last executing test programs: 1.22966126s ago: executing program 1 (id=324): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x28000, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='\x00') mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) 1.098594072s ago: executing program 1 (id=328): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000000)) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1800001, 0x28011, r2, 0x0) 1.098216452s ago: executing program 1 (id=329): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000000)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.031382083s ago: executing program 1 (id=331): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x1, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x1, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001']) 930.726665ms ago: executing program 1 (id=334): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0xf000, 0x202000}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) syz_clone(0x80001200, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0) r3 = ioctl$TUNGETDEVNETNS(r2, 0xff09, 0x0) ioctl$NS_GET_USERNS(r3, 0xb701, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000500)=[@acquire_done], 0x0, 0x0, 0x0}) 901.358385ms ago: executing program 1 (id=335): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r0, &(0x7f0000000240)=""/25, 0x19) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r5 = mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0xc, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r5}], 0xfffffffffffffeec, 0x0, &(0x7f0000000140)="f3"}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_ro(r6, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) read$FUSE(r7, &(0x7f00000007c0)={0x2020}, 0x2020) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x3c, 0x0, &(0x7f0000000100)=[@increfs={0x40046304, 0x3}, @decrefs={0x40046307, 0x1}, @free_buffer={0x40086303, r5}, @increfs={0x40046304, 0x3}, @decrefs={0x40046307, 0x3}, @decrefs={0x40046307, 0x1}, @release={0x40046306, 0x1}], 0x15, 0x0, &(0x7f0000000140)="546311158bdff09669f5b857ea69cc5bccba643c84"}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0xc0000080, 0x0, 0x7fff}]}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x5c, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000580)={@flat=@weak_handle={0x77682a85, 0x101, 0x1}, @flat=@binder={0x73622a85, 0x1000}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x18, 0x30}}, 0x1000}, @clear_death], 0x0, 0x0, 0x0}) 505.761732ms ago: executing program 2 (id=346): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) read$FUSE(r0, &(0x7f0000001cc0)={0x2020}, 0x2020) (async) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r3, 0x0) (async) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x400000200000000, 0xfffffffffffffffe, 0x0, 0x800, 0x0, 0x4, 0xffffffffffffffff, 0x5, 0x0, 0x5, 0x3, 0x0, 0x3, 0x9, 0x100000000000, 0x7fffffff], 0x8080000}) (async, rerun: 32) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 32) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper={0x40086303}], 0x0, 0x1000000000000, 0x0}) 444.466512ms ago: executing program 0 (id=347): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000002400)={0x44, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={@fda={0x66646185, 0x2, 0x2, 0x3d}, @flat=@weak_binder={0x77622a85, 0x101, 0x3}, @fd}, &(0x7f0000000180)}}, @acquire={0x40046305, 0x2}, @increfs_done={0x40106308, 0x2}, @decrefs={0x40046307, 0x2}, @register_looper], 0x4, 0x0, &(0x7f0000000240)="eae7db1c"}) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 443.653703ms ago: executing program 0 (id=349): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) (async, rerun: 64) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000140)={0xc025}) (async, rerun: 64) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) (async) write$ppp(r0, &(0x7f00000000c0)="e383ad0e4a", 0x5) (async) read(r0, 0x0, 0x5d) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) (async, rerun: 64) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1114}) (async, rerun: 64) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000dc0)='./cgroup/syz0\x00', 0x200002, 0x0) (async) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r3, &(0x7f0000000200)=""/68, 0x44) (async) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x9250) (async) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x3, 0x810, r2, 0x1000) 442.839952ms ago: executing program 3 (id=350): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f000032c000/0x1000)=nil, 0x1000, 0x2, 0x22052, r2, 0x2000) 377.579073ms ago: executing program 3 (id=351): r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x0, 0x0) (async) openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r2, &(0x7f0000000840)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x10, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x3], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x3, 0x0, 0x4, 0x0, 0xffeffffe, 0x0, 0x5], [0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5b2bb47c], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x239]}, 0x45c) (async) ioctl$AUTOFS_IOC_READY(r0, 0xc1086201, 0x20002000) (async) openat$cgroup_ro(r1, &(0x7f0000002540)='memory.stat\x00', 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x88000, 0x0) 377.367364ms ago: executing program 2 (id=352): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020) read$FUSE(r3, &(0x7f00000020c0)={0x2020}, 0x2020) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYRESDEC=r3]) mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) 377.194733ms ago: executing program 3 (id=353): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040), 0x2, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x2) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r3, 0x2000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100d60500000000000000050000000000000006de000000cbbd763aa05c1cb64b8d083873e9d6e04c6d9f711cd374f81b929d6b3d50a486929e7819bed3d3a4cbdf789b6ca416553cbf2c895b2612ffbb45ac7fae57eff1b52800000005059d0f8f42f48a0f000000fe401161e99bb4f822"]) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x11) (async) ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'}) (async) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r8, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) (async) close_range(r2, r8, 0x0) (async) ioctl$UI_SET_LEDBIT(r7, 0x40045569, 0xf) (async) ioctl$UI_DEV_CREATE(r7, 0x5501) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0xc2a4a000) 351.803284ms ago: executing program 0 (id=354): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_async', 0x141a82, 0x0) write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000000), 0xa) (async) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) (async) mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) (async) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) 325.933115ms ago: executing program 0 (id=355): r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_NMI(r3, 0xae9a) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700a3fcf070d1"], 0xffdd) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000860100"/24]) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d73792274656d5f75dd47d0b90b893a03ffdf"]) 259.857365ms ago: executing program 3 (id=356): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af03, &(0x7f00000001c0)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xb0, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac1"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 258.882056ms ago: executing program 2 (id=357): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f0000000000)={0x0, 