last executing test programs: 3.320427819s ago: executing program 3 (id=333): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) read$FUSE(r1, &(0x7f0000001cc0)={0x2020}, 0x2020) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x482401, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4d, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0}) 3.319790329s ago: executing program 3 (id=334): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x43cb, 0xad5, &(0x7f00000002c0), &(0x7f0000000340)="b7eb6c", 0x0, 0x3}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xaece, 0x2) read(r3, &(0x7f0000000040)=""/8, 0x8) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) close(r4) (async) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) (async) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) (async) ioctl$SNDRV_TIMER_IOCTL_STOP(r4, 0x54a1) (async, rerun: 32) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (rerun: 32) ioctl$KVM_GET_PIT(r5, 0xc048ae65, &(0x7f0000000080)) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]}) (async, rerun: 32) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x183442, 0x0) (rerun: 32) ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000100)) write$ppp(r7, &(0x7f00000003c0)='\x00!', 0x100000) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000002c0)={[0x3, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x80000000, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41911}) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$PTP_EXTTS_REQUEST2(r9, 0x40603d07, 0x0) (async) ioctl$TCSBRK(r8, 0x5409, 0xfd) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 1.654165245s ago: executing program 3 (id=362): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_MCE_KILL(0x48, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0x8008ae9d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@weak_handle={0x77682a85, 0x1001, 0x3}, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) 1.649700455s ago: executing program 3 (id=363): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x100000, 0x1, 0x202, 0x0, 0x0, [{0x0, 0x3, 0x4, '\x00', 0x6}, {0x5, 0xfc, 0xc0}, {0x2, 0xec, 0x8, '\x00', 0x6}, {0xf7, 0xbb, 0x0, '\x00', 0xff}, {0xf, 0x5, 0x9}, {0xff, 0x5, 0x3b, '\x00', 0x7e}, {0x60, 0xc7, 0xaa, '\x00', 0x6}, {0x4, 0x0, 0xe9, '\x00', 0x8}, {0x85, 0x1, 0x4, '\x00', 0xff}, {0xfc, 0xf8, 0x8, '\x00', 0x2}, {0x7, 0xf, 0x7, '\x00', 0x3}, {0x6, 0x7, 0xea, '\x00', 0x99}, {0x2, 0x0, 0x7, '\x00', 0x2}, {0x4, 0x8, 0x1, '\x00', 0x5}, {0x6a, 0x9, 0x0, '\x00', 0x7f}, {0x8, 0x8, 0x8, '\x00', 0x5}, {0xb, 0x41, 0xf, '\x00', 0x7}, {0x0, 0xfd, 0xff, '\x00', 0x3}, {0x0, 0x3, 0xf, '\x00', 0x7}, {0x5, 0x81, 0x6, '\x00', 0x1}, {0x7f, 0x7, 0x9, '\x00', 0x5}, {0xfe, 0x7, 0xe6, '\x00', 0x8}, {0x7, 0x5, 0x5, '\x00', 0x6}, {0xb, 0x5, 0x7f, '\x00', 0x7}]}}) (async) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x100000, 0x1, 0x202, 0x0, 0x0, [{0x0, 0x3, 0x4, '\x00', 0x6}, {0x5, 0xfc, 0xc0}, {0x2, 0xec, 0x8, '\x00', 0x6}, {0xf7, 0xbb, 0x0, '\x00', 0xff}, {0xf, 0x5, 0x9}, {0xff, 0x5, 0x3b, '\x00', 0x7e}, {0x60, 0xc7, 0xaa, '\x00', 0x6}, {0x4, 0x0, 0xe9, '\x00', 0x8}, {0x85, 0x1, 0x4, '\x00', 0xff}, {0xfc, 0xf8, 0x8, '\x00', 0x2}, {0x7, 0xf, 0x7, '\x00', 0x3}, {0x6, 0x7, 0xea, '\x00', 0x99}, {0x2, 0x0, 0x7, '\x00', 0x2}, {0x4, 0x8, 0x1, '\x00', 0x5}, {0x6a, 0x9, 0x0, '\x00', 0x7f}, {0x8, 0x8, 0x8, '\x00', 0x5}, {0xb, 0x41, 0xf, '\x00', 0x7}, {0x0, 0xfd, 0xff, '\x00', 0x3}, {0x0, 0x3, 0xf, '\x00', 0x7}, {0x5, 0x81, 0x6, '\x00', 0x1}, {0x7f, 0x7, 0x9, '\x00', 0x5}, {0xfe, 0x7, 0xe6, '\x00', 0x8}, {0x7, 0x5, 0x5, '\x00', 0x6}, {0xb, 0x5, 0x7f, '\x00', 0x7}]}}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x8, 0xc4c}) (async) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x8, 0xc4c}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000440), 0x80, 0x0) (async) openat$bsg(0xffffffffffffff9c, &(0x7f0000000440), 