AP!`ہ5~sc4eTt(K Z15EP8_MMg2ǏJ@5P' [ 142.156050][ T5745] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 142.156078][ T5745] rust_binder: Error while translating object. [ 142.205710][ T5745] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 142.223728][ T5745] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1274 [ 142.327013][ T5751] binder: Bad value for 'max' [ 142.341338][ T5752] binder: Bad value for 'max' [ 142.424050][ T4809] Bluetooth: hci0: command 0x1003 tx timeout [ 142.430306][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 142.578056][ T5759] binder: Bad value for 'stats' [ 142.621686][ T5761] binder: Bad value for 'stats' [ 143.807583][ T5810] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 143.807626][ T5810] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1315 [ 143.815822][ T5817] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1286 [ 144.215165][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.232564][ T5832] rust_binder: Error in use_page_slow: ESRCH [ 144.232588][ T5832] rust_binder: use_range failure ESRCH [ 144.244979][ T5832] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false [ 144.245004][ T5832] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 144.253547][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.278595][ T5832] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1319 [ 144.279649][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.342191][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.342498][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.367710][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.368014][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.385285][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.385625][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.423594][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.423902][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.470498][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.470824][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.491765][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.492063][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.523398][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.523706][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.558509][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.558832][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.621858][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.622168][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.660307][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.660949][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.681883][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.682201][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.696677][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.710035][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.723406][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.731083][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.769588][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.769927][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.795873][ T5831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 145.110043][ T5855] rust_binder: Write failure EINVAL in pid:1290 [ 145.179467][ T5859] SELinux: ebitmap: truncated map [ 145.224855][ T5859] SELinux: failed to load policy [ 145.324987][ T5862] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1293 [ 145.329985][ T5862] rust_binder: Write failure EINVAL in pid:1293 [ 145.514104][ T5869] SELinux: policydb version 1880923147 does not match my version range 15-33 [ 145.526911][ T5866] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 145.529257][ T5866] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 145.543995][ T5869] SELinux: failed to load policy [ 145.549095][ T5866] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 145.755871][ T5888] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1421 [ 146.206047][ T5909] kvm: kvm [5906]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff [ 146.225245][ T5909] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 146.225288][ T5909] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1334 [ 146.236502][ T36] kauditd_printk_skb: 953 callbacks suppressed [ 146.236520][ T36] audit: type=1400 audit(1750408543.890:21443): avc: denied { ioctl } for pid=5911 comm="syz.1.1804" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 146.318747][ T291] audit: audit_backlog=65 > audit_backlog_limit=64 [ 146.343972][ T36] audit: type=1400 audit(1750408543.900:21444): avc: denied { read } for pid=5911 comm="syz.1.1804" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 146.374160][ T291] audit: audit_lost=159 