last executing test programs: 46.277862335s ago: executing program 1 (id=2): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1000, 0x3}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x16, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) 46.169385507s ago: executing program 1 (id=6): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000280)=0x10) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000440)=[@increfs], 0x1e, 0x0, 0x0}) 46.132158807s ago: executing program 1 (id=8): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) (async) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async, rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async, rerun: 64) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040), 0x2, 0x0) (async) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2) ioctl$TCSBRK(r2, 0x5409, 0x9) (async) close_range(r0, 0xffffffffffffffff, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 64) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async, rerun: 64) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r3, 0x2000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0xc2a4a000) 31.094652248s ago: executing program 32 (id=8): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) (async) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async, rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async, rerun: 64) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040), 0x2, 0x0) (async) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2) ioctl$TCSBRK(r2, 0x5409, 0x9) (async) close_range(r0, 0xffffffffffffffff, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 64) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async, rerun: 64) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r3, 0x2000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0xc2a4a000) 21.288677825s ago: executing program 4 (id=444): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000480)=[@increfs], 0x0, 0x0, 0x0}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f00000000c0)={[{0x6, 0x3, 0xf1, 0x0, 0x3, 0x9, 0x52, 0x6, 0xc, 0x4, 0x5, 0xfb, 0x4}, {0x4, 0x8001, 0x0, 0xb, 0xff, 0x0, 0x81, 0xe, 0xe, 0x2f, 0x0, 0x0, 0x7}, {0x5, 0x0, 0x7, 0x10, 0xd6, 0x6, 0x4, 0x7f, 0x4, 0xfa, 0x81, 0x7, 0x7f}], 0xffff1093}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x400c6314, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x700000000000000, 0x0}) 21.101113398s ago: executing program 4 (id=449): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000000000000cd00000900000000feffffffffffffff43be0f44ad1a26"]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000000)={0x150001, 0x0, [0x6, 0x5, 0x1, 0x3715701a, 0x8, 0x299c0e99, 0x1ff, 0x92]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0) ioctl$BLKRRPART(r3, 0x125f, 0x0) 21.050537679s ago: executing program 4 (id=452): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x161000, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) (async) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f00000000c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000000)=""/32, 0x20, 0x1, 0x0, 0x0, 0xffffffff}}, 0x120) close(r1) (async) close(r1) read(r0, &(0x7f0000000040)=""/106, 0x6a) 20.977331339s ago: executing program 4 (id=454): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000000), 0x12) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) (async) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{0x8, 0x4, 0x0, 0x5}, {0x203, 0x1, 0xfe, 0x3}]}) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNGETDEVNETNS(r2, 0x80087601, 0x500) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) syz_clone3(&(0x7f00000000c0)={0x200000400, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) (async) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000002000c) prctl$PR_MCE_KILL(0x35, 0x0, 0x8) (async) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='/dev/ashmem\x00') mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) 20.93834308s ago: executing program 4 (id=457): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000002080)=0x0) write$FUSE_ATTR(r0, &(0x7f00000020c0)={0x78, 0x0, r1, {0xd, 0xf, 0x0, {0x2, 0x4, 0x10, 0x6, 0x0, 0x3, 0x2, 0xccb, 0x6, 0x1000, 0xfffffff9, r3, 0xffffffffffffffff, 0x80, 0x22e8326f}}}, 0x78) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000002140)={0x26, 0x3, 0x0, {0x4, 0x5, 0x0, '-*-,0'}}, 0x26) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002180), 0x80100, 0x0) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f00000021c0)={0xfffd, 0x0, 0x2, 0x1ff, 0x9, 0x3b}) ioctl$BTRFS_IOC_DEFRAG_RANGE(r4, 0x40309410, &(0x7f0000002200)={0x3, 0x0, 0x2, 0x5, 0x0, [0x0, 0x2, 0x3, 0x7ff]}) close(r0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002280)='memory.current\x00', 0x0, 0x0) ioctl$int_in(r6, 0x5421, &(0x7f00000022c0)=0x2) ioctl$GIO_UNIMAP(r6, 0x4b66, &(0x7f0000002340)={0x3, &(0x7f0000002300)=[{}, {}, {}]}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) write$binfmt_format(r4, &(0x7f0000002380)='0\x00', 0x2) ioctl$KVM_RUN(r6, 0xae80, 0x0) write$FUSE_NOTIFY_RESEND(r6, &(0x7f00000023c0)={0x14}, 0x14) mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x2000001, 0x132, r6, 0x1b2a5000) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$NS_GET_NSTYPE(r6, 0xb703, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r6, 0x40043311, &(0x7f0000002400)) ioctl$KDSKBLED(r4, 0x4b65, 0x90) r8 = ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82) ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, r8) ioctl$TIOCSIG(r4, 0x40045436, 0x7ff) ioctl$KDFONTOP_GET(r6, 0x4b72, &(0x7f0000002840)={0x1, 0x1, 0x7, 0x1, 0x20, &(0x7f0000002440)}) openat$fuse(0xffffffffffffff9c, &(0x7f0000002880), 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000028c0)=0x0) write$FUSE_CREATE_OPEN(r5, &(0x7f0000002900)={0xa0, 0x0, r1, {{0x5, 0x3, 0xd, 0x1, 0x35ae, 0x6, {0x5, 0xec2c, 0x5, 0x4, 0x81, 0x1, 0xfffffffb, 0x4, 0xffffff00, 0xc000, 0x1, r9, r2, 0x0, 0x70}}, {0x0, 0x12}}}, 0xa0) 20.807265612s ago: executing program 4 (id=465): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) (async) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000000)={0x6, 0x0, [{0x8, 0x3, 0x1, 0x0, @msi={0xb0000000, 0x40, 0xd, 0x80}}, {0x2, 0x3, 0x1, 0x0, @sint={0x6, 0x4}}, {0x4, 0x5, 0x0, 0x0, @msi={0x7b95, 0x1, 0x9, 0x1}}, {0x8, 0x4, 0x0, 0x0, @irqchip={0xbd, 0xffff0000}}, {0x7, 0x5, 0x1, 0x0, @irqchip={0x1, 0x7}}, {0x10000, 0x2, 0x1, 0x0, @adapter={0x0, 0x80000000, 0x10000, 0x7fffffff, 0x2}}]}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2881, 0x0) (async) ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000180)) (async) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f00000001c0)={0x2, 0x0, [{0x401, 0x4, 0x1, 0x0, @sint={0x55, 0x800}}, {0x1, 0x2, 0x1, 0x0, @msi={0x59, 0x80000000, 0xff, 0xb}}]}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r2, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000240)={0x6, 0x2}}) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f00000002c0)={"c2e9818a9778c54db4ce90eeee3523cdc5bbcfa19994b3c5657272f908bdca8a5af244f624ef81cd5b9b90edc8144a13f92989c6bc47e5fa08e69d87f9ddd9b5d50a96edacfce610411e3e95266aeb099572b4004b71ed6dce81adf0f3ca13848f26a338b3c33c2d823122b8f34194f2776904c41f500c1f0e65ce744e3f9c089f498ae5a3ca0b47dbb77e67c6973f8f2a3ce51d4edd3fe0ac1648bae317aeefeec286040fdf83e0f96ad1bd57b567ac011bf53eeaf2d7a270a95006fcc78291c064828b46233c565a19fb5805ff507c47dc759d1cd74f43bca293fa061e8a52412878d465e9ffdf50a5f4e7a6bea67f4cb6a4d4221a18ad8683481e34db98997292a4c1e56c170be55b5846d5d1992f9890401ec9b822019be98460b1c95a65a1ca583d3c8dbed33afd153c557c9315e5078e0d630b4758d8b6c0079fc15b2a2dc32aab67718b22c2c176ec31396f71318e9a2c6e4805fd4fd79fc30f66e4e48d88e4581199999bd563d5ea750293343c219608bb94241b888767a4a3e7df722fee75119b776a55df6284b48713a220f2b010dcd7400cd94e06647770f3f40a70ca5cdb8e3e711f687a0783e94dc6b648c4df28003515ecc2a4002cc7d6b91e200a420de9e60818a04bbe94632219614ad14f40773e35e622270cc361091073d724a38f69df676090ffbf063559c23df55efcb8ff9d4f411105cf9dc508c9068918f286226e3188165c81d799d96b5528e178040b118b74c3775bee9a2e788e6f7ca04e85fc41e345d25b566ca6e7e603406ec084d1a98a940d83b95b54e87455269f3506cbf41350811c7e18b04901564db8e687716dd8f8c3eede370578315bb31832a43395bacbdfc68df83334aaa05d297decc55fff0e475cdea73f8dee268018baf83d6280b6187430b8eefad99bb8b432588072723c7cea7d9160c9772b889ebcd8bd504ef78d9b8be25cfc897d25cba74c7cab40a1156bfa4efdd255ddecfc93ec3d63971ee55df36e5cc8318825ce625df606167e6fc00cd3002bb8aad4b7f30a8286109da08ed35ba0983bb0bc41f26ca8bf1477d9baa31ee349b0ff7c630b98837e49abe2c226532cb5ca227e56dd78f910a13267637e9e1c6b2bbaab6dbe274868e58dbecf61eeeaaabf6ae519bd26d43ffe86d9cd6274f7f8280f7c15d3a984b0fa3089f42a7701d3342afafbc2501f797b97999f5059b149bc93fb0f9e539e7c5234510ac4afd03410c29bd2e1ebc73531a34f3f77575298d574f89a660baa9899fd2384b25b3b5573f6b48e7bc63f963a36772013f11319289cc5641ca4e4a33434b2691bb700d2fa05c6b50d04debba0259750abf2c6418a11617ddc41e61780a37600e1fde1320e7773f5b8271058eb1e858901da4dcef81ffd366ad9c74be5790224472076211d69bab08e33165cd5170218ffc64fab09"}) (async, rerun: 64) openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x418000, 0x0) (rerun: 64) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000700)={[0x1, 0x4, 0xcfa, 0x3, 0xc4d7, 0x9, 0x3, 0x5, 0x918, 0x501, 0x8, 0x10, 0x39, 0x3, 0x5, 0x5], 0x4000, 0x200}) (async, rerun: 64) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) (async, rerun: 64) r5 = openat$zero(0xffffffffffffff9c, &(0x7f00000007c0), 0x711001, 0x0) r6 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000840)={0x10a, 0x6, 0xe5bc, 0x0, 0xe8, 0x2}) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000880)={"d0588f8f2eedf689910f0492b642efd52769b1d4308eeb4c3987616480b5a8eaee4da60877894c84655462b38dfa5cc3d9292fd0b4e54bdc1e693efa79aaa1c439787e717391a1a4458e264b9e7de6c63dd2faa4c6e936c9979021aefdcfc8cc70288ab4fdf566846dcb2b9c6eded103390f3e2500e12b5ca1acaab8eafee605e7346be917ce98f04271a4c22679e6e70b2adba3faf9174123daf73c97105596efc11e0bcb266318c5a1ff9af12e8f9de8ca89a6210f2c1e2b3154d1611aa4176748182bb663a3e8af65b69baa54e1da77dba595573ab5c037ea805ba44eea0ef7a86b85f3ff8a0a64f1ed02e740715540f5c980ffe42176cb3dd7c0637c9b76fbe5da82a1ea153a39e3494cb2b0e376ffc60d1e0af52d8cc4c78625a6a85608fdc42e15f0d4738e806e3acb8037b67ae5f4145b157c6807248aebb35e7fc19d4eeb8badadf6cc635dc1e03edc778cd3d3b0ec732a9aa1fa8f6314b04c79cbb4be5dd0300ea0b081ae119245f51e46e9eadae33a43300cc25984cd439b352e7d0c3e1cd6f531bff385312b065cdbe381965c14104d587c0931301cb44c248631bce18f66e3be7a29f311caf20338c8d34beccb0aefc88291a3d23c82cb5b2cee1fccd8fe28be9d62ef2a7834d41d50d806ee544d40285c69aaae64dd54dd95e937c4f825b388bc5d4f0f04f194cf12f18195b46aa0a3de9e4a2f822da7da69d0facd58b3d8dd12cdf1cf3c7d6c82bbd41211c893a1d89f4a67e064262cb8f39321995bf8b452b08073801b7c5e6be36b787419da027ee6302a7991cc6ba167e9a893120db55616018fa4760ffb3ca5327e36266a184f96b28925c235e6fd035c2c63401b602023330994f6cbf33c4ef31e703200bffaedea09107513fb9e08343690e35ac38fb47116bc375b3ef8f808a63c0fd1bc410ddd5dc32ba4b1fea01cfa14cd87a1eefcc198587cbb3232eac403b785564f198711ba14bfc8c2cb0539fbd5a0c900564df05dcf6eaa619d5e66fd5ef2d9df541b3f0e99e36233bb22380c71d86b1cd9189fda4f708b563bc5a1141367f31fcac9e037464b9b02ea6502b39fa07f9103bca33f4ac9735c3778519a837379c305fc3eff45a19e971099231d2a3d7ff645c14eaf1d7b0e7b0d936b6fc62fb3336912e76bf4dcbfca4979db13e4f90dda8c884b22177b780ddcf7a7de721312f2d7cce23e6664da8c97b3a11759b8c7552d8ad096d27274e6ca73022339814a108eace8fb90ba9c7349454cb74c8523d533886d5844dbf54ab219ed294aecf8d72b97d9fc016f95dbff9547f331eabdc788a46a9f3d01071c3dd173cde688f82143e98c25ad09c934fde7a921d4e794f7009b36224d5ab5e608b4ef14df10e3f90c18a6742b120adf8f1a6ba51a35e70a9e47a070399f3f3d163cb994208126c498e24acff703bdafdd6c82"}) (async) r8 