0x80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=[@exit_looper], 0x0, 0x0, 0x0}) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) 1.432326238s ago: executing program 3 (id=366): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009f000040"]) (async) close(0x5) close(r2) (async) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r4, 0x41007701, &(0x7f0000000100)='/d7dh\x80\xa43{\xeb\xa8\x00\xfcev/ashme\xe8m\x00') mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x24900, 0x0) 1.389679939s ago: executing program 3 (id=367): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/slabinfo\x00', 0x0, 0x0) (async) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/slabinfo\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) (async) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x566afa30a48730) ioctl$TCFLSH(r1, 0x400455c8, 0x4) (async) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f0000000600)={0x0, 0xa2, 0x7, 0x1}) ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000000a00)={0x0, "0e9409c9afa2f56ad3065629eaae36cc"}) ioctl$BTRFS_IOC_DEV_INFO(r4, 0xd000941e, &(0x7f0000001a00)={0x0, "1206b96518bccd7a9a2fc7c8fb9b3cf4"}) ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000002a00)={0x15, 0x4, {0xffffffffffffff01, @usage=0x100, r5, 0x706, 0x0, 0x71, 0x7, 0x7fff, 0x0, @struct={0x3, 0x401}, 0x3, 0xffffffff, [0x9, 0x91a, 0x8, 0x7, 0x1, 0x5]}, {0x8000000000000001, @struct={0x2, 0x8}, r6, 0x6, 0x501, 0xff, 0x1000, 0x80000000, 0x50, @usage=0x7aca103f, 0x2, 0x80000000, [0x40, 0x3, 0xc, 0xffff, 0x1, 0x8]}, {0xb6, @struct={0x7b0, 0x46e}, r7, 0x25ea, 0xc9, 0x2, 0x0, 0x3, 0x20, @usage=0x5ec, 0x6, 0x3, [0xeda8, 0x0, 0xffffffffffff5def, 0x27, 0x6, 0x7f]}, {0x8, 0x1, 0x3}}) r8 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) (async) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) ioctl$RTC_IRQP_READ(r8, 0x8008700b, &(0x7f0000000040)) ioctl$TCFLSH(r1, 0x400455c8, 0x1000000004) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) (async) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1101, 0x3}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1101, 0x3}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) syz_clone3(&(0x7f0000000480)={0x300040200, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x9c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x9c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 803.610668ms ago: executing program 0 (id=373): mount$binderfs(0x0, &(0x7f0000000040)='./binderfs2\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)=ANY=[@ANYBLOB="646566636f6e746578743d0300"]) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000001c0), 0x8802, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$vga_arbiter(r2, &(0x7f0000000100)=@other={'lock', ' ', 'none'}, 0xa) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0) ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000540)=0x10001) write$cgroup_int(r0, &(0x7f0000000480)=0x7, 0x12) read$FUSE(r0, &(0x7f00000004c0)={0x2020}, 0x2020) write$cgroup_subtree(r0, &(0x7f0000000080)={[{0x2b, 'freezer'}, {0x2b, 'memory'}, {0x2d, 'perf_event'}, {0x2b, 'blkio'}, {0x2b, 'net_prio'}, {0x2d, 'cpu'}, {0x2d, 'net_prio'}, {0x2d, 'net_cls'}, {0x2b, 'devices'}]}, 0x4f) 752.010799ms ago: executing program 0 (id=375): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) mkdirat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x1ff) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) (async, rerun: 64) r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (rerun: 64) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000080)=0x9) (async) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x7f) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)=0x3) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000000)=0x9}) (async, rerun: 32) write$cgroup_pid(r2, &(0x7f0000000240), 0x12) (async, rerun: 32) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100f}) (async, rerun: 32) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async, rerun: 32) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async, rerun: 64) r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0) (rerun: 64) ioctl$BLKIOOPT(r9, 0x1279, &(0x7f00000002c0)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x84, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @fd={0x66642a85, 0x0, r0}, @flat=@weak_binder={0x77622a85, 0x100}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @acquire_done={0x40106309, 0x3}, @clear_death={0x400c630f, 0x1}, @increfs_done={0x40106308, 0x1}], 0x99, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac25dd16066dc703402a9132a8dd210e45df98d795a638622681df1cb222612051f6129484f372f458e602cf1d642a02da22674787afb3fa24452b2317434db0a252eab4ddf03fb8b6cb180ddb62de8647b040cc801000000844d2e44467c5f2d79721b5889945001225510"}) 592.784401ms ago: executing program 0 (id=378): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000040)) r1 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz2\x00', 0x2, 0x0) write(r1, &(0x7f00000000c0)="b0f040af397306f5229c971d88bbd6f36177a4b3346206e6cf49e8614c1b2b78e060641a1a350db20c38714a22fdcedd295233ad79f660d7638a89291b02b65f0d437babc4a315d51c26af2f24", 0x4d) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000140)) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$binfmt_format(r2, &(0x7f00000001c0)='1\x00', 0x2) write$UHID_CREATE2(r2, &(0x7f0000000200)={0xb, {'syz1\x00', 'syz0\x00', 'syz0\x00', 0x52, 0xdfe0, 0xdd, 0x5440c8d7, 0x4, 0x10001, "6ab62210b6ae5fb03259b2afa31d3e1d0d559fbd181a64a1902481c6a9019c5abc0b47569d7588bc9354203a3a7e23a8537a35241ac87ca94ba6ff5195c8edb273562b37e35add819ceb167fc153e09cc353"}}, 0x16a) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000380)={0x4, 0x5, 0x401, 0x9, 0x16, "ed41fde34b096764b40b45c3bfbe7a6a5ebb61"}) write$binfmt_format(r2, &(0x7f00000003c0)='-1\x00', 0x3) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000400)={[{0x1, 0x89d, 0x2, 0x8, 0x5, 0x10, 0x5, 0x0, 0x3, 0x9, 0x5, 0xe, 0x11d2}, {0x9, 0x6, 0x2, 0x6, 0xbd, 0x1, 0x1, 0x1, 0x9, 0xfe, 0x21, 0x5, 0xb}, {0x1, 0x6, 0xe, 0x9, 0x9, 0x7, 0x56, 0x6, 0x0, 0x1, 0x1, 0x1, 0x2}], 0x6}) close(r2) ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000480)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$AUTOFS_IOC_PROTOVER(r2, 0x80049363, &(0x7f00000004c0)) ioctl$TIOCNXCL(r0, 0x540d) write$UHID_CREATE2(r2, &(0x7f0000000500)={0xb, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0xf, 0x3ff, 0xc3ba, 0x10000, 0x2, 0x835a, "a820016e6bf649f30ba2f1f4109e84"}}, 0x127) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000640)={0x3896, 0x10, 0x3, 0x7f, 0x15, "179fdff470b15f1a5341455a6cf8fd6f604cf5"}) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000680)=""/138) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000740), 0x10080, 0x0) ioctl$PIO_UNIMAPCLR(r3, 0x4b68, &(0x7f0000000780)={0x8, 0x6}) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000007c0)={0x7ff, 0x8, 0x0, 0x1, 0x9, 0x1}) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0xffffffff, 0x8, 0x3, 0xfffffff7, 0x11, "ca0f9c8c43ad5089b526b7b6192f4b9ff298f8"}) ioctl$TCSBRK(r3, 0x5409, 0xe7cb) ioctl$SNDRV_TIMER_IOCTL_CREATE(r2, 0xc02054a5, &(0x7f0000000840)={0x3ff, r2, 'id1\x00'}) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000000, 0x10, r2, 0xec763000) ioctl$RNDADDTOENTCNT(r4, 0x40045201, &(0x7f00000008c0)=0x2) 592.254021ms ago: executing program 0 (id=379): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000140)=0x6) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x51, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7"}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f0000000100)={0x0, 0x9a07}) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r8, 0x4038ae7a, &(0x7f0000000200)={0x2, 