audit_rate_limit=0 audit_backlog_limit=64 [ 146.382004][ T291] audit: backlog limit exceeded [ 146.388782][ T5912] audit: audit_backlog=65 > audit_backlog_limit=64 [ 146.399996][ T5912] audit: audit_lost=160 audit_rate_limit=0 audit_backlog_limit=64 [ 146.411325][ T291] audit: audit_backlog=65 > audit_backlog_limit=64 [ 146.417910][ T5912] audit: backlog limit exceeded [ 146.424454][ T36] audit: type=1400 audit(1750408543.900:21445): avc: denied { read open } for pid=5911 comm="syz.1.1804" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 146.597476][ T5915] rust_binder: Error while translating object. [ 146.597515][ T5915] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 146.603720][ T5915] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1336 [ 146.764372][ T5918] SELinux: policydb magic number 0x800 does not match expected magic number 0xf97cff8c [ 146.796175][ T5918] SELinux: failed to load policy [ 147.591190][ T5949] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1345 [ 147.660530][ T5954] input input83: cannot allocate more than FF_MAX_EFFECTS effects [ 147.848427][ T5966] rust_binder: Write failure EFAULT in pid:1354 [ 147.905295][ T5965] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false [ 147.933247][ T5965] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 147.996415][ T5965] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1440 [ 148.008693][ T5971] binder: Unknown parameter 'defcontext01777777777777777777777' [ 148.462933][ T5985] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 148.462960][ T5985] rust_binder: Error while translating object. [ 148.488926][ T5983] rust_binder: Error while translating object. [ 148.495285][ T5985] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 148.524302][ T5983] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 148.534678][ T5985] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1362 [ 148.562532][ T5983] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1443 [ 148.753428][ T6000] binder: Unknown parameter 'fowner' [ 148.789403][ T5997] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 148.789437][ T5997] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1365 [ 148.984994][ T6010] SELinux: ebitmap: truncated map [ 148.992219][ T6007] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (16 ns). Using initial count to start timer. [ 149.033112][ T6010] SELinux: failed to load policy [ 149.964894][ T292] bridge_slave_1: left allmulticast mode [ 149.974018][ T292] bridge_slave_1: left promiscuous mode [ 149.979690][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.012716][ T292] bridge_slave_0: left allmulticast mode [ 150.032650][ T292] bridge_slave_0: left promiscuous mode [ 150.044095][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.135024][ T6055] rust_binder: Write failure EINVAL in pid:1468 [ 150.356371][ T292] veth1_macvtap: left promiscuous mode [ 150.381654][ T292] veth0_vlan: left promiscuous mode [ 150.388642][ T6063] input: syz1 as /devices/virtual/input/input85 [ 150.457066][ T6072] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 150.486201][ T6072] rust_binder: Write failure EINVAL in pid:1473 [ 150.745343][ T6060] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.782907][ T6060] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.802019][ T6060] bridge_slave_0: entered allmulticast mode [ 150.831840][ T6060] bridge_slave_0: entered promiscuous mode [ 150.859101][ T6060] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.873125][ T6060] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.902215][ T6060] bridge_slave_1: entered allmulticast mode [ 150.945869][ T6060] bridge_slave_1: entered promiscuous mode [ 150.994306][ T6097] binder: Bad value for 'stats' [ 151.244312][ T36] kauditd_printk_skb: 2755 callbacks suppressed [ 151.244329][ T36] audit: type=1400 audit(1750408548.900:23995): avc: denied { ioctl } for pid=6103 comm="syz.0.1862" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 151.260346][ T6060] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.283203][ T6060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.290537][ T6060] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.297614][ T6060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.318539][ T6105] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 151.331673][ T6107] random: crng reseeded on system resumption [ 151.344097][ T36] audit: type=1400 audit(1750408548.930:23996): avc: denied { read write } for pid=6102 comm="syz.2.1864" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 151.400960][ T6105] block device autoloading is deprecated and will be removed. [ 151.424999][ T36] audit: type=1400 audit(1750408548.930:23997): avc: denied { read write open } for pid=6102 