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r6, 0x3) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000002140)={0xbc, 0x0, &(0x7f0000001f80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000e00)={@ptr={0x70742a85, 0x0, &(0x7f0000000c80)=""/247, 0xf7, 0x0, 0x8}, @ptr={0x70742a85, 0x0, &(0x7f0000000d80)=""/122, 0x7a, 0x1, 0x38}, @fda={0x66646185, 0xa, 0x2, 0x37}}, &(0x7f0000000e80)={0x0, 0x28, 0x50}}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f0000001ec0)={@fda={0x66646185, 0x1, 0x0, 0x1c}, @ptr={0x70742a85, 0x1, &(0x7f0000000ec0)=""/4096, 0x1000, 0x0, 0x38}, @flat=@binder={0x73622a85, 0x2000, 0x2}}, &(0x7f0000001f40)={0x0, 0x20, 0x48}}}, @increfs_done={0x40106308, 0x3}, @free_buffer={0x40086303, r8}, @acquire_done={0x40106309, 0x2}], 0xf1, 0x0, &(0x7f0000002040)="28177ba5639cde503dde3337cd62a72215c05a7ba34cb235ef9aa1703908f9c96439aaaed0b1cafc1bd903b9869048aae69504f22ee5262d322def24f60f4c60f053a076844bd9ad31dd20f510ebdd9456c0f28abb6d9f510bb1b20bde965b0bac04cffda9430be85bf3e0ee9b1148df9e6d5c6a1c4318a25bccc74775e9b0e9f1ec43a30354197be2f66c89f0f05fe3a06143270f2c0974acc044cc5bca32649eafa87a1444d6d7628132c8a2badf0114290786ca62621e248e597a34954e4a7a1bd06b8de24d9e038522486d35e0f12f972fd00002d559b27821bd3758581277c52d7183dbb8ec464bd0a8529f78aad9"}) (async) r9 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000002180), 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000021c0)={0x0, 0x0, @ioapic={0xeeef5000, 0xfffffffa, 0x4, 0x8c, 0x0, [{0xff, 0xd, 0x5, '\x00', 0x1}, {0x0, 0xd4, 0x7, '\x00', 0x1}, {0x0, 0x9, 0xb3, '\x00', 0xff}, {0xfc, 0x3, 0x7f, '\x00', 0x4}, {0x6, 0x0, 0x9, '\x00', 0x4}, {0xc9, 0x19, 0x1, '\x00', 0x3}, {0x40, 0x7, 0xfb, '\x00', 0x2}, {0x68, 0x3, 0x9, '\x00', 0xfb}, {0xd, 0xf, 0x8, '\x00', 0xa0}, {0xfb, 0x8, 0x0, '\x00', 0x2}, {0xc2, 0x14, 0xdf, '\x00', 0x99}, {0x7, 0x6, 0x6, '\x00', 0xff}, {0x2, 0x3, 0x6, '\x00', 0x2}, {0x9, 0xd, 0xcf}, {0xb, 0x9, 0xe, '\x00', 0x92}, {0x1, 0x5, 0x1, '\x00', 0x3}, {0x3, 0x89, 0x8, '\x00', 0x1}, {0xdb, 0x6, 0x5, '\x00', 0x18}, {0x4c, 0xa, 0x2, '\x00', 0x3}, {0xe, 0xff, 0x1, '\x00', 0x3}, {0xf7, 0xc, 0xd, '\x00', 0x7}, {0xb3, 0x1, 0x6, '\x00', 0xe7}, {0x0, 0x0, 0x5, '\x00', 0x9}, {0x84, 0x18, 0x3, '\x00', 0x4}]}}) (async) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000002400), 0x44000, 0x0) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000002440)={0x1fc, 0x3, 0xd5d54000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) ioctl$FIGETBSZ(r3, 0x2, &(0x7f0000002480)) (async) r10 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000024c0), 0x2, 0x0) ioctl$FIBMAP(r10, 0x1, &(0x7f0000002500)) 9.097464772s ago: executing program 2 (id=505): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x0, 0x0, 0x0}) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) syz_clone(0x22000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x84}, {0x6}]}) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000300)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000140)=ANY=[@ANYBLOB=','], 0x6a) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_MSRS(r6, 0xc008ae88, &(0x7f00000002c0)={0x7, 0x0, [{}, {}, {}, {}, {}, {}, {}]}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x1d1000, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$FIOCLEX(r1, 0x5451) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000340)=ANY=[@ANYBLOB="04000000000000001d08000000000900890f000000000000710a0000000000000200000000000000fc02004000200000400c0000000000006d420000000000000100006db3000000"]) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$AUTOFS_IOC_SETTIMEOUT(r7, 0x80049367, &(0x7f0000000180)=0x2) ioctl$KVM_CREATE_PIT2(r8, 0xaea3, 0x0) 9.095195543s ago: executing program 3 (id=506): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000100)={0x8001, r2, 'id0\x00'}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000014d564b00000000ab00"]) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x22201, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) read(r9, &(0x7f0000000080)=""/93, 0xffffff6c) 7.487060497s ago: executing program 2 (id=508): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000001fc0)=ANY=[@ANYBLOB="96"]) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r6, 0x8004e500, &(0x7f0000000180)=r5) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x109000, 0x0) r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r8, 0x8004e500, &(0x7f0000000080)=r9) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000001640)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"]) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfff7, 0xfffffffffffffd80, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/89, 0x59, 0x2, 0x2}, @fd, @fda={0x66646185, 0x2, 0x1, 0x3f}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 7.486823617s ago: executing program 3 (id=509): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000002000c) mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x2000000, 0x100010, r0, 0x0) 5.733705353s ago: executing program 0 (id=510): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x2, 0x4000, 0x1000, &(0x7f0000ec4000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x5000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r2, 0xfffff000) 5.733423513s ago: executing program 2 (id=511): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) read(r1, &(0x7f0000000080)=""/93, 0xffffff6c) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000cc0)={{0x3, 0x3, 0x1, 0x1, 0x9}}) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) syz_clone(0x2204000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PPPIOCGIDLE64(r3, 0x8010743f, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) 5.733151133s ago: executing program 3 (id=512): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="08020000000000000000000000000000000300000000"]) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x301000, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0x0, 0x3970b8090d64f40c}}) (async) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0x0, 0x3970b8090d64f40c}}) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f0000000000)=')}%!:\xb9+\x00') (async) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f0000000000)=')}%!:\xb9+\x00') ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000180)={{0x8080000, 0x0, 0xe, 0x4, 0x0, 0x0, 0x3, 0xe, 0x3, 0xa, 0x9, 0xf}, {0x3000, 0x0, 0x9, 0x6, 0xa5, 0x8, 0x80, 0xdb, 0xd, 0x2, 0xff, 0x8}, {0x1, 0x3000, 0xb, 0x7, 0x5, 0x3, 0xc7, 0x3, 0x6, 0x6, 0x5, 0x9}, {0x100000, 0xdddd0000, 0x4, 0xf, 0x4, 0x10, 0xf7, 0x4, 0xf8, 0xa, 0x40, 0xff}, {0xffff1000, 0x3000, 0x9, 0x4, 0xa, 0x1, 0x2, 0x8, 0x0, 0x3, 0x6e, 0x3}, {0x2, 0x8000000, 0xb, 0xb1, 0x9, 0x40, 0x3, 0x40, 0x1, 0x27, 0x6, 0x6}, {0x2000, 0x0, 0x10, 0xe, 0x7, 0x7, 0x2, 0x4, 0xf8, 0xc, 0x4, 0x6}, {0xeeee8000, 0x3000, 0x3, 0x2, 0x9, 0x7, 0xff, 0x8, 0xde, 0x4, 0x6}, {0x3ac6cd8e2b51fb2f, 0x7}, {0xdddd1000, 0x3ff}, 0x1, 0x0, 0xeeee0000, 0x6121d0, 0xc, 0x4800, 0x1, [0xfffffffffffffffe, 0x0, 0x9, 0x3f2d]}) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0) 3.96753255s ago: executing program 0 (id=513): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f00000001c0)={0x4, 0x2}) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r6, 0x100000a, 0x12, r7, 0x100000) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$PIO_FONTX(r8, 0x4b6c, &(0x7f0000000100)={0x7, 0x13, &(0x7f0000000540)="26fd29eb2fce8bdad148f376d8f57624da01baf37f401b0cfcbef299013af0dfb8e9d2540a940d602c8b6d7f803ab23e0a81ad8e32687f3bfa7b4c2fedff4cfc5ed2beca4a638ff42fb3730d8898e92583d3acd4ea1017fdc3384c5760db15c8d02863fed2bac7004cc0869c70cec556f273d52dd74f7366a5dc0db0f26b4d519fad91513c23561480f00d75de6c1097c3a8108d0d53a799b32643071c97982e1ea8a5897e69ac97c05371caf89c09ef3ed4bdccfc2fed7ebcc4cab92d3dbbf1381698b93dddea43d50467b594ada62705ecb30ac91a7b45b526566987c4cd6735e02cf02bd495172040b80ed8a531e5b91697b14355c4fc9d89a71c36dd0d92e6987203cdd5d31b27d4c95fe639f955c185e77c1100710a7b2086f757925bef05dcec6cc66d2561efd749f94c4823eae89f01e667c87411c254660c037e370f315c2bc8f6430d8398d548f40a1fe55f8f3224733e2727382db13c2e0f229b88fce73e358629759fb50ba7d656e069800d2f29452317766fad307f33a23aec1b56c26a738167384e24b4b4a627caa5b72dc9dee41c4c26bdb72ee0cdd4aa3fe196d9daf912c7de2ff1328a32327a4f67e8276f1fc6305d2165d0a1673470cc2433185ae9b05065508b36af46ad7e3a51d484b088dc502cebf889c347c1e02f6718716ca730a27fb396369ded4778b51e78db88aeedb6abfd1fdf84eb7ac789d0f6d683f1ef904a37e77999ebfe2909e70afb4e37fdd2e705c796f176925360be1532b13124e473c886f802841c97bfaa27f75db4f347bdc5fcef9101b0fe74d396e04f7e2cb475cfa9104fe94dee6c745880c85de8ccb7cd1f9850e9f1e4600b5cb91e5341ca01f981202715248647758ab7dbbd76a235725da8a4a81147bf226ae08333d93077a2fa1ab0ff6d5478f69c03519ddc01a332c970e3a1a673c7048aec932947ab4056712a3c6865bed0c2b443adc50929c4a2673d89eb0e4843208f4c2642d98d31a9e1eb6d1236fac6bf970946323924b60a2c98e7a2b1fbcfdafe65d5ecac3264acdc05ffa2b3d277f20f29ff79fad83b32d9d93eb985dfa7d4c71e6507179a4e6b5090a97c8884b7c7a4b3a38021dd0f06fcb133c729b91b42fea3b48b15e815bd0a2f4c8523387b65aac83c7a4b9f2a29eedc628949e9fff58a53e88888895ede05b4fe6aa6e2e32ee92d9192d3f1b01358502d85c75a81530dca849533bbe8dfa1e8f83722ea3a229144352f53b3d47d1907187fa87f754d517623a22b9c03254aa7a1f0f13431a7c16bc7ebfc4d423af66026b37ea564aa53c8cc48e1ea843b071265edc08bd25636ae5fd2516ee46d08ae594b8a0047cdaaf37834ee7fc87aad0f13e0cb77c95150b89149594ffcded9601f0f4c23161d82027cc89a7173dbbee13f0e6c57b2fda3dd49f138d3f01cdbbcd3d34df2b40e"}) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x400880, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r6, 0x4, 0x80010, r9, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401400, 0x0) 3.96726722s ago: executing program 2 (id=514): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d73797374656d5f75dd47d0b90b893a03ffdf"]) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x1, 0x18}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 3.96700263s ago: executing program 3 (id=515): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001d80), 0x802, 0x0) ioctl$UI_DEV_CREATE(r2, 0x5501) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000480)=[@increfs], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x400c6314, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x700000000000000, 0x0}) 3.943173381s ago: executing program 0 (id=516): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCGISO7816(r0, 0x80285442, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f00000001c0)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000000)={@flat=@weak_handle={0x77682a85, 0x1101, 0x1}, @fda={0x66646185, 0x2, 