0x922, &(0x7f0000000300)="8f81adcac03da777ff896eaa8c54c8c234b084bf2e64592a6c336dfe9e388a45f5cd35faf68c907f24c9b578f2720d27a3d9a25d121cb8e066e75b8821aedfab1fd81cee658befe4c5a0547ca7c397263ad6e4c3930941460313f7b65055b768f57dde2f5f8040274338c04fa3d915a891bbbc768a4bc52ec7ca486608efacea19d3df", &(0x7f0000000180)="f40ac77891708641bbab304c2079f02bbece653f0081", 0x83, 0x16}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) syz_clone3(&(0x7f0000000280)={0xe301a500, 0x0, 0x0, 0x0, {0x3c}, 0x0, 0x0, 0x0, 0x0}, 0x58) 429.530264ms ago: executing program 2 (id=384): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x12) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom0\x00', 0x6, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, 0x0) 416.349714ms ago: executing program 2 (id=385): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008c02"]) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000040)) read(0xffffffffffffffff, 0x0, 0x5b) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) mmap(&(0x7f00007d4000/0xd000)=nil, 0xd000, 0x2000006, 0x13, 0xffffffffffffffff, 0x25fea000) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r7, 0x8ae9b000) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r7, 0x0) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f00000008c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f0000000000)=0x1) syz_clone(0x44200400, 0x0, 0x0, 0x0, 0x0, 0x0) write$UHID_CREATE(r0, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000140)=""/197, 0xc5, 0x0, 0x6, 0x6, 0x9, 0x6}}, 0x120) 284.862226ms ago: executing program 1 (id=387): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_XSAVE2(r4, 0x9000aecf, &(0x7f0000ffa000/0x4000)=nil) (async, rerun: 32) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (rerun: 32) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x802, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) 261.652376ms ago: executing program 2 (id=388): r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000480)='./binderfs/binder-control\x00', 0x2, 0x0) r1 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0) ioctl$BINDER_CTL_ADD(r1, 0xc1086201, &(0x7f0000000040)={'custom1\x00'}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x32, 0xffffffffffffffff, 0x2ec37000) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0xc0010015, 0x0, 0x8c2}]}) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x84}, {0x6}]}) (async) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000040)=0x93f) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) (async) r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) close(0x3) (async) ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000180)={'binder1\x00'}) 250.000927ms ago: executing program 2 (id=389): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000480)={0x5, &(0x7f00000004c0)=[{}, {0x20}, {}, {}, {0x6}]}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @flat=@binder={0x73622a85, 0x3000, 0x2}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f00000003c0)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000140)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x2}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000080)={0x0, 0x28, 0x40}}}], 0x9d, 0x0, &(0x7f0000000440)="86a26c9da618d909bce30b7cf1cd8e3cd67bebed2f51f050b192202dc79a841f2307e8a18d200c24f92523c2e73cd5d0392854de671d87310511c3173d65868163dae6dca81ce9330e7f8083114ca0336d334fce1f60203ec29a53e0f3109b5f95a1f5a20b1ee8f1d39b9660a40c44c98093ce8a73170e7bde42b3d6635738d31f142a3cc29ae231a13c3312602d24a87dd2633985828593c874478e39"}) 189.040097ms ago: executing program 1 (id=390): mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f00000021c0)={[], [{@context={'context', 0x3d, 'system_u'}}]}) r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000001, 0x10, r0, 0x7835f000) 184.272897ms ago: executing program 1 (id=391): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0xc4000, 