comm="syz.2.1864" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 151.493052][ T6107] Restarting kernel threads ... done. [ 151.509757][ T36] audit: type=1400 audit(1750408548.940:23998): avc: denied { ioctl } for pid=6102 comm="syz.2.1864" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 151.603958][ T36] audit: type=1400 audit(1750408548.970:23999): avc: denied { ioctl } for pid=6102 comm="syz.2.1864" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 151.644382][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.652267][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.684851][ T36] audit: type=1400 audit(1750408548.970:24000): avc: denied { ioctl } for pid=6103 comm="syz.0.1862" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 151.744476][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.751556][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.778021][ T36] audit: type=1400 audit(1750408548.980:24001): avc: denied { write } for pid=6104 comm="syz.1.1863" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 151.824931][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.832027][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.881695][ T36] audit: type=1400 audit(1750408548.980:24002): avc: denied { write open } for pid=6104 comm="syz.1.1863" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 151.887994][ T6123] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 151.972773][ T6060] audit: audit_backlog=65 > audit_backlog_limit=64 [ 151.979457][ T36] audit: type=1400 audit(1750408549.000:24003): avc: denied { read append } for pid=6103 comm="syz.0.1862" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 152.052914][ T6132] rust_binder: Write failure EFAULT in pid:1489 [ 152.094979][ T6060] veth0_vlan: entered promiscuous mode [ 152.227295][ T6060] veth1_macvtap: entered promiscuous mode [ 152.435280][ T6144] input: syz1 as /devices/virtual/input/input86 [ 152.607250][ T6151] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 152.695349][ T6156] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 152.705097][ T6159] rust_binder: Write failure EINVAL in pid:1498 [ 152.714664][ T6156] rust_binder: Failed to allocate buffer. len:4615172634223575152, is_oneway:false [ 152.742887][ T6156] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 152.763988][ T6156] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1498 [ 152.937475][ T6174] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 152.986028][ T6165] Restarting kernel threads ... [ 153.027170][ T6171] SELinux: failed to load policy [ 153.081024][ T6165] done. [ 153.377598][ T6186] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:11 [ 153.493369][ T6182] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 153.534293][ T6182] rust_binder: Write failure EFAULT in pid:1507 [ 154.204293][ T6211] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 154.493212][ T309] hid-generic 0000:0001:0000.000A: item fetching failed at offset 0/1 [ 154.513539][ T309] hid-generic 0000:0001:0000.000A: probe with driver hid-generic failed with error -22 [ 154.589848][ T6223] kvm: kvm [6222]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x200000000400 [ 154.629069][ T6223] rust_binder: Write failure EFAULT in pid:1517 [ 154.844166][ T6230] binder: Unknown parameter 'coyBLV"i5ntext' [ 154.885376][ T6232] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 154.885838][ T6232] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1519 [ 155.434016][ T6252] rust_binder: Error while translating object. [ 155.434052][ T6252] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 155.446071][ T6254] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 155.454017][ T6252] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:27 [ 156.004942][ T6283] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 156.055127][ T6282] rust_binder: Write failure EINVAL in pid:37 [ 156.094098][ T6283] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 156.106390][ T6285] rust_binder: Write failure EINVAL in pid:1596 [ 156.115541][ T6283] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 156.259737][ T36] kauditd_printk_skb: 718 callbacks suppressed [ 156.259758][ T36] audit: type=1400 audit(1750408553.910:24711): avc: denied { read write } for pid=6288 comm="syz.0.1919" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 156.298034][ T6289] rust_binder: Write failure EFAULT in pid:1599 [ 156.349556][ T36] audit: type=1400 audit(1750408553.950:24712): avc: denied { ioctl } for pid=6287 comm="syz.1.1920" path="/dev/binderfs/binder0" dev="binder" ino=28 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 156.412419][ T6293] rust_binder: Write failure EFAULT in pid:1601 [ 156.422539][ T36] audit: type=1400 audit(1750408553.970:24713): avc: denied { read write open } for pid=6288 comm="syz.0.1919" path="/dev/ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 156.454750][ T36] audit: type=1400 audit(1750408553.980:24714): avc: denied { read write } for pid=290 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 156.482975][ T36] audit: type=1400 audit(1750408553.980:24715): avc: denied { read write open } for pid=290 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 156.539468][ T36] audit: type=1400 audit(1750408553.980:24716): avc: denied { ioctl } for pid=290 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 156.571763][ T36] audit: type=1400 audit(1750408554.000:24717): avc: denied { read } for pid=6288 comm="syz.0.1919" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 156.595802][ T36] audit: type=1400 audit(1750408554.000:24718): avc: denied { read open } for pid=6288 comm="syz.0.1919" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 156.620456][ T36] audit: type=1400 audit(1750408554.000:24719): avc: denied { read } for pid=6288 comm="syz.0.1919" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 156.683960][ T36] audit: type=1400 audit(1750408554.000:24720): avc: denied { read open } for pid=6288 comm="syz.0.1919" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 156.961637][ T6305] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 157.075062][ T6314] rust_binder: Error while translating object. [ 157.093967][ T6314] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 157.127685][ T6314] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1426 [ 157.206320][ T6312] input: syz1 as /devices/virtual/input/input90 [ 157.390190][ T6322] input: syz0 as /devices/virtual/input/input91 [ 157.695735][ T6328] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 157.906246][ T6335] kvm: kvm [6334]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 157.957651][ T6338] random: crng reseeded on system resumption [ 158.035032][ T6339] rust_binder: Got transaction with invalid offset. [ 158.035082][ T6339] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 158.041731][ T6339] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:48 [ 158.367759][ T6341] SELinux: unknown common r [ 158.391733][ T6341] SELinux: failed to load policy [ 158.704928][ T6356] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1434 [ 158.705395][ T6356] rust_binder: Write failure EINVAL in pid:1434 [ 158.957169][ T6368] input input93: cannot allocate more than FF_MAX_EFFECTS effects [ 159.095168][ T6366] binder: Unknown parameter 'nonv/snd/timer' [ 159.181496][ T6379] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:60 [ 159.218111][ T6379] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 159.254051][ T6379] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:60 [ 159.658167][ T6396] input: syz1 as /devices/virtual/input/input95 [ 159.729255][ T6402] input: syz0 as /devices/virtual/input/input96 [ 159.764198][ T6405] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=io+mem:owns=io+mem [ 159.880326][ T6405] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 160.617716][ T6430] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70 [ 160.626698][ T6430] rust_binder: Error while translating object. [ 160.644011][ T6430] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 160.651610][ T6430] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70 [ 160.975328][ T6432] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 161.002479][ T6432] rust_binder: Write failure EINVAL in pid:1453 [ 161.242280][ T6447] rust_binder: Error in use_page_slow: ESRCH [ 161.242310][ T6447] rust_binder: use_range failure ESRCH [ 161.259708][ T6447] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 161.275064][ T6447] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 161.297772][ T6447] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1642 [ 161.353634][ T36] kauditd_printk_skb: 703 callbacks suppressed [ 161.353653][ T36] audit: type=1400 audit(1750408559.000:25424): avc: denied { read } for pid=6452 comm="syz.0.1969" name="binder0" dev="binder" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 161.443968][ T36] audit: type=1400 audit(1750408559.070:25425): avc: denied { read write } for pid=6060 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 161.523253][ T36] audit: type=1400 audit(1750408559.070:25426): avc: denied { read write open } for pid=6060 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 161.549378][ T6459] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 161.549681][ T6459] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 161.595339][ T36] audit: type=1400 audit(1750408559.070:25427): avc: denied { ioctl } for pid=6060 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 161.673962][ T36] audit: type=1400 audit(1750408559.080:25428): avc: denied { read } for pid=6452 comm="syz.0.1969" name="binder0" dev="binder" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 161.756715][ T6468] audit: audit_backlog=65 > audit_backlog_limit=64 [ 161.763265][ T6468] audit: audit_lost=234 audit_rate_limit=0 audit_backlog_limit=64 [ 161.783994][ T36] audit: type=1400 audit(1750408559.080:25429): avc: denied { read open } for pid=6452 comm="syz.0.1969" path="/dev/binderfs/binder0" dev="binder" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 161.809756][ T6468] audit: backlog limit exceeded [ 161.870438][ T6060] audit: audit_backlog=65 > audit_backlog_limit=64 [ 162.604645][ T6501] rust_binder: Write failure EFAULT in pid:90 [ 162.625148][ T6504] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 162.631587][ T6504] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 162.708432][ T6507] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 162.776425][ T6507] rust_binder: Write failure EINVAL in pid:92 [ 162.949478][ T6514] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 163.106420][ T6518] __vm_enough_memory: pid: 6518, comm: syz.0.1989, bytes: 281474976845824 not enough memory for the allocation [ 163.179619][ T6521] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:97 [ 163.380247][ T6535] input: syz0 as /devices/virtual/input/input97 [ 163.435590][ T6535] input: failed to attach handler leds to device input97, error: -6 [ 163.586011][ T6547] rust_binder: Write failure EFAULT in pid:102 [ 163.708968][ T6554] input: syz1 as /devices/virtual/input/input98 [ 163.884014][ T6560] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 163.884039][ T6560] rust_binder: Error while translating object. [ 163.892697][ T6560] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 163.924025][ T6560] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1669 [ 164.029548][ T6564] SELinux: policydb string does not match my string SE Linux [ 164.065866][ T6571] binder: Bad value for 'defcontext' [ 164.084384][ T6575] rust_binder: Write failure EFAULT in pid:114 [ 164.092301][ T6564] SELinux: failed to load policy [ 164.280573][ T6581] kvm: user requested TSC rate below hardware speed [ 164.292898][ T6581] rust_binder: Write failure EINVAL in pid:118 [ 164.410478][ T6587] rust_binder: Write failure EFAULT in pid:1674 [ 164.499191][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.508795][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.511675][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.529114][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.557895][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.587824][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.634369][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.634685][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.651395][ T6597] rust_binder: Error in use_page_slow: ESRCH [ 164.651416][ T6597] rust_binder: use_range failure ESRCH [ 164.657846][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.662969][ T6597] rust_binder: Failed to allocate buffer. len:64, is_oneway:false [ 164.703677][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.715711][ T6599] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 164.746768][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.747099][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.802513][ T6597] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 164.802556][ T6597] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:120 [ 164.821735][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.881392][ T6599] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.902712][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.903055][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.934020][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.934398][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.961455][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.961785][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.989401][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.989810][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.996698][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.003039][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.010059][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.016863][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.023708][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.092318][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.093068][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.113584][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.117890][ T6612] binder: Unknown parameter 'processor : 0 [ 165.117890][ T6612] vendor_id : GenuineIntel [ 165.117890][ T6612] cpu family : 6 [ 165.117890][ T6612] model : 79 [ 165.117890][ T6612] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 165.117890][ T6612] stepping : 0 [ 165.117890][ T6612] microcode : 0xffffffff [ 165.117890][ T6612] cpu MHz : 2199.998 [ 165.117890][ T6612] cache size : 56320 KB [ 165.117890][ T6612] physical id : 0 [ 165.117890][ T6612] siblings : 2 [ 165.117890][ T6612] core id : 0 [ 165.117890][ T6612] cpu cores : 1 [ 165.117890][ T6612] apicid : 0 [ 165.117890][ T6612] initial apicid : 0 [ 165.117890][ T6612] fpu : yes [ 165.117890][ T6612] fpu_exception : yes [ 165.117890][ T6612] cpuid level : 13 [ 165.117890][ T6612] wp : yes [ 165.117890][ T6612] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 165.117890][ T6612] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 165.120617][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.269820][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.278149][ T6593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.434907][ T6617] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 165.637096][ T6631] binder: Bad value for 'stats' [ 165.647565][ T6630] binder: Bad value for 'stats' [ 165.766954][ T6640] rust_binder: Got transaction with invalid offset. [ 165.767006][ T6640] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 165.784196][ T6640] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:127 [ 166.002350][ T6649] binder: Bad value for 'max' [ 166.088836][ T6652] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 166.089487][ T6652] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:130 [ 166.256155][ T6660] input: syz1 as /devices/virtual/input/input101 [ 166.355714][ T36] kauditd_printk_skb: 860 callbacks suppressed [ 166.355732][ T36] audit: type=1400 audit(1750408564.010:26288): avc: denied { map } for pid=6659 comm="syz.2.2031" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 166.403143][ T36] audit: type=1400 audit(1750408564.040:26289): avc: denied { read } for pid=6662 comm="syz.0.2032" name="vsock" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 166.427948][ T36] audit: type=1400 audit(1750408564.040:26290): avc: denied { read open } for pid=6662 comm="syz.0.2032" path="/dev/vsock" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 166.452360][ T36] audit: type=1400 audit(1750408564.040:26291): avc: denied { read } for pid=6659 comm="syz.2.2031" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 166.504496][ T36] audit: type=1400 audit(1750408564.140:26292): avc: denied { read } for pid=6664 comm="syz.0.2033" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 166.542191][ T36] audit: type=1400 audit(1750408564.140:26293): avc: denied { read open } for pid=6664 comm="syz.0.2033" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 166.567667][ T36] audit: type=1400 audit(1750408564.140:26294): avc: denied { ioctl } for pid=6664 comm="syz.0.2033" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 166.614497][ T36] audit: type=1400 audit(1750408564.150:26295): avc: denied { read } for pid=6664 comm="syz.0.2033" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 166.643844][ T36] audit: type=1400 audit(1750408564.150:26296): avc: denied { read open } for pid=6664 comm="syz.0.2033" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 166.675167][ T6667] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 166.682415][ T6667] rust_binder: Write failure EINVAL in pid:1687 [ 166.698745][ T36] audit: type=1400 audit(1750408564.150:26297): avc: denied { ioctl } for pid=6664 comm="syz.0.2033" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 166.790637][ T6671] rust_binder: Write failure EFAULT in pid:1689 [ 166.895702][ T6677] rust_binder: Write failure EFAULT in pid:1691 [ 167.014673][ T6680] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 167.040140][ T6680] rust_binder: Failed copying remainder into alloc: EFAULT [ 167.055868][ T6682] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1515 [ 167.082150][ T6680] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 167.108832][ T6680] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 167.117144][ T6684] rust_binder: Error while translating object. [ 167.117168][ T6684] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 167.117193][ T6684] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:134 [ 167.150925][ T6680] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:134 [ 167.245451][ T6683] kvm: kvm [6681]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff [ 167.271020][ T6687] random: crng reseeded on system resumption [ 167.549415][ T6702] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1524 [ 167.726736][ T6707] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 168.271344][ T6722] input: syz0 as /devices/virtual/input/input104 [ 168.291218][ T6725] binder: Bad value for 'max' [ 168.326323][ T6722] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 168.331606][ T6722] rust_binder: Failed to allocate buffer. len:4240, is_oneway:true [ 168.352256][ T6722] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 168.373946][ T6722] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1531 [ 168.922402][ T6746] rust_binder: Write failure EINVAL in pid:153 [ 169.016612][ T6754] input: syz0 as /devices/virtual/input/input106 [ 169.046113][ T31] ================================================================== [ 169.054318][ T31] BUG: KASAN: null-ptr-deref in down_write+0x83/0x2a0 [ 169.061123][ T31] Write of size 8 at addr 0000000000000098 by task kworker/1:0/31 [ 169.068947][ T31] [ 169.069990][ T6756] rust_binder: Error while translating object. [ 169.071295][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 169.071309][ T6756] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 169.071324][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.071340][ T31] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 169.071419][ T31] Call Trace: [ 169.071429][ T31] [ 169.071440][ T31] __dump_stack+0x21/0x30 [ 169.071470][ T31] dump_stack_lvl+0x10c/0x190 [ 169.071500][ T31] ? __cfi_dump_stack_lvl+0x10/0x10 [ 169.071528][ T31] ? native_smp_send_reschedule+0x3d/0x60 [ 169.071564][ T31] ? resched_curr+0x1c3/0x430 [ 169.071596][ T31] print_report+0x3d/0x70 [ 169.071617][ T31] kasan_report+0x163/0x1a0 [ 169.071651][ T31] ? down_write+0x83/0x2a0 [ 169.071678][ T31] ? down_write+0x83/0x2a0 [ 169.071702][ T31] kasan_check_range+0x299/0x2a0 [ 169.071736][ T31] __kasan_check_write+0x18/0x20 [ 169.071768][ T31] down_write+0x83/0x2a0 [ 169.071793][ T31] ? __cfi_down_write+0x10/0x10 [ 169.071817][ T31] ? _raw_spin_lock+0x8c/0x120 [ 169.071846][ T31] ? __cfi__raw_spin_lock+0x10/0x10 [ 169.071876][ T31] ? mutex_unlock+0x8b/0x240 [ 169.071898][ T31] ? __cfi_mutex_unlock+0x10/0x10 [ 169.071921][ T31] rust_binderfs_remove_file+0x6c/0x110 [ 169.071946][ T31] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 169.071985][ T31] ? update_curr_dl_se+0x10c/0xb20 [ 169.072016][ T31] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 169.072041][ T31] ? update_curr+0x60d/0xc60 [ 169.072072][ T31] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 169.072112][ T31] ? update_load_avg+0x506/0x19a0 [ 169.072134][ T31] ? detach_entity_load_avg+0x7b0/0x7b0 [ 169.072168][ T31] ? dequeue_entity+0xa9c/0x1750 [ 169.072194][ T31] ? do_activate_task+0x340/0x3d0 [ 169.072227][ T31] ? tg_unthrottle_up+0x980/0x980 [ 169.072251][ T31] ? __kasan_check_read+0x15/0x20 [ 169.072277][ T31] ? ttwu_do_activate+0x277/0x630 [ 169.072311][ T31] ? kvm_sched_clock_read+0x15/0x30 [ 169.072337][ T31] ? kvm_sched_clock_read+0x15/0x30 [ 169.072361][ T31] ? sched_clock_noinstr+0xd/0x30 [ 169.072383][ T31] ? sched_clock+0x44/0x60 [ 169.072407][ T31] ? sched_clock_cpu+0x75/0x400 [ 169.072433][ T31] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 169.072459][ T31] ? __cfi_min_vruntime_cb_rotate+0x10/0x10 [ 169.072490][ T31] ? __cfi_sched_clock_cpu+0x10/0x10 [ 169.072519][ T31] ? __kasan_check_write+0x18/0x20 [ 169.072545][ T31] ? __switch_to+0xc7b/0x1310 [ 169.072572][ T31] ? psi_group_change+0xb44/0x1130 [ 169.072599][ T31] ? __cfi___switch_to+0x10/0x10 [ 169.072627][ T31] ? _raw_spin_unlock+0x45/0x60 [ 169.072657][ T31] ? __switch_to_asm+0x3d/0x70 [ 169.072689][ T31] ? __schedule+0x1463/0x1f10 [ 169.072724][ T31] ? kick_pool+0xb9/0x550 [ 169.072765][ T31] process_scheduled_works+0x7d2/0x1020 [ 169.072803][ T31] worker_thread+0xc58/0x1250 [ 169.072841][ T31] kthread+0x2c7/0x370 [ 169.072887][ T31] ? __cfi_worker_thread+0x10/0x10 [ 169.072917][ T31] ? __cfi_kthread+0x10/0x10 [ 169.072948][ T31] ret_from_fork+0x64/0xa0 [ 169.072973][ T31] ? __cfi_kthread+0x10/0x10 [ 169.073005][ T31] ret_from_fork_asm+0x1a/0x30 [ 169.073036][ T31] [ 169.073045][ T31] ================================================================== [ 169.100456][ T6756] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:158 [ 169.110356][ T31] Disabling lock debugging due to kernel taint [ 169.110385][ T31] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 169.110397][ T31] #PF: supervisor write access in kernel mode [ 169.110407][ T31] #PF: error_code(0x0002) - not-present page [ 169.110419][ T31] PGD 8000000127928067 P4D 8000000127928067 PUD 0 [ 169.110447][ T31] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 169.110469][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Tainted: G B 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 169.110501][ T31] Tainted: [B]=BAD_PAGE [ 169.110508][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.502120][ T31] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 169.518912][ T31] RIP: 0010:down_write+0x9a/0x2a0 [ 169.523952][ T31] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 2d 34 55 fc 4c 89 f7 be 08 00 00 00 e8 20 34 55 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 169.543561][ T31] RSP: 0018:ffffc90000207500 EFLAGS: 00010256 [ 169.549631][ T31] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 169.557605][ T31] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000207520 [ 169.565574][ T31] RBP: ffffc90000207598 R08: ffffc90000207527 R09: 1ffff92000040ea4 [ 169.573570][ T31] R10: dffffc0000000000 R11: fffff52000040ea5 R12: dffffc0000000000 [ 169.581546][ T31] R13: 1ffff92000040ea0 R14: ffffc90000207520 R15: 0000000000000000 [ 169.589520][ T31] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 169.598452][ T31] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.605033][ T31] CR2: 0000000000000098 CR3: 0000000132d32000 CR4: 00000000003526b0 [ 169.613008][ T31] DR0: 0000000000000007 DR1: 000000000000000b DR2: 0000000000000002 [ 169.620975][ T31] DR3: 0000040000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.628947][ T31] Call Trace: [ 169.632236][ T31] [ 169.635166][ T31] ? __cfi_down_write+0x10/0x10 [ 169.640021][ T31] ? _raw_spin_lock+0x8c/0x120 [ 169.644793][ T31] ? __cfi__raw_spin_lock+0x10/0x10 [ 169.649994][ T31] ? mutex_unlock+0x8b/0x240 [ 169.654582][ T31] ? __cfi_mutex_unlock+0x10/0x10 [ 169.659603][ T31] rust_binderfs_remove_file+0x6c/0x110 [ 169.665149][ T31] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 169.677917][ T31] ? update_curr_dl_se+0x10c/0xb20 [ 169.683041][ T31] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 169.689111][ T31] ? update_curr+0x60d/0xc60 [ 169.693710][ T31] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 169.706909][ T31] ? update_load_avg+0x506/0x19a0 [ 169.711940][ T31] ? detach_entity_load_avg+0x7b0/0x7b0 [ 169.717499][ T31] ? dequeue_entity+0xa9c/0x1750 [ 169.722441][ T31] ? do_activate_task+0x340/0x3d0 [ 169.727477][ T31] ? tg_unthrottle_up+0x980/0x980 [ 169.732503][ T31] ? __kasan_check_read+0x15/0x20 [ 169.737529][ T31] ? ttwu_do_activate+0x277/0x630 [ 169.742574][ T31] ? kvm_sched_clock_read+0x15/0x30 [ 169.747783][ T31] ? kvm_sched_clock_read+0x15/0x30 [ 169.752980][ T31] ? sched_clock_noinstr+0xd/0x30 [ 169.758001][ T31] ? sched_clock+0x44/0x60 [ 169.762504][ T31] ? sched_clock_cpu+0x75/0x400 [ 169.767446][ T31] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 169.773515][ T31] ? __cfi_min_vruntime_cb_rotate+0x10/0x10 [ 169.779419][ T31] ? __cfi_sched_clock_cpu+0x10/0x10 [ 169.784709][ T31] ? __kasan_check_write+0x18/0x20 [ 169.789824][ T31] ? __switch_to+0xc7b/0x1310 [ 169.794510][ T31] ? psi_group_change+0xb44/0x1130 [ 169.799626][ T31] ? __cfi___switch_to+0x10/0x10 [ 169.804570][ T31] ? _raw_spin_unlock+0x45/0x60 [ 169.809430][ T31] ? __switch_to_asm+0x3d/0x70 [ 169.814203][ T31] ? __schedule+0x1463/0x1f10 [ 169.818894][ T31] ? kick_pool+0xb9/0x550 [ 169.823238][ T31] process_scheduled_works+0x7d2/0x1020 [ 169.828797][ T31] worker_thread+0xc58/0x1250 [ 169.833486][ T31] kthread+0x2c7/0x370 [ 169.837566][ T31] ? __cfi_worker_thread+0x10/0x10 [ 169.842686][ T31] ? __cfi_kthread+0x10/0x10 [ 169.847283][ T31] ret_from_fork+0x64/0xa0 [ 169.851702][ T31] ? __cfi_kthread+0x10/0x10 [ 169.856299][ T31] ret_from_fork_asm+0x1a/0x30 [ 169.861071][ T31] [ 169.864088][ T31] Modules linked in: [ 169.867994][ T31] CR2: 0000000000000098 [ 169.872146][ T31] ---[ end trace 0000000000000000 ]--- [ 169.877626][ T31] RIP: 0010:down_write+0x9a/0x2a0 [ 169.882662][ T31] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 2d 34 55 fc 4c 89 f7 be 08 00 00 00 e8 20 34 55 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 169.902272][ T31] RSP: 0018:ffffc90000207500 EFLAGS: 00010256 [ 169.908340][ T31] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 169.916310][ T31] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000207520 [ 169.924396][ T31] RBP: ffffc90000207598 R08: ffffc90000207527 R09: 1ffff92000040ea4 [ 169.932381][ T31] R10: dffffc0000000000 R11: fffff52000040ea5 R12: dffffc0000000000 [ 169.940535][ T31] R13: 1ffff92000040ea0 R14: ffffc90000207520 R15: 0000000000000000 [ 169.948531][ T31] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 169.957462][ T31] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.964043][ T31] CR2: 0000000000000098 CR3: 0000000132d32000 CR4: 00000000003526b0 [ 169.972018][ T31] DR0: 0000000000000007 DR1: 000000000000000b DR2: 0000000000000002 [ 169.980050][ T31] DR3: 0000040000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.988027][ T31] Kernel panic - not syncing: Fatal exception [ 169.994409][ T31] Kernel Offset: disabled [ 169.998730][ T31] Rebooting in 86400 seconds..