0x0, 0x5}, @fda={0x66646185, 0x1, 0x2, 0x2}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x40}], 0x0, 0x0, 0x0}) 1.99369719s ago: executing program 0 (id=517): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x143202, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000000)={0x4, 0x3, 0xffff, 0x10001, 0x9, "04000000cf13ef3024c7160000000000000093", 0xda4, 0x8}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x13) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffeffffffff7fb) mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x13, r0, 0x4758f000) 1.99294261s ago: executing program 2 (id=518): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r1 = openat$binfmt_register(0xffffff9c, &(0x7f0000000140), 0x1, 0x0) write$binfmt_register(r1, &(0x7f0000000200)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x9, 0x3a, '\\', 0x3a, 'resv_level', 0x3a, './file0'}, 0x32) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, 0x0) 1.99258804s ago: executing program 3 (id=519): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_VDPA_GET_VRING_NUM(r0, 0x4004af07, &(0x7f00000001c0)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001500)={0x44, 0x0, &(0x7f0000001380)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) (async) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) (async) ioctl$VHOST_VDPA_GET_VRING_NUM(r0, 0x4004af07, &(0x7f00000001c0)) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001500)={0x44, 0x0, &(0x7f0000001380)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (async) 26.42682ms ago: executing program 0 (id=520): r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000080)=[@acquire={0x40046305, 0x2}], 0x15, 0x0, &(0x7f00000000c0)="d9343a8a80ad2d089b9d714060978fdfb2cd37ae7c"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x8c, 0x0, &(0x7f0000000200)=[@acquire_done={0x40106309, 0x3}, @decrefs={0x40046307, 0x3}, @acquire={0x40046305, 0x1}, @clear_death={0x400c630f, 0x1}, @increfs_done, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000140)={@flat=@weak_binder={0x77622a85, 0x100, 0x3}, @fda={0x66646185, 0x7, 0x1, 0x10}, @fda={0x66646185, 0x8, 0x0, 0xc}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x4e, 0x0, &(0x7f00000002c0)="bf9ff01d4a60dc9e6141bf2a204dbbb6a05df5fbde1086eeb836830b02c9d43bced3e55631eb74992d9cd3061be383a3519e76420c802a8d97932a3ae2c45793342b306ae6dbf0188fd9bf55a8b9"}) ioctl$KVM_CAP_SYNC_REGS(r0, 0x4068aea3, &(0x7f0000000380)) ioctl$KVM_CAP_SYNC_REGS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000400)) ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f0000000480)={{0x100000, 0x80a0000, 0x9, 0x7, 0x3, 0xa5, 0x2, 0x8, 0x25, 0x9, 0x5, 0x5}, {0xdddd0000, 0xeeef0000, 0x4, 0x8, 0xe, 0xd, 0x0, 0x2, 0x5, 0x0, 0x9, 0x2}, {0xeeee8000, 0x4, 0x0, 0x40, 0x9, 0xff, 0x6, 0x3, 0x3, 0xbb, 0x8, 0x7}, {0x80a0000, 0x3000, 0x10, 0x2, 0x47, 0xe, 0xe, 0x4, 0x4, 0x8, 0x0, 0x10}, {0x0, 0xa2004, 0xb, 0x12, 0x4, 0x8, 0xfc, 0x80, 0x75, 0x4, 0x8, 0x40}, {0xd000, 0x2000, 0xb, 0x14, 0x5, 0x2, 0x10, 0x2, 0x7, 0x7f, 0x7, 0x3}, {0x8000000, 0x80a0000, 0x10, 0x40, 0xf6, 0xe, 0x82, 0x2, 0x3, 0x3, 0x3, 0x6}, {0xd000, 0xddcd1000, 0x9, 0xe4, 0xd2, 0x10, 0x80, 0x8, 0x6e, 0x5, 0x6, 0x5}, {0x10000, 0x5}, {0x5000, 0x3}, 0x40040004, 0x0, 0xffff1000, 0x40008, 0xb, 0x0, 0x1000, [0x2, 0x2, 0x100000001, 0x401]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x230000, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000600)={0xdddd1000, 0xd000, 0x9, 0x6d, 0x40}) ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000000640)) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f00000006c0)) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000780)={0x4, 0x9f8, [{0xe5a3ff9, 0x0, 0x3}, {0x3, 0x0, 0x7}, {0x62, 0x0, 0xfffffffffffffffe}, {0x3, 0x0, 0x2}]}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001800)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000800)="b98858a0cbec4caf6fc82e1ca3ee846496c24d3886554b2a0c1e1900cbf5543d89300e53c407b8c255818a874a1134060b3bcf68d864c32660a8abf66f3a89bd4e03169e9a3bee4201b76c2142f84d72c97dd2842601713f155179cd14a9c8ecc03613f62b26cd38eb05591fd7705094e3687a4e3f9b86bf393bad2847f5d3463e23276561990c371037d73e370309d240d1fdaf72998c8c106d174a5dd828c25f1ab33afa44b9c3e194edcad58cec5296ea67f2628440a7543172b8b0a5ef0b5fac91bdd75e32d3753c192d6bb6ad327414f252a6def392a5e23bb9df38bf721f154ec758bb43e2619c60b2eb89c78b67ab51923fae94752cab82497040d21108169b924d66bd5792b22ce7f133a288dc7d6694a0161a83135d2fdac19969a1df08130b4f9bb12e0472281bb7e7f56a54a910f5fab1ebe3c9883f90828e35a5f4b10c8870ea0dd0fa4a4bb6ac1a9e6b23d3a7498d1d998a653f067ba19e3fb88ea6efe1dcb6bca3183401671be9a52706b03cca0038cd284d66ba4cedfbfe509faa06194d967b543d48d4eccf3a53b85c833c9d73b54c2b8bffdd2912ab3975730cc984af02af7bd2454e22a92b8868a43bf269302ab7d3fd6e15a300b4d9a2a27f00be7caacbc69979d6a71d24aa7ae645520ad6f66088b0733311fa081163983b854fae4162393cf45885625c0218feafff094ff2d73866d4c39fe38674bae5098cebc611e39417368409dc459f4cce7e3a25abd177745241d2d5eb1f4769118826c6116bb7b5f2dcf18d61784ea2876537969af04c475abd272719f5df6bf89552dc3353e18123a621969bfe3cd4efeb5886b356be0cafbad81e6240e358f37c737235d9cd0853945ba96a2603d67adcde753727e0c8c23135cc5c70262f58140301d1b8fa22aad8ee045e22020a8c6f13de7e11bddcfde83f442758f7a1bb7221d7d962f84de3f8212022601e03f24691f0852142c4cd4b1363cb7118499eb7311d8ffe63a3d8568eec135049bc0b1ccd40590369050247a21e9cf16ae89e0eaab4a4e22e71bf88b16a1503db523495ebf7e83ace72a6543fb55e8b1e6133b1e9fa4e09b5b8cd549f982bcfd80ba54cfcee7007b938c68aee35aecb50fef8603c1283dda4ecb06b6e3d8c9852bb7e04dbcca404fe5c982e96d1c621eb6eb7d62c8f51ded2ade3ba6f12b0e08046174a27928ac7c90d2da5ef91d66d1045eb8b7ea5ec70ae51bedca2ca5204c9c0d659111488505ce066826e1c43d3c7e2de8ee82e11e855e53beb4dedb352da7bd8680afdb3bd9bc4abe968709393c7f7bb98f884c88be1b726499eec5fc5c31b7563bbaef572ec5d8ce974c2bf6218ada9e1286da642c45af9ceb22f4d71991ef9db8232565c27b00a92a37ce712a1e96711351bd7d457a64ed7337159f0a9c66bdbac1e6af00eba709db2c3164e794e5efe1a9afa97b6a0b8f576e8e1e6f4c39c251b1a2405dcb227e2f79f4d05727b8aa50b79993bce52b19d310c59594637434b6b1308e466555fe37d68459dfceaf70353890e063e3b50f0b3f92dc83ae91db7df7c8229173981a6595399259a6650a335eea46e5ce044b2afccd675b9dfc425b0297763e4009290b28dea9a6edb48fc1f228040064fbd5810d09592764e471624821e5d2fafa2621266e393bdd2102b453d51943fbf6acc80046fcf68b6e2131fabda87979172ff67002d421eb697e9d6f187c27b3ff2e893dee8c238928988575f95870b878c2e9b0f9f73a0f133fcdc54ea517fd189f897019ee91d2d587af0b32c94b0558e8d1c5bc9509265398db28580623ef1b291bdd42335516b94f0eea0bb3d5c84eccb594259f92f927bce43aa1887a9b409b5ce0bef96c17d9858e6647c0241d19954bbcdfec441e445ee000ff5375525de104e926c20f03080e2fb3bc4dc79e48f90a612844c2a6d9a07b12d8537e2e48e213f852272303fb24c92a5f55da6226a32e75d972774b23f003734071b50956c01ce3e263c55ecdf23c8c4277e9c9e7d5429d6f280012d2473a67661f10a136a1275c34664dad51d38becf051aa16d655a5e57718014534260b90b1b89d8566e15c9ba05f602f410a8fd5f42e4a3e1c26005d7b1afa4172071b66848eb6c4672d91b4e6179ef795a3efa901286152bbbf1692a9465e0d8c651feb83f0e4cd79f2d7a7b208d6c07c8f43ca7f76dc0cadb26547d373be2fb4dbc5d95e2809855539efaa6b3f318286efd009a073f38b347ac31b51e9080288fcd73bd39d4a88fa8cdc514bda88aadbff10c6a0004f1c6c290d464e1e56f4e2f9a7df6d37b7c31da067887f8780fc693b522d63361ea09c686c08c8a94edbae5bdc62be1c3af58bf9c3f41b6dd5eb8feaa1340186d71b078e96a13dc22264df033add7cb65b9ed8f314d579f2c691ee504ef289f782b8cbac3650ee8e0ca2b785226623e61fbe51f142635cc2b5fd979f38a306f00896be721a3b35473d24bf030ca7d9f4834603ad2319a6927feec2e45f4d5c6779b0fa9843fffe21f4cffa59f7b4c24514680f83bf5d9fafc1cc3ece5fcd940d7a0bfd6072ea7be3e4303f09ee6c36973acb2b26f043c3f6fce6c83a51cf31ced082484eead991a53e44c254b52ebeb8611c1abdeadd09f3bbed9a37f81a052ea2a371dc5288e65500ec43b72768dcd3ef5a3588065f79a3351033e1e3a3933300069fc3348d280280b8b95d7603a5edc16f3bf9491b0234c128512cb22422d239449ac7b6a3d05f8c2a4a6feb909786e934fc0c77cd634cc53a72feb6f72b3444a497d3544d2a4c99a042696317560825cb9aef948878118207c770af81bbfe58466180672be5c41dd9ed9b127924cbf95f56cb55fc9efaa60b26fb9f5f2fc3ce7b1b464a9231b6a552360d4bc56c7d18b05211e488663bcf46938636f8066c5beabda569267590f505e24a5f01862182d0fd4a0c1339dc13354abeefd28a80d556f13b846b5ece487efde3a0e64de89347bfea03d0f1309cc3f8a1fdb647100b1ccb3150942358013842aa238c1ae9ec2c9659741491cd157d6b877196efa8d08d1caacfd9c337c2e9fbf9cb41dbacb865307f6d9fbc599517a899671677a978f5ea0f149af41a374a15386885c16d6b33d17728f28e690a68296b369b90d693556e0952c5dbca31b8341ade243ee3075244ff6bc3c4bb4902eba496d65d64b8b22406f85d21c6ed3053a3d35dadf6f3d43025847299bbbf9dc48edf240ffbd6f0edfd6c83bec16f750e51d90c057b62976e302bc485084893a2750fd5ccef35e45c8862d30672de76dbb5ec5aee262abddc0018c5f92b8e8c951aed65f18ec831430785315a66f0d2385766b9d70dc6d8f414452b0ddead0b535d310d4dc7a98ddff3e9f1f2e5f0972df066c00b5b781aa08a9ee043e52430069267c78984f5e98d0933eff8860d447759f3b83e2a73fbb40cee93d0c02e9b244db90d00ac2f00b42b590f34faae577c6db815cee8b583b3d4dc1e9eaff7c1820d526db46400ed0034001f478f454e1f40d4036f8030d8dd7458cc6910ea75aa17ce61573ee99715897c83d65573f26051a83cc41ed3f4bb6d11fa81e2ef4e6d05d8063fd73b8eabe6c964d225e609fda02f76aaf930d30d55cadfd0840bd273c55904304a200a7ab27d56011ea89b0d159c55dde2aad0c3e110eae4887aa5f77b479849366c8c4e433bfe8a07056c27b7940221faee2f0c9904243bf07217cdd7a6968d9578e22f4ea686d1b330e308af129d8a6677fbafc48c403dc22c841d54e86d2c574635b009a1047148fb168a65a3fdf90c65e333991c6dcc1bbb4803573c7e390371652738784d62193f2c8ed53406e5a3e3deeab80c4a3fd1ce97097a13ff35da0580c504690f769fe83a6bb5896d4790909736844891dc5cfcb0d590e7c3bc401d4d73ad5e1c043c0ad66f75599a1e1fa41a16831938ed6b7d1c8bc7682fe63d04bdf3c0081604c93d0486c59ba9639b0b1d05c4e947cddc8e0f75344bc05d4e4eaedc501ba69a123c3ffd41e987e747ac64f9d68642014a21843f93fbe9ca96a4ced7bc3e32b1d1c8de59dad8e58f3d1aacb1c2c5c5ba49a4c9fb06dba40e08fbcc2c692cb2e5ab757079a6d3bc01f03ce7224b032b8f2a56e3680874df7cb04ac484129782b30c48f839f9afd69357152245d8cfaa3fffd5802167cba57cc14da8fab8da76d4ccedf3af7a11138c0fec75797c63762c1f149279cfd281ce8f31c3d2c4ba0f202068ec87603a1f5abde4a60b53f4bcf49adfeedcd37d02f24d8a1da06a744127d9a1741ac94915ee203bc14a52312eec22c72f2428726a463d1058456f925e238bc2e97a43ed37089bc0c882dfee96b60c8acf01d923400d74781b5105e420d7031aad504937bb409e271c13252c74b78487d657bbb340c6c0dec1fe766a5ca7753c81e5e7d0bff89e8b503bf9b6c025a12025e421d118bccacbc6938b3797eb9043a27a2a8d869d4edbf921e7490d46e18de945c2ab13f631fab799afa1044a27c563f8f45e52b227911eb5950d8c1b3da230738191e90cffe3637571d759b1456bfd47c579fda06ae05a41fedd167746e4bbcb4600aea904f20bb42ff345395cf22d319c5d5ce8368ad1885f14e7c15cb476317fdd5676a0f3a4afbc6875f5efb15a5480c1661f5820bdb6bcd8405ce311b4db473782296f956309b2af93381b4f5604682f581e3a1bfb1041b9d22fe212dc539e3323110e2c85dcfbdf6536ae36f6749b467ae0ae1bbe9f99a7b08dc3c3f03e381ce3fb6ddb9ac9614120a0b26af74bb155c1506aeaf54517af47c81491c8594e07c6fd0d4c7f20340fbb9962a5a6fb7fcb44b3b7e7c19b7cd2f56469afc8d6c5fadac4dbedb8594d8dd31f73217b2b3f5a925ba296e49e1fe1a24e6bbbf507e4ee18e966e668caf3d7bf6dd40bfc1b5c671126279c95263b378193561f6704136978069c271cb37eb1c2b1ecc75e52aef2129ee5ec1456b75b727f80305a25a66bda1d330b0ef42fe1d7f40a54fe7fd14660bd9bd3398d7f56a865cb7fe2c220364e276d011b668133bd0d3ad6b12efc6ac39215d51edf7d38cba25cadc915d6e9fde74ffdfecfda40da0288ceaa4c8dbd9dd105a427e9c1b8c3f0069d13d9e1ae48c86abbbc1913eacf8a3f47deb9875e0b14372f25fcfa802d4377e18f2fbe1b9c0e60c32054e765d2d39afe0c0c36851062bdc5df5f1edac5c82421b7802ecfd8c93bc338c77fadaa088f16f0021e814b68ebf800ed75c24567a7597936ee7011533a64956af87c99278afd91ece8a4e6b764b7225281b3fd609e09e02dfc6513ebe1ee20206dd31321e6f899818199f6c6d29558f3fc7bf8b44fc61d210db2f844999d75c3f7bb95aa34f4394e83f92df1ae41b0a3f1bbfd15a64ac87001ca536090ff48ab54d907fdd1c8b7a83c1dd6a917b7530a4397ab03f1e6a2073f9b03c88411993ed2b26228a479ef557333c2347221765de4c21236b70f001a29e4344ec4aa53d45237aeb3a160e1a49b57bd90e9187278f15437b2abe41325f119876aa9aa38e89c9dc84892dde5e74f1639c62a6be3721eb995c4f67751aa4f69a61e8f43a2cb3e7401640f1a9642d6a9b076e4ea62c27f202b6dcc7f55282f027ca94486b1622ea672f7c29ea52a8cafc08c4e3fa9ad0a4044adb94346eff4af91f3f3e3e756524d5d501635056ff94118dbc3b379acf363478cc1bfcf6f8c6c6ed2a49aee9681df9b7bd5baf14c7b901e9aeb8e2b95a5aa0a015639fc2e3c9ce284e8171ca47bb119d11192661", 