0x0) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000180)={0x3, &(0x7f0000000280)=[{0x200, 0x6, 0x4, 0x40}, {0x2c, 0x1, 0xf, 0x8}, {0xb5, 0x5, 0x2, 0x9f}]}) (async) r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000003c0), 0x1a000, 0x0) mkdirat(r1, &(0x7f0000000940)='./file0\x00', 0x15) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x161000, 0x0) (async) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001800), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}}) (async, rerun: 64) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r3, 0x80585414, &(0x7f0000000380)) (rerun: 64) r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d) (async) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r6 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000ff"]) (async) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff8f04"]) (async) openat$cgroup_ro(r4, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) (async, rerun: 32) ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000240)={0xffffff4c, 0x2, 0x0, 0x0, 0x0, 0x0}) (rerun: 32) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x13, r11, 0xb3d68000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) (async) syz_clone3(&(0x7f0000001ac0)={0x322004100, 0x0, 0x0, 0x0, {0xc}, 0x0, 0x0, 0x0, 0x0}, 0x58) read(r2, &(0x7f0000000040)=""/106, 0x6a) (async) openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000200)=@x86={0x8, 0x6, 0x4, 0x0, 0x0, 0x0, 0xe, 0x8, 0x4, 0x8, 0x6, 0x3, 0x0, 0x3, 0xe202, 0x82, 0x40, 0x9e, 0x3, '\x00', 0x1, 0xe12}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) 181.020477ms ago: executing program 2 (id=392): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000005c0)=ANY=[@ANYRES8=r0]) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(r1, 0xc0603d0f, &(0x7f0000000040)={{0x0, 0x20}}) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_async', 0x1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3}) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x2, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x100000000000004, 0x10000, 0x100, 0x9004, 0x0, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x5, 0x0, 0x9, 0x8, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x4, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x200000000004, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x5c3e, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x7, 0x4, 0x8000000000000001, 0x200000000000101, 0x5, 0x5, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0xc, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x2, 0x4, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x6, 0xab6, 0x0, 0x7fffffff, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x400000000008061d, 0x3, 0x8, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x8, 0x2293332f, 0x6, 0x7, 0x0, 0xd, 0x2, 0x5, 0x2, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f100, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2], 0x8080000, 0x1144}) ioctl$KVM_RUN(r6, 0xae80, 0x0) write$cgroup_pid(r3, &(0x7f00000004c0)=0xffffffffffffffff, 0x12) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x60) ioctl$TCXONC(r2, 0x540a, 0x0) ioctl$TCXONC(r2, 0x540a, 0x1) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) ioctl$BLKBSZSET(r8, 0x40081271, &(0x7f0000000080)=0x7fd) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x111800, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000580)=0x20003) ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="0400000000000000010000000400000001000000000000000008000000040000000000000000000000000000000000000000000000000000410000000400000000000000000000fe8100000008000000000000000000000000000000000000000000000000000000020000000200000000000000000000008100000002000000000000000000000000000000000000000000000000000000f9ffffff0500000001000000000000000104000000000000060000000000000002000000000000000000000000040000"]) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xdddd0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]}) ioctl$ASHMEM_GET_PROT_MASK(r3, 