0x3, [0xf, 0x2400000000, 0x9, 0x6, 0x3, 0xb]}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000480)=[@increfs], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000480)=[@increfs], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x400c6314, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x700000000000000, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x29) (async) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x29) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000140)={0xffffffff, 0xfffdb56e, 0xe14, 0x6, 0x7f}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000340), 0x428882, 0x0) (async) r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000340), 0x428882, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x8002, 0x10) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) write$cgroup_pid(r5, &(0x7f0000002340), 0x12) r6 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x1, 0x1cd, 0xfffffff9}}, 0x30) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x200, 0x0) ioctl$TUNSETIFF(r7, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) close(0x3) read$FUSE(r5, &(0x7f0000004480)={0x2020}, 0x2020) (async) read$FUSE(r5, &(0x7f0000004480)={0x2020}, 0x2020) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001800)={0xf4, 0x0, &(0x7f0000001680)=[@free_buffer, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x1, &(0x7f0000000100)=""/184, 0xb8, 0x0, 0x3e}}, &(0x7f0000000040)={0x0, 0x18, 0x30}}}, @dead_binder_done, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f00000003c0)={@fda={0x66646185, 0x9, 0x0, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000680)=""/4096, 0x1000, 0x2, 0x37}, @fd={0x66642a85, 0x0, r1}}, &(0x7f00000001c0)={0x0, 0x20, 0x48}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f00000005c0)={@flat=@weak_binder={0x77622a85, 0x1, 0xf6b9}, @fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, &(0x7f00000004c0)=""/243, 0xf3, 0x2, 0x1b}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}], 0x5a, 0x0, &(0x7f0000001780)="4638ca1b9c065fc7632d28cf7f1a6a9ef31607fa9f5187c750e696e874201f83bbbdb084cd8efb1625f5928eac8cf6ec24694b10124da692d311367a2d28227fbfd4edd346eed7547a95bcbd9fbaaa8cb49c8b5e2558303f412c"}) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001800)={0xf4, 0x0, &(0x7f0000001680)=[@free_buffer, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x1, &(0x7f0000000100)=""/184, 0xb8, 0x0, 0x3e}}, &(0x7f0000000040)={0x0, 0x18, 0x30}}}, @dead_binder_done, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f00000003c0)={@fda={0x66646185, 0x9, 0x0, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000680)=""/4096, 0x1000, 0x2, 0x37}, @fd={0x66642a85, 0x0, r1}}, &(0x7f00000001c0)={0x0, 0x20, 0x48}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f00000005c0)={@flat=@weak_binder={0x77622a85, 0x1, 0xf6b9}, @fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, &(0x7f00000004c0)=""/243, 0xf3, 0x2, 0x1b}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}], 0x5a, 0x0, &(0x7f0000001780)="4638ca1b9c065fc7632d28cf7f1a6a9ef31607fa9f5187c750e696e874201f83bbbdb084cd8efb1625f5928eac8cf6ec24694b10124da692d311367a2d28227fbfd4edd346eed7547a95bcbd9fbaaa8cb49c8b5e2558303f412c"}) 230.153776ms ago: executing program 3 (id=358): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x40000118, 0x0, 0x9}]}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3314) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xda6, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda6508340"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200a82, 0x0) 176.200307ms ago: executing program 2 (id=359): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r1, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x5, 0x3a, '', 0x3a, '}!^-', 0x3a, './file0'}, 0x2b) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@weak_handle={0x77682a85, 0x1001, 0x3}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) 73.577279ms ago: executing program 2 (id=360): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$BLKSECDISCARD(r1, 0x127d, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x4, &(0x7f00000001c0)=""/64, 0x40, 0x0, 0x32}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 72.050339ms ago: executing program 0 (id=361): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x8, 0x4, 0x1000}) mmap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x1010, r0, 0x9f2ba000) (async) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000040)=0x3) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000340)=[@increfs], 0x0, 0x0, 0x0}) (async) ioctl$BTRFS_IOC_QUOTA_RESCAN(r2, 0x4040942c, &(0x7f0000000080)={0x0, 0x7, [0x6, 0x8000000000000000, 0x8, 0x10, 0x7, 0x1]}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000280)=[@request_death={0x400c630e, 0x0, 0xfc}, @clear_death], 0x0, 0x0, 0x0}) 71.693939ms ago: executing program 2 (id=362): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3314) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xda6, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda6508340"}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x18, 0x0, &(0x7f0000000000)=[@clear_death={0x400c630e}, @release], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0xf9, 0x0, &(0x7f00000003c0)="e881702d1b43abbce52ad205d85de6697d1accb0b6046469a350ba8a32f2f01829cb9ca86e8da46fd4914ffcce99b34e80be067f145f2e818d1c9738b56c080810a718272f5ea99099351881d21efed7e5e27530bea687cdb6cfcf6c663ee19502c05b944430a3c481b25ee4124c3d2923fac9e516cee0d590c4ad44465d495651dd95f58a869de43238150ac679f25ed7d6b3faff5beccf4e8ee0f248b2bc6d2e35ab661b85e312ac3a7771a1e3ae80b1f9b3144f33e636e9bb3efc889b84703f98bbce1b39d7991a602ec19d707e11c782c45025b2343acacd98bf63608fb4b6fd82268c153ff51a481f8e129e017720cb61647c675fda81"}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200a82, 0x0) 59.232579ms ago: executing program 0 (id=363): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x1000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000050000e4004d564b04000000af"]) (async) ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f0000000280)=ANY=[@ANYBLOB="22000000459d98ef9f58db936e6a008e03c3067fdca434bdce428a0640d2fd06e22e471cb7bb8200"]) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x12, 0x0, 0xfffffffffffffffc}]}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x720, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c"}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xee) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000100)={0x30, 0x0, &(0x7f0000000040)=[@decrefs={0x40046307, 0x3}, @acquire, @decrefs, @release, @release={0x40046306, 0x2}, @decrefs={0x40046307, 0x3}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0}) 0s ago: executing program 3 (id=364): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) read(r0, &(0x7f00000020c0)=""/212, 0xd4) write$selinux_attr(r0, 0x0, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000040), 0x2, 0x0) close_range(r1, 0xffffffffffffffff, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r4, 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r4, 0xc2a4a000) read$FUSE(r3, &(0x7f0000001180)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts. [ 26.343411][ T36] audit: type=1400 audit(1750395992.810:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.344799][ T281] cgroup: Unknown subsys name 'net' [ 26.366651][ T36] audit: type=1400 audit(1750395992.810:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.393616][ T36] audit: type=1400 audit(1750395992.850:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.393942][ T281] cgroup: Unknown subsys name 'devices' [ 26.581290][ T281] cgroup: Unknown subsys name 'hugetlb' [ 26.587031][ T281] cgroup: Unknown subsys name 'rlimit' [ 26.741966][ T36] audit: type=1400 audit(1750395993.210:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.765198][ T36] audit: type=1400 audit(1750395993.210:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 26.790061][ T36] audit: type=1400 audit(1750395993.210:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 26.807887][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.822058][ T36] audit: type=1400 audit(1750395993.290:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.848536][ T36] audit: type=1400 audit(1750395993.290:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.878859][ T36] audit: type=1400 audit(1750395993.350:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.904473][ T36] audit: type=1400 audit(1750395993.350:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.904544][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.689807][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.696864][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.704017][ T288] bridge_slave_0: entered allmulticast mode [ 27.710542][ T288] bridge_slave_0: entered promiscuous mode [ 27.717172][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.724287][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.731445][ T288] bridge_slave_1: entered allmulticast mode [ 27.737699][ T288] bridge_slave_1: entered promiscuous mode [ 27.834875][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.842060][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.849221][ T289] bridge_slave_0: entered allmulticast mode [ 27.855602][ T289] bridge_slave_0: entered promiscuous mode [ 27.862193][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.869523][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.876614][ T289] bridge_slave_1: entered allmulticast mode [ 27.882956][ T289] bridge_slave_1: entered promiscuous mode [ 27.913744][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.920849][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.928002][ T290] bridge_slave_0: entered allmulticast mode [ 27.934369][ T290] bridge_slave_0: entered promiscuous mode [ 27.940858][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.947903][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.955289][ T290] bridge_slave_1: entered allmulticast mode [ 27.962862][ T290] bridge_slave_1: entered promiscuous mode [ 27.999190][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.006257][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.013360][ T292] bridge_slave_0: entered allmulticast mode [ 28.019651][ T292] bridge_slave_0: entered promiscuous mode [ 28.026053][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.033252][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.040379][ T292] bridge_slave_1: entered allmulticast mode [ 28.046605][ T292] bridge_slave_1: entered promiscuous mode [ 28.116024][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.123119][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.130434][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.137469][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.193427][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.200524][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.207830][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.214899][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.258312][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.265414][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.272734][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.279781][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.289157][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.296472][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.304443][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.312005][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.319573][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.327201][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.340157][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.347222][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.364257][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.371349][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.410281][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.417360][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.428494][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.435584][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.456328][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.463437][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.472118][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.479191][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.492220][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.499311][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.506844][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.513897][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.539051][ T288] veth0_vlan: entered promiscuous mode [ 28.561301][ T289] veth0_vlan: entered promiscuous mode [ 28.582353][ T289] veth1_macvtap: entered promiscuous mode [ 28.598017][ T290] veth0_vlan: entered promiscuous mode [ 28.617214][ T292] veth0_vlan: entered promiscuous mode [ 28.627786][ T288] veth1_macvtap: entered promiscuous mode [ 28.638172][ T290] veth1_macvtap: entered promiscuous mode [ 28.666342][ T289] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.691259][ T292] veth1_macvtap: entered promiscuous mode [ 28.760200][ T315] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.794446][ T317] binder: Unknown parameter 'coN|ext' [ 28.968032][ T337] rust_binder: Write failure EFAULT in pid:6 [ 29.627114][ T359] input: syz1 as /devices/virtual/input/input4 [ 29.677630][ T361] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 29.714354][ T366] input: syz0 as /devices/virtual/input/input5 [ 29.874929][ T373] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:19 [ 29.888225][ T375] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 29.944035][ T382] binder: Bad value for 'max' [ 29.953622][ T384] rust_binder: Read failure Err(EAGAIN) in pid:19 [ 29.999763][ T395] random: crng reseeded on system resumption [ 30.070035][ T399] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.071203][ T394] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 30.077834][ T394] rust_binder: Error in use_page_slow: EBUSY [ 30.088302][ T394] rust_binder: use_range failure EBUSY [ 30.094493][ T394] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 30.106790][ T394] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 30.114569][ T394] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 30.136430][ T394] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:23 [ 30.197936][ T408] input: syz1 as /devices/virtual/input/input7 [ 30.210591][ T405] SELinux: unknown common r [ 30.217052][ T405] SELinux: failed to load policy [ 30.420933][ T422] rust_binder: Error in use_page_slow: ESRCH [ 30.420956][ T422] rust_binder: use_range failure ESRCH [ 30.427077][ T422] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 30.432603][ T422] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 30.440781][ T422] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:32 [ 30.488791][ T430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.502318][ T432] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 30.509709][ T430] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.518213][ T432] rust_binder: Write failure EINVAL in pid:23 [ 30.527698][ T434] rust_binder: Write failure EFAULT in pid:38 [ 30.558527][ T439] random: crng reseeded on system resumption [ 30.565362][ T437] ======================================================= [ 30.565362][ T437] WARNING: The mand mount option has been deprecated and [ 30.565362][ T437] and is ignored by this kernel. Remove the mand [ 30.565362][ T437] option from the mount to silence this warning. [ 30.565362][ T437] ======================================================= [ 30.578783][ T440] rust_binder: Write failure EFAULT in pid:39 [ 30.608677][ T437] binder: Unknown parameter 'diryn' [ 30.642858][ T437] binder: Unknown parameter 'context' [ 30.666788][ T446] KVM: debugfs: duplicate directory 446-13 [ 30.690701][ T451] input: syz1 as /devices/virtual/input/input8 [ 30.835626][ T456] input: syz0 as /devices/virtual/input/input9 [ 30.901763][ T456] binder: Unknown parameter 'max000000000000000000' [ 30.955470][ T461] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 31.086759][ T467] SELinux: failed to load policy [ 31.128904][ T472] binder: Unknown parameter '00000000000000000000' [ 31.387338][ T36] kauditd_printk_skb: 100 callbacks suppressed [ 31.387357][ T36] audit: type=1400 audit(1750395997.850:174): avc: denied { write } for pid=481 comm="syz.2.61" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 31.483965][ T489] rust_binder: Write failure EINVAL in pid:36 [ 31.484102][ T489] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 31.491169][ T490] rust_binder: Failed to allocate buffer. len:1168, is_oneway:true [ 31.493878][ T489] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:36 [ 31.509197][ T489] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 31.528677][ T489] rust_binder: Read failure Err(EFAULT) in pid:36 [ 31.548703][ T36] audit: type=1400 audit(1750395998.010:175): avc: denied { relabelfrom } for pid=479 comm="syz.3.60" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 31.601756][ T36] audit: type=1400 audit(1750395998.010:176): avc: denied { relabelto } for pid=479 comm="syz.3.60" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 31.621837][ T36] audit: type=1400 audit(1750395998.070:177): avc: denied { append } for pid=491 comm="syz.0.65" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 31.648694][ T36] audit: type=1400 audit(1750395998.120:178): avc: denied { read write } for pid=491 comm="syz.0.65" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 31.674691][ T36] audit: type=1400 audit(1750395998.120:179): avc: denied { open } for pid=491 comm="syz.0.65" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 31.678839][ T494] SELinux: security_context_str_to_sid () failed with errno=-22 [ 31.707074][ T36] audit: type=1400 audit(1750395998.170:180): avc: denied { append } for pid=491 comm="syz.0.65" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 31.738485][ T36] audit: type=1400 audit(1750395998.210:181): avc: denied { write } for pid=491 comm="syz.0.65" name="pfkey" dev="proc" ino=4026532561 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 31.784009][ T497] binder: Unknown parameter 'nXI' [ 31.827911][ T36] audit: type=1326 audit(1750395998.290:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.2.68" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f797718e929 code=0x0 [ 31.947288][ T36] audit: type=1400 audit(1750395998.410:183): avc: denied { block_suspend } for pid=498 comm="syz.2.68" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 31.999017][ T511] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 32.000498][ T510] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 32.024392][ T510] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:41 [ 32.172120][ T517] binder: Unknown parameter 'JA@`g/0HdϹC&؝EOv$"TuT. HID v0.00 Device [syz0] on syz1 [ 32.286958][ T526] input: syz1 as /devices/virtual/input/input11 [ 32.295097][ T526] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:50 [ 32.336456][ T524] fido_id[524]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 32.392561][ T528] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 32.403490][ T528] input: syz0 as /devices/virtual/input/input12 [ 32.414372][ T528] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 32.414397][ T528] rust_binder: Error while translating object. [ 32.426566][ T528] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.433056][ T528] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:45 [ 32.853820][ T555] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 32.853841][ T555] rust_binder: Error while translating object. [ 32.864586][ T555] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.870839][ T555] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:76 [ 32.968963][ T564] rust_binder: Error while translating object. [ 32.989302][ T564] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.995567][ T564] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:64 [ 33.089650][ T575] random: crng reseeded on system resumption [ 33.158362][ T582] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 33.223936][ T593] input: syz0 as /devices/virtual/input/input14 [ 33.238574][ T593] input: failed to attach handler leds to device input14, error: -6 [ 33.271232][ T598] input: syz0 as /devices/virtual/input/input15 [ 33.323743][ T601] random: crng reseeded on system resumption [ 33.333610][ T603] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 33.384824][ T612] rust_binder: Read failure Err(EAGAIN) in pid:83 [ 33.551735][ T618] rust_binder: Write failure EFAULT in pid:85 [ 33.568249][ T618] binder: Bad value for 'max' [ 33.638243][ T622] binder: Unknown parameter '0x0000000000000000' [ 33.660103][ T624] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 33.673318][ T624] SELinux: failed to load policy [ 33.679089][ T624] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:89 [ 33.679130][ T624] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 33.688231][ T624] rust_binder: Read failure Err(EFAULT) in pid:89 [ 33.730044][ T626] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 33.745374][ T626] rust_binder: Write failure EINVAL in pid:91 [ 33.978386][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.004697][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.004730][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.029447][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.029476][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.043445][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.043473][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.056794][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.056820][ T635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.121224][ T647] random: crng reseeded on system resumption [ 34.217960][ T653] syz.3.119: attempt to access beyond end of device [ 34.217960][ T653] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 34.257185][ T657] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 34.257210][ T657] rust_binder: Read failure Err(EFAULT) in pid:97 [ 34.376958][ T659] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.383715][ T659] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 34.637013][ T697] binder: Unknown parameter '' [ 34.716143][ T699] random: crng reseeded on system resumption [ 34.752112][ T699] Restarting kernel threads ... done. [ 34.816911][ T710] input: syz1 as /devices/virtual/input/input17 [ 34.828031][ T710] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:118 [ 34.828074][ T710] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 34.837769][ T710] rust_binder: Read failure Err(EFAULT) in pid:118 [ 34.926654][ T723] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 35.064021][ T734] can0: slcan on ptm0. [ 35.084665][ T739] __vm_enough_memory: pid: 739, comm: syz.3.144, bytes: 