0x1000, r1}, 0x68) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000001880)=@x86={0xad, 0x4, 0x0, 0x0, 0x9f73, 0x1d, 0x1, 0x24, 0x7f, 0xf7, 0x9, 0x3, 0x0, 0xe, 0x18e0, 0x0, 0x10, 0x2, 0xff, '\x00', 0x9, 0xd}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001940)={&(0x7f0000ff1000/0xf000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f00005b8000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000522000/0x4000)=nil, &(0x7f00004d9000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000cc8000/0x1000)=nil, &(0x7f000068d000/0x2000)=nil, &(0x7f0000a48000/0x2000)=nil, &(0x7f00000018c0)="43fc20a44aefc8af94a9d6bd6a3c1b1dde0c7c55acaa5786458c74732c54ef1dfbc9cf358ff70e924124ec1850ef816d4c31344474c0a799e686911a7eb01c05289eb0ed2592d568356f6086356a6da5e750", 0x52, r2}, 0x68) mmap(&(0x7f0000798000/0x14000)=nil, 0x14000, 0x4, 0x80010, 0xffffffffffffffff, 0x28c50000) r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000019c0), 0x0, 0x0) ioctl$VHOST_VDPA_SET_CONFIG_CALL(r3, 0x4004af77, &(0x7f0000001a00)=0x1) ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f0000001a40)={0xc, 0x0, 0x14, 0x1f, 0xed2, 0x3, 0x1, 0xbd, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001b80)={0x24, 0x0, &(0x7f0000001a80)=[@acquire_done={0x40106309, 0x1}, @clear_death={0x400c630f, 0x2}], 0xa9, 0x0, &(0x7f0000001ac0)="48cb8df390d797feed8ad32e0934aa8a21a46fd6f8ee71b2381936cae716a328c049c18109bcdf048ff2f01cefa19760b3845f8f9e0d06d7109d18c17970acbcf09c16a797e8f8d293188a92de37456ec8ad845e80b746507483b3360cbdbb5c937ece071b9a392c6c285d2da49e69e82da13160656bad3eb1f81e6cfaa56e92090446f14fce712ac8241b2b0121a16314580e2b079b06174371653a490c86c1de3fecd78ec938c2ef"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000001cc0)={0x10, 0x0, &(0x7f0000001bc0)=[@clear_death={0x400c630f, 0x2}], 0x8d, 0x0, &(0x7f0000001c00)="4ef6d93a28c7da4e48e21d8272971918a85d9e33e5b62a461a8b0e0c0d0b6cd35f1bb08ac652b78555c3e0d8de9b69a49acd9a9abf492796ed9425fc2a8b6932c678aa361d841ee919ae478d7c76488a9ef8ad8acac1a4a86f9a2f1d8e0a39c06c735bb0adcc76c21b6e628c0c12273de4a8d27809001bb201b8b8022887c38c3d0b0d38ed5700af7114974553"}) mmap(&(0x7f00009a9000/0x3000)=nil, 0x3000, 0x1000000, 0x8010, r1, 0xe5be2000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000001d00)='./binderfs/custom0\x00', 0x806, 0x0) mmap(&(0x7f0000a17000/0x2000)=nil, 0x2000, 0x3000000, 0x2010, r3, 0xb72e000) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000072a000/0x1000)=nil, 0x1000, &(0x7f0000001d40)='&\x00') r4 = openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000001d80), 0x2, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r4, 0xc0286687, &(0x7f0000001ec0)={0x1, 0x8, 0xc8, &(0x7f0000001dc0)=""/200}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001f00), 0x2, 0x0) 26.2096ms ago: executing program 2 (id=521): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x40000022, 0x0, 0xe1}]}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='context']) 25.6448ms ago: executing program 3 (id=522): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000100)={0x74, 0x0, 0x1}) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000014d564b00000000ab00"]) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x22201, 0x0) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) read(r6, &(0x7f0000000080)=""/93, 0xffffff6c) 0s ago: executing program 0 (id=523): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) read$FUSE(r1, &(0x7f0000001cc0)={0x2020}, 0x2020) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r0, &(0x7f0000000c80)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x102080, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x200) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x29f, 0x0, 0x8}]}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0xbfd3d37869228228, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x4}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000580001c0"]) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92, 0x80a0000}) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.133' (ED25519) to the list of known hosts. [ 21.837301][ T36] audit: type=1400 audit(1750384162.360:64): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.838763][ T282] cgroup: Unknown subsys name 'net' [ 21.860010][ T36] audit: type=1400 audit(1750384162.360:65): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.887405][ T36] audit: type=1400 audit(1750384162.400:66): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.887647][ T282] cgroup: Unknown subsys name 'devices' [ 22.075072][ T282] cgroup: Unknown subsys name 'hugetlb' [ 22.080716][ T282] cgroup: Unknown subsys name 'rlimit' [ 22.275806][ T36] audit: type=1400 audit(1750384162.800:67): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.299100][ T36] audit: type=1400 audit(1750384162.800:68): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.320829][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.324044][ T36] audit: type=1400 audit(1750384162.800:69): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.355495][ T36] audit: type=1400 audit(1750384162.860:70): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.380921][ T36] audit: type=1400 audit(1750384162.860:71): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.384707][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.406523][ T36] audit: type=1400 audit(1750384162.910:72): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.440705][ T36] audit: type=1400 audit(1750384162.910:73): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.236485][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.243597][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.250694][ T289] bridge_slave_0: entered allmulticast mode [ 23.257362][ T289] bridge_slave_0: entered promiscuous mode [ 23.265720][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.272916][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.280013][ T289] bridge_slave_1: entered allmulticast mode [ 23.286400][ T289] bridge_slave_1: entered promiscuous mode [ 23.398918][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.406056][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.413189][ T292] bridge_slave_0: entered allmulticast mode [ 23.419441][ T292] bridge_slave_0: entered promiscuous mode [ 23.435756][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.442929][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.450004][ T292] bridge_slave_1: entered allmulticast mode [ 23.456404][ T292] bridge_slave_1: entered promiscuous mode [ 23.469401][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.476482][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.483580][ T294] bridge_slave_0: entered allmulticast mode [ 23.489864][ T294] bridge_slave_0: entered promiscuous mode [ 23.496376][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.503441][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.510561][ T294] bridge_slave_1: entered allmulticast mode [ 23.516896][ T294] bridge_slave_1: entered promiscuous mode [ 23.565352][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.572460][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.579604][ T295] bridge_slave_0: entered allmulticast mode [ 23.585923][ T295] bridge_slave_0: entered promiscuous mode [ 23.602136][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.609217][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.616348][ T295] bridge_slave_1: entered allmulticast mode [ 23.622622][ T295] bridge_slave_1: entered promiscuous mode [ 23.716285][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.723379][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.730663][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.737717][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.783919][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.790999][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.798407][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.805474][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.814066][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.821119][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.828432][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.835489][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.843658][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.850709][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.858004][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.865134][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.911228][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.919184][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.927012][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.934893][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.942082][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.949296][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.956629][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.963897][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.991889][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.998961][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.007002][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.014062][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.021720][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.028799][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.036726][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.043788][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.066254][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.073344][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.089897][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.096982][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.116275][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.123360][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.130960][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.138043][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.148388][ T289] veth0_vlan: entered promiscuous mode [ 24.167460][ T295] veth0_vlan: entered promiscuous mode [ 24.179324][ T289] veth1_macvtap: entered promiscuous mode [ 24.208716][ T292] veth0_vlan: entered promiscuous mode [ 24.219691][ T295] veth1_macvtap: entered promiscuous mode [ 24.235540][ T294] veth0_vlan: entered promiscuous mode [ 24.256342][ T292] veth1_macvtap: entered promiscuous mode [ 24.274014][ T289] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 24.275898][ T294] veth1_macvtap: entered promiscuous mode [ 24.348134][ T311] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.390256][ T319] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 24.399767][ T311] syz.0.1: attempt to access beyond end of device [ 24.399767][ T311] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 24.410498][ T316] ======================================================= [ 24.410498][ T316] WARNING: The mand mount option has been deprecated and [ 24.410498][ T316] and is ignored by this kernel. Remove the mand [ 24.410498][ T316] option from the mount to silence this warning. [ 24.410498][ T316] ======================================================= [ 24.476873][ T322] rust_binder: Write failure EFAULT in pid:5 [ 24.479627][ T323] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 24.493333][ T323] rust_binder: Write failure EINVAL in pid:4 [ 24.913722][ T340] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 25.142705][ T349] SELinux: policydb table sizes (0,7) do not match mine (8,7) [ 25.150466][ T349] SELinux: failed to load policy [ 25.272502][ T351] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 120) [ 25.272530][ T351] rust_binder: Error while translating object. [ 25.285469][ T351] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.291718][ T351] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:20 [ 25.417135][ T356] SELinux: failed to load policy [ 25.455088][ T356] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 25.456352][ T358] rust_binder: Write failure EFAULT in pid:25 [ 25.467905][ T356] rust_binder: Write failure EINVAL in pid:14 [ 25.583640][ T363] rust_binder: Error while translating object. [ 25.589884][ T363] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 25.596395][ T363] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:17 [ 25.830270][ T373] rust_binder: Error in use_page_slow: ESRCH [ 25.830290][ T373] rust_binder: use_range failure ESRCH [ 25.837857][ T373] rust_binder: Failed to allocate buffer. len:96, is_oneway:false [ 25.847768][ T373] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 25.860032][ T373] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:29 [ 25.870265][ T373] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 25.880208][ T373] rust_binder: Read failure Err(EFAULT) in pid:29 [ 25.982454][ T385] input: syz0 as /devices/virtual/input/input4 [ 26.178065][ T396] input: syz0 as /devices/virtual/input/input5 [ 26.287188][ T404] binder: Unknown parameter 'nnq:4EfU% kxdDmB.IV L@IA [ 26.287188][ T404] +5Pjjk[' [ 26.324646][ T402] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.324679][ T402] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:42 [ 26.330971][ T406] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 26.343995][ T406] rust_binder: Error while translating object. [ 26.361237][ T406] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.372877][ T406] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:12 [ 26.466014][ T412] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 26.490539][ T412] SELinux: failed to load policy [ 26.663229][ T428] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.663438][ T428] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.447920][ T463] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 27.502915][ T463] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 27.827574][ T36] kauditd_printk_skb: 69 callbacks suppressed [ 27.827592][ T36] audit: type=1400 audit(1750384168.350:143): avc: denied { write } for pid=470 comm="syz.0.55" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 27.836079][ T471] rust_binder: Error while translating object. [ 27.856520][ T471] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 27.863048][ T471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:46 [ 27.906691][ T36] audit: type=1400 audit(1750384168.430:144): avc: denied { unmount } for pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 27.961075][ T477] binder: Unknown parameter 'permit_directio' [ 27.992987][ T36] audit: type=1400 audit(1750384168.520:145): avc: denied { execute } for pid=478 comm="syz.2.57" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 28.295429][ T493] random: crng reseeded on system resumption [ 28.301715][ T36] audit: type=1400 audit(1750384168.820:146): avc: denied { append } for pid=486 comm="syz.2.61" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 28.336643][ T36] audit: type=1400 audit(1750384168.820:147): avc: denied { open } for pid=486 comm="syz.2.61" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 28.359955][ T36] audit: type=1400 audit(1750384168.860:148): avc: denied { ioctl } for pid=486 comm="syz.2.61" path="/dev/snapshot" dev="devtmpfs" ino=21 ioctlcmd=0x330d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 28.539253][ T36] audit: type=1400 audit(1750384169.060:149): avc: denied { map } for pid=498 comm="syz.3.65" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 28.682666][ T503] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.686095][ T503] Bluetooth: hci0: Frame reassembly failed (-84) [ 28.701963][ T507] input: syz0 as /devices/virtual/input/input8 [ 28.714503][ T507] input: failed to attach handler leds to device input8, error: -6 [ 28.722841][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 28.729723][ T503] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.766330][ T512] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 28.800797][ T514] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 28.845882][ T519] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:62 [ 28.860895][ T36] audit: type=1400 audit(1750384169.390:150): avc: denied { transfer } for pid=518 comm="syz.0.71" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 28.891093][ T519] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 28.891117][ T519] rust_binder: Error while translating object. [ 28.900002][ T519] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 28.906527][ T519] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62 [ 29.151396][ T36] audit: type=1400 audit(1750384169.670:151): avc: denied { view } for pid=529 comm="syz.2.75" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 29.198342][ T36] audit: type=1400 audit(1750384169.720:152): avc: denied { write } for pid=535 comm="syz.2.76" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 29.221105][ T536] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 29.221127][ T536] rust_binder: Read failure Err(EFAULT) in pid:69 [ 29.233115][ T536] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.243002][ T536] rust_binder: Write failure EINVAL in pid:69 [ 29.366638][ T549] input: syz0 as /devices/virtual/input/input9 [ 29.407951][ T551] rust_binder: Error while translating object. [ 29.407993][ T551] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.410878][ T549] binder: Unknown parameter 'stats:global' [ 29.422724][ T551] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:75 [ 29.468437][ T553] __vm_enough_memory: pid: 553, comm: syz.0.83, bytes: 281474976845824 not enough memory for the allocation [ 29.711333][ T562] rust_binder: Write failure EFAULT in pid:80 [ 29.853089][ T566] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 29.859236][ T566] rust_binder: Read failure Err(EFAULT) in pid:81 [ 29.902068][ T568] rust_binder: Write failure EFAULT in pid:84 [ 29.908699][ T569] rust_binder: Write failure EFAULT in pid:84 [ 30.006263][ T571] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=io+mem:owns=io+mem [ 30.034076][ T571] rust_binder: Failed to allocate buffer. len:64, is_oneway:true [ 30.034225][ T571] binder: Unknown parameter 'dir`ync' [ 30.271292][ T580] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 30.288848][ T580] rust_binder: Write failure EINVAL in pid:88 [ 30.434192][ T587] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 30.446892][ T587] rust_binder: Error while translating object. [ 30.470736][ T587] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.487311][ T587] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:93 [ 30.539467][ T589] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:95 [ 30.570968][ T589] SELinux: policydb version 905587468 does not match my version range 15-33 [ 30.609414][ T589] SELinux: failed to load policy [ 30.692811][ T504] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 30.805559][ T594] SELinux: security_context_str_to_sid (unconf) failed with errno=-22 [ 30.849818][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.849848][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.869849][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.869879][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.896848][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.896877][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.937426][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.937473][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.989827][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.989863][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.039191][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.039223][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.054635][ T603] rust_binder: Error in use_page_slow: ESRCH [ 31.069174][ T603] rust_binder: use_range failure ESRCH [ 31.069205][ T603] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 31.075405][ T603] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 31.103604][ T603] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:90 [ 31.122397][ T610] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 31.179527][ T610] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 31.198394][ T610] rust_binder: Write failure EINVAL in pid:92 [ 31.325834][ T622] binder: Bad value for 'max' [ 31.493687][ T627] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.493718][ T627] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:114 [ 31.622694][ T633] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 31.642661][ T633] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:99 [ 31.934383][ T642] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.955082][ T642] rust_binder: Error while translating object. [ 31.969191][ T642] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.975701][ T642] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107 [ 31.985864][ T642] rust_binder: Error while translating object. [ 31.995187][ T642] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.001504][ T642] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107 [ 32.540426][ T649] rust_binder: Write failure EFAULT in pid:101 [ 32.793619][ T655] rust_binder: Write failure EINVAL in pid:103 [ 32.800242][ T655] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.858577][ T658] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:103 [ 33.004305][ T36] kauditd_printk_skb: 41 callbacks suppressed [ 33.004326][ T36] audit: type=1400 audit(1750384173.530:194): avc: denied { read write } for pid=661 comm="syz.0.118" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 33.044385][ T36] audit: type=1400 audit(1750384173.570:195): avc: denied { open } for pid=661 comm="syz.0.118" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 33.069008][ T36] audit: type=1400 audit(1750384173.570:196): avc: denied { ioctl } for pid=661 comm="syz.0.118" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 33.118972][ T36] audit: type=1400 audit(1750384173.590:197): avc: denied { map } for pid=661 comm="syz.0.118" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 33.347277][ T36] audit: type=1400 audit(1750384173.870:198): avc: denied { ioctl } for pid=668 comm="syz.0.121" path="/dev/rnullb0" dev="devtmpfs" ino=31 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 33.397905][ T36] audit: type=1400 audit(1750384173.920:199): avc: denied { append } for pid=668 comm="syz.0.121" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 33.398464][ T669] rust_binder: Write failure EFAULT in pid:123 [ 33.699157][ T36] audit: type=1400 audit(1750384174.220:200): avc: denied { write } for pid=684 comm="syz.3.126" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 33.731437][ T36] audit: type=1400 audit(1750384174.260:201): avc: denied { execute } for pid=684 comm="syz.3.126" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 33.767033][ T36] audit: type=1400 audit(1750384174.290:202): avc: denied { map } for pid=686 comm="syz.3.127" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 33.822279][ T689] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.841194][ T36] audit: type=1400 audit(1750384174.360:203): avc: granted { setsecparam } for pid=690 comm="syz.2.128" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 34.131209][ T701] rust_binder: Error while translating object. [ 34.131260][ T701] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 34.137895][ T701] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:136 [ 34.223431][ T708] SELinux: failed to load policy [ 34.244111][ T708] binder: Unknown parameter 'bell' [ 34.706540][ T737] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:140 [ 34.731486][ T737] SELinux: security_context_str_to_sid () failed with errno=-22 [ 34.739623][ T741] binder: Unknown parameter 'stat' [ 35.097138][ T758] binder: Unknown parameter 'fscntext' [ 35.214050][ T760] rust_binder: Failed to allocate buffer. len:18446744073709551464, is_oneway:false [ 35.214075][ T760] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 35.223627][ T760] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:158 [ 35.558537][ T766] rust_binder: Read failure Err(EFAULT) in pid:130 [ 35.663367][ T771] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 35.669953][ T771] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:154 [ 35.710987][ T775] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 35.743291][ T778] rust_binder: Write failure EINVAL in pid:159 [ 35.783999][ T782] SELinux: policydb version -845211227 does not match my version range 15-33 [ 35.800690][ T782] SELinux: failed to load policy [ 35.806008][ T783] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:136 [ 35.831920][ T785] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.900588][ T792] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 36.413997][ T811] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:171 [ 36.524690][ T822] tap0: tun_chr_ioctl cmd 1074812118 [ 36.544237][ T822] rust_binder: Write failure EINVAL in pid:173 [ 36.734205][ T841] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 36.740722][ T841] rust_binder: Error while translating object. [ 36.749620][ T841] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.756125][ T841] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:191 [ 36.784435][ T849] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 36.936346][ T858] input: syz0 as /devices/virtual/input/input12 [ 37.009779][ T865] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.062736][ T867] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 37.246038][ T878] rust_binder: Failed to allocate buffer. len:18446744073709551376, is_oneway:false [ 37.254484][ T878] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 37.265714][ T878] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:186 [ 37.326747][ T888] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 37.469700][ T893] binder: Unknown parameter '01777777777777777777777V^fQBws!p%]]_Rz6J-m_b' [ 37.600794][ T898] binder: Unknown parameter 'nXI' [ 37.729772][ T911] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 37.729804][ T911] rust_binder: Error while translating object. [ 37.752847][ T911] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 37.760243][ T911] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:176 [ 38.127965][ T936] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 38.179597][ T938] input: syz0 as /devices/virtual/input/input14 [ 38.246793][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.246828][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.253271][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.259576][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.266628][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.272968][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.279243][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.285644][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.291907][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.306022][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.316673][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.323222][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.331187][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.337616][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.343935][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.350191][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.356484][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.362881][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.363707][ T941] kvm: Disabled LAPIC found during irq injection [ 38.381741][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.381875][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.388299][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.394661][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.400962][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.422688][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.429056][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.435504][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.441853][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.448230][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.454917][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.461233][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.467623][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.473974][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.480281][ T943] rust_binder: Write failure EINVAL in pid:233 [ 38.527799][ T36] kauditd_printk_skb: 36 callbacks suppressed [ 38.527818][ T36] audit: type=1400 audit(1750384179.050:240): avc: denied { mounton } for pid=947 comm="syz.2.206" path="/74/binderfs2" dev="tmpfs" ino=394 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 38.606658][ T948] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 39.647992][ T975] input: syz1 as /devices/virtual/input/input17 [ 39.693143][ T36] audit: type=1400 audit(1750384180.220:241): avc: denied { mounton } for pid=977 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 39.733321][ T46] bridge_slave_1: left allmulticast mode [ 39.739016][ T46] bridge_slave_1: left promiscuous mode [ 39.751888][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.760502][ T46] bridge_slave_0: left allmulticast mode [ 39.766292][ T46] bridge_slave_0: left promiscuous mode [ 39.771955][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.808744][ T981] binder: Bad value for 'stats' [ 39.858183][ T977] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.865851][ T977] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.873013][ T977] bridge_slave_0: entered allmulticast mode [ 39.879278][ T977] bridge_slave_0: entered promiscuous mode [ 39.885838][ T977] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.893304][ T977] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.900533][ T977] bridge_slave_1: entered allmulticast mode [ 39.907033][ T977] bridge_slave_1: entered promiscuous mode [ 39.948958][ T46] veth1_macvtap: left promiscuous mode [ 39.954569][ T46] veth0_vlan: left promiscuous mode [ 40.036749][ T36] audit: type=1400 audit(1750384180.560:242): avc: denied { create } for pid=977 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.043749][ T977] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.062641][ T504] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 40.064291][ T977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.070697][ T36] audit: type=1400 audit(1750384180.560:243): avc: denied { write } for pid=977 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.077669][ T977] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.098313][ T36] audit: type=1400 audit(1750384180.560:244): avc: denied { read } for pid=977 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.105058][ T977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.182525][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.190786][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.204439][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.211531][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.219449][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.226527][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.270965][ T977] veth0_vlan: entered promiscuous mode [ 40.276524][ T36] audit: type=1400 audit(1750384180.790:245): avc: denied { read } for pid=992 comm="syz.2.219" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 40.315281][ T36] audit: type=1400 audit(1750384180.790:246): avc: denied { open } for pid=992 comm="syz.2.219" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 40.339930][ T36] audit: type=1400 audit(1750384180.830:247): avc: denied { ioctl } for pid=989 comm="syz.0.218" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 ioctlcmd=0x9408 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 40.362938][ T977] veth1_macvtap: entered promiscuous mode [ 40.369265][ T1001] rust_binder: Write failure EFAULT in pid:260 [ 40.396788][ T36] audit: type=1400 audit(1750384180.920:248): avc: denied { mounton } for pid=977 comm="syz-executor" path="/root/syzkaller.gbK4WM/syz-tmp" dev="sda1" ino=2043 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 40.427815][ T1008] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:267 [ 40.431113][ T36] audit: type=1400 audit(1750384180.950:249): avc: denied { mount } for pid=977 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 40.434759][ T1008] rust_binder: Read failure Err(EFAULT) in pid:267 [ 40.567176][ T1020] binder: Bad value for 'max' [ 40.586397][ T1029] kernel profiling enabled (shift: 8) [ 40.596986][ T1026] input: syz1 as /devices/virtual/input/input18 [ 40.884848][ T1045] SELinux: failed to load policy [ 40.902052][ T1045] binder: Bad value for 'stats' [ 41.014747][ T1052] rust_binder: Write failure EINVAL in pid:222 [ 41.032430][ T1052] binder: Unknown parameter ' [ 41.032430][ T1052] ' [ 41.092885][ T1058] SELinux: policydb string does not match my string SE Linux [ 41.100581][ T1058] SELinux: failed to load policy [ 41.132833][ T1062] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.174487][ T1058] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:217 [ 41.182931][ T1071] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.232452][ T1071] rust_binder: Error in use_page_slow: ESRCH [ 41.232483][ T1071] rust_binder: use_range failure ESRCH [ 41.239544][ T1071] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 41.245271][ T1071] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 41.253543][ T1071] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:232 [ 41.321833][ T1089] rust_binder: Error while translating object. [ 41.341205][ T1089] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 41.349106][ T1089] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:223 [ 41.397332][ T1094] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 41.417057][ T1094] rust_binder: Read failure Err(EFAULT) in pid:240 [ 41.752810][ T1126] cgroup: fork rejected by pids controller in /syz0 [ 41.793038][ T1164] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:249 [ 41.914144][ T1172] rust_binder: Error in use_page_slow: ESRCH [ 41.914176][ T1172] rust_binder: use_range failure ESRCH [ 41.924001][ T1172] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 41.931939][ T1172] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 41.940953][ T1172] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:20 [ 42.029161][ T1186] rust_binder: Error while translating object. [ 42.038356][ T1186] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.044732][ T1186] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:26 [ 42.204138][ T1212] input: syz0 as /devices/virtual/input/input20 [ 42.263845][ T1216] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 42.546802][ T1230] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:39 [ 42.685670][ T1251] rust_binder: Error while translating object. [ 42.706023][ T1244] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 42.731192][ T1251] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.731227][ T1251] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:312 [ 42.758473][ T1254] rust_binder: Write failure EFAULT in pid:258 [ 42.824984][ T1263] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.828912][ T1264] rust_binder: Write failure EFAULT in pid:319 [ 42.897852][ T1271] rust_binder: Write failure EINVAL in pid:322 [ 42.924169][ T1273] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.931659][ T1273] binder: Unknown parameter 's' [ 43.032509][ T1286] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.070639][ T1292] binder: Bad value for 'max' [ 43.096517][ T1295] rust_binder: Write failure EFAULT in pid:265 [ 43.110769][ T1293] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 43.110828][ T1292] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 43.174417][ T1297] binder: Bad value for 'max' [ 43.237933][ T1304] rust_binder: Error while translating object. [ 43.237982][ T1304] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 43.248906][ T1304] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:336 [ 43.313048][ T1310] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 43.473413][ T1321] input: syz1 as /devices/virtual/input/input21 [ 43.510939][ T1321] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 43.530771][ T1328] binder: Unknown parameter 'Vont_hash' [ 43.595129][ T1337] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 43.595164][ T1337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:346 [ 43.623086][ T1332] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 43.652967][ T1332] rust_binder: Write failure EINVAL in pid:62 [ 43.658994][ T1341] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:322 [ 43.781572][ T1346] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 43.791141][ T1346] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:351 [ 43.886197][ T1350] binder: Unknown parameter 'fscontext?}' [ 43.944208][ T1353] rust_binder: Write failure EFAULT in pid:277 [ 43.966090][ T1355] input: syz0 as /devices/virtual/input/input23 [ 43.998360][ T1355] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 44.013851][ T1356] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 44.070599][ T1359] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.082892][ T1360] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.089258][ T36] kauditd_printk_skb: 13 callbacks suppressed [ 44.089282][ T36] audit: type=1400 audit(1750384184.610:263): avc: denied { read } for pid=149 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 44.089553][ T1359] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.103437][ T1362] can0: slcan on ttyS3. [ 44.135421][ T36] audit: type=1400 audit(1750384184.660:264): avc: denied { search } for pid=149 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.157299][ T36] audit: type=1400 audit(1750384184.660:265): avc: denied { read } for pid=149 comm="dhcpcd" name="n15" dev="tmpfs" ino=2546 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 44.195331][ T36] audit: type=1400 audit(1750384184.660:266): avc: denied { open } for pid=149 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=2546 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 44.219635][ T1363] can0 (unregistered): slcan off ttyS3. [ 44.224896][ T36] audit: type=1400 audit(1750384184.660:267): avc: denied { getattr } for pid=149 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=2546 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 44.266212][ T36] audit: type=1400 audit(1750384184.740:268): avc: denied { read } for pid=1369 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=426 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.311585][ T36] audit: type=1400 audit(1750384184.740:269): avc: denied { open } for pid=1369 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=426 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.349232][ T36] audit: type=1400 audit(1750384184.740:270): avc: denied { getattr } for pid=1369 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=426 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.400905][ T36] audit: type=1400 audit(1750384184.920:271): avc: denied { write } for pid=1366 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=425 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.451489][ T36] audit: type=1400 audit(1750384184.920:272): avc: denied { add_name } for pid=1366 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 44.559963][ T1402] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 44.559996][ T1402] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:82 [ 44.572154][ T1402] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 44.587738][ T1406] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:354 [ 44.601105][ T1402] rust_binder: Read failure Err(EFAULT) in pid:82 [ 44.610935][ T1402] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.636888][ T1410] rust_binder: Error while translating object. [ 44.651689][ T1410] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 44.661740][ T1410] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:356 [ 44.671793][ T1410] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.707869][ T1419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:288 [ 44.788332][ T1426] input: syz0 as /devices/virtual/input/input24 [ 44.869290][ T1435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:358 [ 44.970689][ T1448] binder: Binderfs stats mode cannot be changed during a remount [ 45.101643][ T1450] Restarting kernel threads ... done. [ 45.314499][ T1478] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.318137][ T1478] rust_binder: Error while translating object. [ 45.337682][ T1478] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 45.343933][ T1478] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:305 [ 45.432538][ T1486] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.696291][ T1501] SELinux: security_context_str_to_sid () failed with errno=-22 [ 45.808077][ T1514] random: crng reseeded on system resumption [ 45.864236][ T1519] rust_binder: Write failure EFAULT in pid:363 [ 45.865287][ T1521] rust_binder: Write failure EFAULT in pid:363 [ 45.965569][ T1532] rust_binder: Error while translating object. [ 45.971878][ T1532] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 45.980881][ T1532] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:372 [ 46.164735][ T1550] binder: Unknown parameter '' [ 46.267442][ T1557] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.430078][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 46.430117][ T1567] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:382 [ 46.436801][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 46.528240][ T1572] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:378 [ 46.528271][ T1572] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 46.538260][ T1572] rust_binder: Read failure Err(EFAULT) in pid:378 [ 46.649436][ T1581] binder: Bad value for 'max' [ 46.678804][ T1581] rust_binder: Write failure EFAULT in pid:118 [ 46.696715][ T1591] binder: Unknown parameter 'eclabel' [ 46.840596][ T1608] can0: slcan on ttyS3. [ 46.890157][ T1608] rust_binder: Write failure EFAULT in pid:121 [ 47.034226][ T1607] can0 (unregistered): slcan off ttyS3. [ 47.163645][ T1656] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.163733][ T1656] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:355 [ 47.191704][ T1656] rust_binder: Error while translating object. [ 47.202092][ T1656] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 47.208765][ T1656] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:355 [ 47.222697][ T1666] rust_binder: Error while translating object. [ 47.241966][ T1666] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 47.248787][ T1666] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:411 [ 47.348426][ T1688] SELinux: security_context_str_to_sid () failed with errno=-22 [ 47.453845][ T1696] binder: Bad value for 'stats' [ 47.574349][ T1709] input: syz1 as /devices/virtual/input/input28 [ 47.586446][ T1709] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 47.586478][ T1709] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:421 [ 47.708447][ T1715] binder: Binderfs stats mode cannot be changed during a remount [ 47.869392][ T1723] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:367 [ 47.900305][ T1729] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 47.938741][ T1732] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.938956][ T1732] rust_binder: Write failure EINVAL in pid:369 [ 47.950426][ T1735] random: crng reseeded