281474976845824 not enough memory for the allocation [ 35.133792][ T744] binder: Bad value for 'max' [ 35.153927][ T733] can0 (unregistered): slcan off ptm0. [ 35.158990][ T752] binder: Unknown parameter 'defcontext01777777777777777777777' [ 35.203421][ T757] SELinux: security_context_str_to_sid () failed with errno=-22 [ 35.412952][ T786] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1531215282 (3062430564 ns) > initial count (1473793136 ns). Using initial count to start timer. [ 35.625820][ T810] rust_binder: Error in use_page_slow: ESRCH [ 35.625838][ T810] rust_binder: use_range failure ESRCH [ 35.631883][ T810] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 35.637505][ T810] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 35.645783][ T810] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:147 [ 35.718979][ T817] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.728338][ T817] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 35.751944][ T821] input: syz1 as /devices/virtual/input/input22 [ 35.874833][ T832] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 35.882203][ T832] rust_binder: Write failure EINVAL in pid:111 [ 36.163050][ T847] rust_binder: Write failure EFAULT in pid:168 [ 36.221553][ T849] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 36.279943][ T849] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 36.287896][ T849] rust_binder: Error in use_page_slow: EBUSY [ 36.298288][ T849] rust_binder: use_range failure EBUSY [ 36.304321][ T849] rust_binder: Failed to allocate buffer. len:8, is_oneway:false [ 36.309839][ T849] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 36.317583][ T849] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 36.326939][ T849] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:170 [ 36.461489][ T855] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.470156][ T855] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.636077][ T872] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 36.642787][ T872] rust_binder: Read failure Err(EFAULT) in pid:178 [ 36.714889][ T874] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 36.781038][ T878] binder: Binderfs stats mode cannot be changed during a remount [ 36.827139][ T36] kauditd_printk_skb: 26 callbacks suppressed [ 36.827157][ T36] audit: type=1326 audit(1750396003.290:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 36.856639][ T36] audit: type=1326 audit(1750396003.290:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 36.880404][ T36] audit: type=1326 audit(1750396003.290:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 36.903635][ T36] audit: type=1326 audit(1750396003.290:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 36.926947][ T36] audit: type=1326 audit(1750396003.290:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 36.950184][ T36] audit: type=1326 audit(1750396003.290:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 36.974251][ T36] audit: type=1326 audit(1750396003.290:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 37.003622][ T36] audit: type=1326 audit(1750396003.290:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 37.038577][ T36] audit: type=1326 audit(1750396003.290:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 37.062093][ T36] audit: type=1326 audit(1750396003.290:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=884 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3d06f8e929 code=0x7ffc0000 [ 37.062122][ T897] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 37.086010][ T900] rust_binder: Write failure EINVAL in pid:151 [ 37.095655][ T899] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 37.146058][ T901] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:151 [ 37.159136][ T903] input: syz1 as /devices/virtual/input/input24 [ 37.251999][ T908] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 37.252034][ T908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:125 [ 37.273798][ T908] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.289392][ T908] rust_binder: Failed to allocate buffer. len:4224, is_oneway:true [ 37.297541][ T908] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 37.309849][ T916] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 37.310380][ T908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:125 [ 37.336252][ T908] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 37.346504][ T908] rust_binder: Read failure Err(EFAULT) in pid:125 [ 37.412979][ T921] binder: Unknown parameter 'dont_hash' [ 37.484010][ T925] binder: Bad value for 'stats' [ 37.824155][ T941] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 37.824178][ T941] rust_binder: Read failure Err(EFAULT) in pid:188 [ 38.055732][ T957] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.070923][ T959] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.227990][ T970] rust_binder: Error while translating object. [ 38.238363][ T970] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 38.248731][ T970] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:206 [ 38.464575][ T982] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.466459][ T983] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:144 [ 38.474056][ T982] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.608401][ T987] rust_binder: Error while translating object. [ 38.614970][ T987] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 38.621461][ T987] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:149 [ 38.722792][ T1002] kvm: Disabled LAPIC found during irq injection [ 38.739201][ T1002] rust_binder: Failed copying remainder into alloc: EFAULT [ 38.739222][ T1002] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 38.748590][ T1002] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 38.756979][ T1002] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:164 [ 38.767003][ T1003] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.883017][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.885744][ T45] Bluetooth: hci0: Frame reassembly failed (-84) [ 38.890586][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.908714][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.916165][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.923629][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.931086][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.938515][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.946280][ T1017] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 38.955065][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.957744][ T1019] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 38.962827][ T1019] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:142 [ 38.966118][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.990790][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 38.998275][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.005801][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.015568][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.023045][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.032371][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.039832][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.047239][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.054725][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.063221][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.070699][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.078180][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.085679][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.098773][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.106278][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.113703][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.121145][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.128538][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.135967][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.143785][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.151915][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.159372][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.166766][ T371] hid-generic 0001:0000:0000.0002: unknown main item tag 0x0 [ 39.174807][ T371] hid-generic 0001:0000:0000.0002: hidraw0: HID vffffff.ff Device [syz0] on syz0 [ 39.217420][ T1029] fido_id[1029]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 39.269018][ T1035] input: syz0 as /devices/virtual/input/input25 [ 39.399344][ T1035] rust_binder: Error in use_page_slow: ESRCH [ 39.399370][ T1035] rust_binder: use_range failure ESRCH [ 39.405441][ T1035] rust_binder: Failed to allocate buffer. len:40, is_oneway:true [ 39.411006][ T1035] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 39.428749][ T1035] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:210 [ 39.610372][ T1041] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 39.860852][ T1047] binder: Bad value for 'defcontext' [ 40.159992][ T1052] SELinux: failed to load policy [ 40.436283][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.436313][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.443035][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.898704][ T1011] Bluetooth: hci0: command 0x1003 tx timeout [ 40.898714][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 41.186311][ T1087] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 41.208712][ T1087] rust_binder: Write failure EINVAL in pid:155 [ 41.249159][ T1093] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:182 [ 41.256415][ T1095] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:182 [ 41.326869][ T1099] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 41.348953][ T1099] binder: Bad value for 'stats' [ 41.356790][ T1101] binder: Unknown parameter 'fsco\c"Ç/-7gntex' [ 41.407404][ T1107] random: crng reseeded on system resumption [ 41.488843][ T1118] rust_binder: Error while translating object. [ 41.488884][ T1118] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 41.496329][ T1118] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:185 [ 41.632985][ T1127] tun0: tun_chr_ioctl cmd 1074025676 [ 41.638452][ T1127] tun0: owner set to 0 [ 41.877691][ T1140] rust_binder: Write failure EFAULT in pid:166 [ 42.031896][ T1154] random: crng reseeded on system resumption [ 42.067465][ T1157] rust_binder: Error while translating object. [ 42.067494][ T1157] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.074001][ T1157] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:170 [ 42.111383][ T1163] rust_binder: Read failure Err(EAGAIN) in pid:172 [ 42.314534][ T1174] rust_binder: Error while translating object. [ 42.321192][ T1174] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.327462][ T1174] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:204 [ 42.372039][ T36] kauditd_printk_skb: 56 callbacks suppressed [ 42.372057][ T36] audit: type=1326 audit(1750396008.840:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1175 comm="syz.1.279" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3d06f8e929 code=0x0 [ 42.423898][ T1177] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.427168][ T1177] rust_binder: Write failure EFAULT in pid:206 [ 42.486182][ T1182] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.492605][ T1182] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:206 [ 42.522251][ T36] audit: type=1400 audit(1750396008.990:277): avc: denied { map } for pid=1185 comm="syz.2.281" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 42.888851][ T1203] SELinux: failed to load policy [ 42.899583][ T1203] cgroup: fork rejected by pids controller in /syz0 [ 43.032077][ T1211] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:265 [ 43.121044][ T12] bridge_slave_1: left allmulticast mode [ 43.136071][ T12] bridge_slave_1: left promiscuous mode [ 43.142443][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.150270][ T12] bridge_slave_0: left allmulticast mode [ 43.156073][ T12] bridge_slave_0: left promiscuous mode [ 43.162458][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.179901][ T36] audit: type=1400 audit(1750396009.650:278): avc: denied { mounton } for pid=1214 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 43.285108][ T1214] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.292211][ T1214] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.299431][ T1214] bridge_slave_0: entered allmulticast mode [ 43.305891][ T1214] bridge_slave_0: entered promiscuous mode [ 43.312569][ T1214] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.324802][ T1214] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.324851][ T1219] rust_binder: Error while translating object. [ 43.331985][ T1214] bridge_slave_1: entered allmulticast mode [ 43.332434][ T1219] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 43.338776][ T1214] bridge_slave_1: entered promiscuous mode [ 43.344578][ T1219] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:210 [ 43.393112][ T12] veth1_macvtap: left promiscuous mode [ 43.411419][ T1223] rust_binder: Write failure EINVAL in pid:212 [ 43.412631][ T12] veth0_vlan: left promiscuous mode [ 43.424204][ T36] audit: type=1400 audit(1750396009.890:279): avc: denied { setcurrent } for pid=1222 comm="syz.1.293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.526070][ T1231] SELinux: failed to load policy [ 43.549872][ T36] audit: type=1400 audit(1750396010.020:280): avc: denied { create } for pid=1214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.557719][ T1214] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.570575][ T36] audit: type=1400 audit(1750396010.020:281): avc: denied { write } for pid=1214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.577475][ T1214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.577621][ T1214] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.598407][ T36] audit: type=1400 audit(1750396010.020:282): avc: denied { read } for pid=1214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.605141][ T1214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.654893][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.662367][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.672122][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.679193][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.689495][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.696607][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.711402][ T1233] binder: Bad value for 'defcontext' [ 43.750133][ T1214] veth0_vlan: entered promiscuous mode [ 43.764593][ T1214] veth1_macvtap: entered promiscuous mode [ 43.786151][ T36] audit: type=1400 audit(1750396010.250:283): avc: denied { unmount } for pid=1214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 43.889241][ T1244] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:217 [ 43.890054][ T1244] rust_binder: Read failure Err(EFAULT) in pid:217 [ 43.904369][ T36] audit: type=1400 audit(1750396010.370:284): avc: denied { compute_member } for pid=1245 comm="syz.3.299" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 44.050975][ T1249] binder: Unknown parameter 'euid<00000000000000000000' [ 44.250326][ T1258] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 44.257576][ T1258] rust_binder: Write failure EINVAL in pid:9 [ 44.392109][ T36] audit: type=1326 audit(1750396010.860:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1265 comm="syz.0.307" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7e5098e929 code=0x0 [ 44.423019][ T1267] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 44.444652][ T1268] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 44.452676][ T1268] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:12 [ 44.531144][ T1273] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 44.540443][ T1273] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 44.549035][ T1273] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:199 [ 44.673984][ T1283] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 44.683222][ T1283] rust_binder: Error while translating object. [ 44.692261][ T1283] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 44.698534][ T1283] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:209 [ 44.812420][ T1288] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.822229][ T1288] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 45.249234][ T1299] rust_binder: Error while translating object. [ 45.257212][ T1299] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 45.263550][ T1299] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:228 [ 45.364656][ T1308] binder: Unknown parameter 'stats7g' [ 45.485331][ T1312] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 45.485367][ T1312] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:232 [ 45.585015][ T1316] rust_binder: Write failure EFAULT in pid:280 [ 45.663819][ T1321] rust_binder: Error in use_page_slow: ESRCH [ 45.663847][ T1321] rust_binder: use_range failure ESRCH [ 45.678740][ T1321] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 45.684368][ T1321] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 45.694057][ T1321] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:282 [ 45.810979][ T1339] random: crng reseeded on system resumption [ 45.864890][ T1342] rust_binder: inc_ref_done called when no active inc_refs [ 45.892901][ T1349] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.963213][ T1352] rust_binder: Error in use_page_slow: ESRCH [ 45.971274][ T1352] rust_binder: use_range failure ESRCH [ 45.977431][ T1352] rust_binder: Failed to allocate buffer. len:4208, is_oneway:false [ 45.983071][ T1352] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 45.991171][ T1352] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:247 [ 46.068127][ T1363] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:296 [ 46.171773][ T1380] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.186795][ T1381] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.236438][ T1368] rust_binder: Error in use_page_slow: ESRCH [ 46.236465][ T1368] rust_binder: use_range failure ESRCH [ 46.242722][ T1368] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 46.248288][ T1368] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 46.256522][ T1368] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:28 [ 46.307810][ T1396] rust_binder: Write failure EFAULT in pid:32 [ 46.483921][ T1426] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 46.484440][ T1431] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 46.506722][ T1431] rust_binder: Write failure EINVAL in pid:248 [ 46.507529][ T1431] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.515375][ T1432] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.524415][ T1432] rust_binder: Write failure EINVAL in pid:248 [ 46.524415][ T1431] rust_binder: Write failure EINVAL in pid:248 [ 46.605040][ T1437] rust_binder: Error while translating object. [ 46.611402][ T1437] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 46.613628][ T1435] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 46.617675][ T1437] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:251 [ 46.627169][ T1435] rust_binder: Error in use_page_slow: EBUSY [ 46.647377][ T1435] rust_binder: use_range failure EBUSY [ 46.653539][ T1435] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 46.659443][ T1435] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 46.676749][ T1435] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 46.689096][ T1442] rust_binder: Write failure EINVAL in pid:46 [ 46.700996][ T1435] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:333 [ 46.740800][ T1449] rust_kernel: panicked at drivers/android/binder/node.rs:877:13: [ 46.740800][ T1449] attempt to subtract with overflow [ 46.762221][ T1449] ------------[ cut here ]------------ [ 46.767737][ T1449] kernel BUG at rust/helpers/bug.c:7! [ 46.776171][ T1449] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 46.783169][ T1449] CPU: 1 UID: 0 PID: 1449 Comm: syz.0.363 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 46.796565][ T1449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.806650][ T1449] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 46.812000][ T1449] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 e1 4d d7 2b 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 ab 89 9e a7 90 90 90 90 90 90 90 90 90 [ 46.831724][ T1449] RSP: 0018:ffffc9000eb85a90 EFLAGS: 00010246 [ 46.837829][ T1449] RAX: 0000000000000061 RBX: 1ffff92001d70b54 RCX: 4cd3fd82372a4500 [ 46.845837][ T1449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 46.853925][ T1449] RBP: ffffc9000eb85a90 R08: ffffc9000eb85787 R09: 1ffff92001d70af0 [ 46.861955][ T1449] R10: dffffc0000000000 R11: fffff52001d70af1 R12: 0000000000000000 [ 46.869962][ T1449] R13: dffffc0000000000 R14: ffffc9000eb85ac0 R15: ffffc9000eb85af0 [ 46.877966][ T1449] FS: 00007f7e517726c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 46.886917][ T1449] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.893534][ T1449] CR2: 0000000000000000 CR3: 0000000138b38000 CR4: 00000000003526b0 [ 46.901515][ T1449] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.909576][ T1449] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.917556][ T1449] Call Trace: [ 46.920841][ T1449] [ 46.923954][ T1449] _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160 [ 46.931438][ T1449] ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10 [ 46.939431][ T1449] ? _RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x401/0x810 [ 46.949687][ T1449] ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10 [ 46.963254][ T1449] ? __cfi__RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x10/0x10 [ 46.973878][ T1449] ? __kasan_check_write+0x18/0x20 [ 46.979018][ T1449] ? _raw_spin_lock+0x8c/0x120 [ 46.983813][ T1449] ? __cfi__raw_spin_lock+0x10/0x10 [ 46.989040][ T1449] _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90 [ 46.996261][ T1449] ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10 [ 47.004178][ T1449] _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0xb2/0xc0 [ 47.014083][ T1449] ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0x10/0x10 [ 47.024680][ T1449] _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x17e5/0x1860 [ 47.034409][ T1449] ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x10/0x10 [ 47.044487][ T1449] ? __kasan_check_write+0x18/0x20 [ 47.049604][ T1449] ? _raw_spin_lock+0x8c/0x120 [ 47.054387][ T1449] ? __cfi__raw_spin_lock+0x10/0x10 [ 47.059597][ T1449] ? __kasan_check_write+0x18/0x20 [ 47.064711][ T1449] _RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x278d/0x9d20 [ 47.074285][ T1449] ? __cfi__RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x10/0x10 [ 47.084225][ T1449] ? is_bpf_text_address+0x17b/0x1a0 [ 47.089523][ T1449] ? kernel_text_address+0xa9/0xe0 [ 47.094638][ T1449] ? unwind_get_return_address+0x51/0x90 [ 47.100274][ T1449] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 