on system resumption [ 47.982334][ T1736] input: syz1 as /devices/virtual/input/input30 [ 48.355484][ T1761] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 48.363430][ T1762] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 48.435898][ T1767] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:450 [ 48.435938][ T1767] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 48.445284][ T1767] rust_binder: Read failure Err(EFAULT) in pid:450 [ 48.453415][ T505] Bluetooth: hci0: command 0x1003 tx timeout [ 48.453426][ T504] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 48.772119][ T1779] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 48.833476][ T1797] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.273212][ T1829] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.290568][ T1829] rust_binder: Error in use_page_slow: ESRCH [ 49.290589][ T1829] rust_binder: use_range failure ESRCH [ 49.296769][ T1829] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 49.302290][ T1829] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 49.310416][ T1829] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:471 [ 49.392358][ T36] kauditd_printk_skb: 20 callbacks suppressed [ 49.392378][ T36] audit: type=1404 audit(1750384189.910:293): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 49.429604][ T36] audit: type=1400 audit(1750384189.950:294): avc: denied { read write } for pid=294 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 49.454879][ T36] audit: type=1400 audit(1750384189.960:295): avc: denied { read append } for pid=1840 comm="syz.2.446" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=0 [ 49.484608][ T1845] audit: audit_backlog=65 > audit_backlog_limit=64 [ 49.485759][ T977] audit: audit_backlog=65 > audit_backlog_limit=64 [ 49.501603][ T1847] audit: audit_backlog=65 > audit_backlog_limit=64 [ 49.501867][ T1845] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 49.508294][ T977] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 49.523898][ T1845] audit: backlog limit exceeded [ 49.528824][ T1845] audit: audit_backlog=65 > audit_backlog_limit=64 [ 49.618311][ T1859] cgroup: fork rejected by pids controller in /syz4 [ 49.783323][ T46] bridge_slave_1: left allmulticast mode [ 49.789095][ T46] bridge_slave_1: left promiscuous mode [ 49.796789][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.809014][ T46] bridge_slave_0: left allmulticast mode [ 49.824177][ T46] bridge_slave_0: left promiscuous mode [ 49.829866][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.908356][ T1992] syz.3.468: attempt to access beyond end of device [ 49.908356][ T1992] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 50.064024][ T46] veth1_macvtap: left promiscuous mode [ 50.069702][ T46] veth0_vlan: left promiscuous mode [ 54.932099][ T36] kauditd_printk_skb: 211 callbacks suppressed [ 54.932118][ T36] audit: type=1400 audit(1750384195.450:499): avc: denied { execmem } for pid=2057 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 54.966580][ T36] audit: type=1400 audit(1750384195.460:500): avc: denied { read } for pid=2059 comm="syz.3.490" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 54.989163][ T36] audit: type=1400 audit(1750384195.460:501): avc: denied { read } for pid=2059 comm="syz.3.490" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 55.011647][ T36] audit: type=1400 audit(1750384195.460:502): avc: denied { read append } for pid=2059 comm="syz.3.490" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 55.034752][ T36] audit: type=1400 audit(1750384195.460:503): avc: denied { read } for pid=2059 comm="syz.3.490" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 55.057234][ T36] audit: type=1400 audit(1750384195.460:504): avc: denied { read } for pid=2059 comm="syz.3.490" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 55.079691][ T36] audit: type=1400 audit(1750384195.470:505): avc: denied { read write } for pid=295 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 55.103664][ T36] audit: type=1400 audit(1750384195.490:506): avc: denied { write } for pid=2058 comm="syz.0.488" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 55.125297][ T36] audit: type=1400 audit(1750384195.490:507): avc: denied { read } for pid=2058 comm="syz.0.488" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=0 [ 55.147745][ T36] audit: type=1400 audit(1750384195.490:508): avc: denied { read write } for pid=2058 comm="syz.0.488" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=0 [ 56.050334][ T2069] binfmt_misc: register: failed to install interpreter file ./file0 [ 59.986008][ T36] kauditd_printk_skb: 36 callbacks suppressed [ 59.986027][ T36] audit: type=1400 audit(1750384200.510:545): avc: denied { execmem } for pid=2095 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 60.012745][ T2100] audit: audit_backlog=65 > audit_backlog_limit=64 [ 60.016270][ T36] audit: type=1400 audit(1750384200.510:546): avc: denied { read } for pid=2096 comm="syz.0.500" name="binder0" dev="binder" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 60.023036][ T2102] audit: audit_backlog=65 > audit_backlog_limit=64 [ 60.042358][ T36] audit: type=1400 audit(1750384200.510:547): avc: denied { read } for pid=2096 comm="syz.0.500" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 60.052203][ T2103] tun0: tun_chr_ioctl cmd 1074025675 [ 60.071136][ T36] audit: type=1400 audit(1750384200.520:548): avc: denied { read } for pid=2098 comm="syz.2.501" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 60.077395][ T2100] audit: audit_lost=6 audit_rate_limit=0 audit_backlog_limit=64 [ 60.098897][ T36] audit: type=1400 audit(1750384200.520:549): avc: denied { read } for pid=2098 comm="syz.2.501" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 60.107102][ T2102] audit: audit_lost=7 audit_rate_limit=0 audit_backlog_limit=64 [ 60.129132][ T36] audit: type=1400 audit(1750384200.520:550): avc: denied { read } for pid=2098 comm="syz.2.501" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 60.137043][ T2103] tun0: persist enabled [ 65.023652][ T36] kauditd_printk_skb: 112 callbacks suppressed [ 65.023672][ T36] audit: type=1400 audit(1750384205.550:661): avc: denied { read write } for pid=294 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 66.659025][ T36] audit: type=1400 audit(1750384207.180:662): avc: denied { execmem } for pid=2135 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 66.698306][ T36] audit: type=1400 audit(1750384207.190:663): avc: denied { read } for pid=2136 comm="syz.0.513" name="binder1" dev="binder" ino=28 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 66.720925][ T36] audit: type=1400 audit(1750384207.190:664): avc: denied { write } for pid=2136 comm="syz.0.513" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 66.743826][ T36] audit: type=1400 audit(1750384207.190:665): avc: denied { remount } for pid=2137 comm="syz.2.514" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=0 [ 66.763753][ T36] audit: type=1400 audit(1750384207.190:666): avc: denied { read } for pid=2136 comm="syz.0.513" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 66.786191][ T36] audit: type=1400 audit(1750384207.190:667): avc: denied { read } for pid=2136 comm="syz.0.513" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 66.808697][ T36] audit: type=1400 audit(1750384207.200:668): avc: denied { read write } for pid=289 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 66.832624][ T36] audit: type=1400 audit(1750384207.200:669): avc: denied { read } for pid=2138 comm="syz.3.515" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 66.855060][ T36] audit: type=1400 audit(1750384207.210:670): avc: denied { read } for pid=2143 comm="syz.0.516" name="binder1" dev="binder" ino=28 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 70.599486][ T36] kauditd_printk_skb: 15 callbacks suppressed [ 70.599506][ T36] audit: type=1400 audit(1750384211.120:686): avc: denied { execmem } for pid=2156 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 70.629365][ T36] audit: type=1400 audit(1750384211.130:687): avc: denied { read } for pid=2158 comm="syz.0.520" name="vsock" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 70.723532][ T36] audit: type=1400 audit(1750384211.130:688): avc: denied { read write } for pid=2158 comm="syz.0.520" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=0 [ 70.792651][ T36] audit: type=1400 audit(1750384211.140:689): avc: denied { read write } for pid=289 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 70.822677][ T36] audit: type=1400 audit(1750384211.150:690): avc: denied { read write } for pid=2162 comm="syz.0.523" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=0 [ 70.846561][ T36] audit: type=1400 audit(1750384211.150:691): avc: denied { write } for pid=282 comm="syz-executor" path="pipe:[2897]" dev="pipefs" ino=2897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 70.869612][ T36] audit: type=1400 audit(1750384211.150:692): avc: denied { write } for pid=282 comm="syz-executor" path="pipe:[2897]" dev="pipefs" ino=2897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 70.892601][ T36] audit: type=1400 audit(1750384211.150:693): avc: denied { write } for pid=282 comm="syz-executor" path="pipe:[2897]" dev="pipefs" ino=2897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 70.915624][ T36] audit: type=1400 audit(1750384211.150:694): avc: denied { write } for pid=282 comm="syz-executor" path="pipe:[2897]" dev="pipefs" ino=2897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 70.938858][ T36] audit: type=1400 audit(1750384211.150:695): avc: denied { write } for pid=282 comm="syz-executor" path="pipe:[2897]" dev="pipefs" ino=2897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 71.115162][ T13] bridge_slave_1: left allmulticast mode [ 71.120830][ T13] bridge_slave_1: left promiscuous mode [ 71.126507][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.134111][ T13] bridge_slave_0: left allmulticast mode [ 71.139755][ T13] bridge_slave_0: left promiscuous mode [ 71.145523][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.373645][ T13] veth1_macvtap: left promiscuous mode [ 71.379178][ T13] veth0_vlan: left promiscuous mode [ 72.243740][ T13] bridge_slave_1: left allmulticast mode [ 72.249419][ T13] bridge_slave_1: left promiscuous mode [ 72.255099][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.262677][ T13] bridge_slave_0: left allmulticast mode [ 72.268316][ T13] bridge_slave_0: left promiscuous mode [ 72.274012][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.281685][ T13] bridge_slave_1: left allmulticast mode [ 72.287403][ T13] bridge_slave_1: left promiscuous mode [ 72.293048][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.300485][ T13] bridge_slave_0: left allmulticast mode [ 72.306275][ T13] bridge_slave_0: left promiscuous mode [ 72.311985][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.683905][ T13] veth1_macvtap: left promiscuous mode [ 72.689439][ T13] veth0_vlan: left promiscuous mode [ 72.695056][ T13] veth1_macvtap: left promiscuous mode [ 72.700561][ T13] veth0_vlan: left promiscuous mode