47.106435][ T1449] ? arch_stack_walk+0x10b/0x170 [ 47.111383][ T1449] ? stack_depot_save_flags+0x38/0x800 [ 47.116862][ T1449] ? kasan_save_alloc_info+0x40/0x50 [ 47.122168][ T1449] ? kasan_save_track+0x4f/0x80 [ 47.127044][ T1449] ? kasan_save_track+0x3e/0x80 [ 47.131932][ T1449] ? kasan_save_alloc_info+0x40/0x50 [ 47.137246][ T1449] ? __kasan_kmalloc+0x96/0xb0 [ 47.142033][ T1449] ? __kmalloc_node_track_caller_noprof+0x1ad/0x440 [ 47.148644][ T1449] ? krealloc_noprof+0x8d/0x130 [ 47.153518][ T1449] ? rust_helper_krealloc+0x33/0xd0 [ 47.158723][ T1449] ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0xaf/0x100 [ 47.168279][ T1449] ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x715/0x1440 [ 47.178793][ T1449] ? _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x1a9/0x2c20 [ 47.188082][ T1449] ? _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100 [ 47.196770][ T1449] ? __se_sys_ioctl+0x132/0x1b0 [ 47.201633][ T1449] ? __x64_sys_ioctl+0x7f/0xa0 [ 47.206424][ T1449] ? do_syscall_64+0x58/0xf0 [ 47.211026][ T1449] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 47.217110][ T1449] ? __kasan_kmalloc+0x96/0xb0 [ 47.221897][ T1449] ? kasan_save_alloc_info+0x40/0x50 [ 47.227217][ T1449] ? __kasan_kmalloc+0x96/0xb0 [ 47.232015][ T1449] ? __kmalloc_node_track_caller_noprof+0x1ad/0x440 [ 47.238625][ T1449] ? __kasan_check_write+0x18/0x20 [ 47.243751][ T1449] ? _raw_spin_lock+0x8c/0x120 [ 47.248523][ T1449] ? __cfi__raw_spin_lock+0x10/0x10 [ 47.253732][ T1449] ? __asan_memset+0x39/0x50 [ 47.258331][ T1449] ? _raw_spin_unlock+0x45/0x60 [ 47.263200][ T1449] ? rust_helper_spin_unlock+0x19/0x30 [ 47.268699][ T1449] ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0xdfc/0x1440 [ 47.279224][ T1449] ? 0xffffffff81000000 [ 47.283397][ T1449] ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x10/0x10 [ 47.294166][ T1449] ? kvm_sched_clock_read+0x15/0x30 [ 47.299373][ T1449] ? sched_clock_noinstr+0xd/0x30 [ 47.304402][ T1449] ? sched_clock+0x44/0x60 [ 47.308823][ T1449] ? sched_clock_cpu+0x75/0x400 [ 47.313678][ T1449] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 47.319752][ T1449] ? xfd_validate_state+0x68/0x150 [ 47.324871][ T1449] ? save_fpregs_to_fpstate+0x196/0x230 [ 47.330444][ T1449] ? 0xffffffff81000000 [ 47.334612][ T1449] ? __cfi___switch_to+0x10/0x10 [ 47.339565][ T1449] _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x411/0x2c20 [ 47.348699][ T1449] ? finish_task_switch+0x13a/0x780 [ 47.353907][ T1449] ? __switch_to_asm+0x3d/0x70 [ 47.358684][ T1449] ? avc_has_extended_perms+0x7c7/0xdd0 [ 47.364262][ T1449] ? __asan_memcpy+0x5a/0x80 [ 47.368861][ T1449] ? avc_has_extended_perms+0x921/0xdd0 [ 47.374410][ T1449] ? __cfi__RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x10/0x10 [ 47.383991][ T1449] ? do_vfs_ioctl+0xeda/0x1e30 [ 47.388769][ T1449] ? __futex_queue+0x19a/0x340 [ 47.393540][ T1449] ? __ia32_compat_sys_ioctl+0x850/0x850 [ 47.399181][ T1449] ? __cfi___futex_queue+0x10/0x10 [ 47.404300][ T1449] ? futex_wait_setup+0x1bc/0x260 [ 47.409336][ T1449] ? __futex_wait+0x218/0x2a0 [ 47.414019][ T1449] ? ioctl_has_perm+0x384/0x4d0 [ 47.418882][ T1449] ? has_cap_mac_admin+0xd0/0xd0 [ 47.423832][ T1449] ? futex_wake+0x5fb/0x900 [ 47.428337][ T1449] ? futex_setup_timer+0xb4/0xd0 [ 47.433281][ T1449] ? futex_wait+0x288/0x540 [ 47.437785][ T1449] ? __cfi_futex_wait+0x10/0x10 [ 47.442637][ T1449] ? selinux_file_ioctl+0x6e0/0x1360 [ 47.447938][ T1449] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 47.453499][ T1449] ? do_futex+0x309/0x500 [ 47.457836][ T1449] ? __cfi_do_futex+0x10/0x10 [ 47.462522][ T1449] ? __fget_files+0x2c5/0x340 [ 47.467210][ T1449] _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100 [ 47.475742][ T1449] ? __se_sys_ioctl+0x114/0x1b0 [ 47.480604][ T1449] ? __cfi__RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0x10/0x10 [ 47.489719][ T1449] __se_sys_ioctl+0x132/0x1b0 [ 47.494405][ T1449] __x64_sys_ioctl+0x7f/0xa0 [ 47.499019][ T1449] x64_sys_call+0x1878/0x2ee0 [ 47.504229][ T1449] do_syscall_64+0x58/0xf0 [ 47.508668][ T1449] ? clear_bhb_loop+0x35/0x90 [ 47.513361][ T1449] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 47.519265][ T1449] RIP: 0033:0x7f7e5098e929 [ 47.523685][ T1449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.543295][ T1449] RSP: 002b:00007f7e51772038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.551717][ T1449] RAX: ffffffffffffffda RBX: 00007f7e50bb6160 RCX: 00007f7e5098e929 [ 47.559693][ T1449] RDX: 0000200000000100 RSI: 00000000c0306201 RDI: 000000000000000c [ 47.567669][ T1449] RBP: 00007f7e50a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 47.575665][ T1449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.583650][ T1449] R13: 0000000000000000 R14: 00007f7e50bb6160 R15: 00007ffd2439bc18 [ 47.591640][ T1449] [ 47.594676][ T1449] Modules linked in: [ 47.598607][ T36] kauditd_printk_skb: 11 callbacks suppressed [ 47.598849][ T1449] ---[ end trace 0000000000000000 ]--- [ 47.604737][ T36] audit: type=1400 audit(1750396013.260:297): avc: denied { read append } for pid=1451 comm="syz.3.364" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 47.633758][ T36] audit: type=1400 audit(1750396013.260:298): avc: denied { read append open } for pid=1451 comm="syz.3.364" path="/dev/rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 47.663436][ T1449] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 47.669376][ T1449] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 e1 4d d7 2b 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 ab 89 9e a7 90 90 90 90 90 90 90 90 90 [ 47.672268][ T1454] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.689325][ T36] audit: type=1400 audit(1750396013.270:299): avc: denied { read write } for pid=1451 comm="syz.3.364" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 47.723148][ T1449] RSP: 0018:ffffc9000eb85a90 EFLAGS: 00010246 [ 47.749271][ T36] audit: type=1400 audit(1750396013.270:300): avc: denied { read write open } for pid=1451 comm="syz.3.364" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 47.771609][ T1454] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 47.774125][ T1454] rust_binder: Error in use_page_slow: EBUSY [ 47.774174][ T1449] RAX: 0000000000000061 RBX: 1ffff92001d70b54 RCX: 4cd3fd82372a4500 [ 47.790492][ T1454] rust_binder: use_range failure EBUSY [ 47.790518][ T1454] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 47.790533][ T1454] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 47.790552][ T1454] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 47.790578][ T1454] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:255 [ 47.838676][ T1449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 47.852071][ T36] audit: type=1400 audit(1750396013.270:301): avc: denied { write } for pid=1451 comm="syz.3.364" name="pfkey" dev="proc" ino=4026532627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 47.877424][ T1449] RBP: ffffc9000eb85a90 R08: ffffc9000eb85787 R09: 1ffff92001d70af0 [ 47.877449][ T1449] R10: dffffc0000000000 R11: fffff52001d70af1 R12: 0000000000000000 [ 47.877464][ T1449] R13: dffffc0000000000 R14: ffffc9000eb85ac0 R15: ffffc9000eb85af0 [ 47.877480][ T1449] FS: 00007f7e517726c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 47.877498][ T1449] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.877511][ T1449] CR2: 00007f797805ef98 CR3: 0000000138b38000 CR4: 00000000003526b0 [ 47.877530][ T1449] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.877541][ T1449] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.877557][ T1449] Kernel panic - not syncing: Fatal exception [ 47.877837][ T1449] Kernel Offset: disabled