0x7706, &(0x7f00000010c0)) 144.412688ms ago: executing program 0 (id=393): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xc0000, 0x0) (async) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xc0000, 0x0) read$FUSE(r2, &(0x7f0000000540)={0x2020}, 0x2020) close(r2) openat$cgroup_ro(r2, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) (async) r3 = openat$cgroup_ro(r2, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r3) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x46000, 0x0) (async) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x46000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x4, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110c23003f) write$cgroup_devices(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="c0215c4543d5ade6c5c87508b1f794c2ea552f80238a6db1dc9420e616498974b30a29c2d4bcc7ad1f9c54079aacb1d558ddf2855d06dfd6c9df5092d3390e941e234bd1547d7fb4efd38fc5afae304d28acd2dbab49e9ed0c5d2d806914e05d769178c798bf7622c82cd730f760594a603f2cf4a6223f96cbb7127a8a1f8a177c7acf9700ca0c00008ecdcc8350d0579b9b5b0d79afe9a3e4"], 0x5) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x100000002) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000002600)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80`4/\xe9\x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\x16\\n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x04;\xc5[\nja\xb9\'\xc9#\xfcx\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00B\x05\xd4\xea\xea\x7f=\xc6:\\N\xc3\xb7Vw\xc6\x9c\x96s\xaaHL\x96\xc72\n\x18Ynj\xceTS\xfbl\x0f\x9f8M\f\x89\xa1\xd2Hs`\x8bp\x8a\xc4%\xf8\x1d3\nV\x9a\xaf\x1f\xf96^\x93\xc1\xaf)\rg\x86\xd6\xea\xa9\x0f\x9a\xf1V\x1b\xbf\x8b\'-\xab\x8e\t7\xd3\xf7\xa9v\xfbY\xe6\x9b^d\x8c\xb1\xdd') (async) ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000002600)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80`4/\xe9\x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\x16\\n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x04;\xc5[\nja\xb9\'\xc9#\xfcx\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00B\x05\xd4\xea\xea\x7f=\xc6:\\N\xc3\xb7Vw\xc6\x9c\x96s\xaaHL\x96\xc72\n\x18Ynj\xceTS\xfbl\x0f\x9f8M\f\x89\xa1\xd2Hs`\x8bp\x8a\xc4%\xf8\x1d3\nV\x9a\xaf\x1f\xf96^\x93\xc1\xaf)\rg\x86\xd6\xea\xa9\x0f\x9a\xf1V\x1b\xbf\x8b\'-\xab\x8e\t7\xd3\xf7\xa9v\xfbY\xe6\x9b^d\x8c\xb1\xdd') ioctl$ASHMEM_SET_NAME(r1, 0x40087707, &(0x7f0000000300)='\x00\x00\x00\x06\x00\x00\x03\x00\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00') (async) ioctl$ASHMEM_SET_NAME(r1, 0x40087707, &(0x7f0000000300)='\x00\x00\x00\x06\x00\x00\x03\x00\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00') 92.619009ms ago: executing program 1 (id=394): r0 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RNDADDENTROPY(r2, 0x5206, 0x0) mmap(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0xdce30000) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x0, 0x3, 0x1, 0x0, 0xde, 0xff, 0x7, 0x2, 0x6, 0x6, 0x6, 0x624}, {0x9, 0x2, 0x9, 0x9, 0x5, 0xf, 0x6, 0x2, 0x1, 0x5, 0x2, 0x6, 0x4}, {0x200005, 0x4, 0x8, 0x5, 0x4, 0x1e, 0x0, 0x80, 0xff, 0x0, 0x2, 0x4, 0x2}]}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x3, 0x4, 0x80a0000, 0x2000, &(0x7f0000ff8000/0x2000)=nil}) (async, rerun: 64) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x80c084, &(0x7f0000000240)=ANY=[]) (async, rerun: 64) ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f0000000180)={0xd5, 0x0, 0x1}) 84.073429ms ago: executing program 1 (id=395): mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x120020, &(0x7f0000000000)=ANY=[@ANYBLOB='defcontext', @ANYRESOCT]) ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x9361, 0x7ff) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 76.462199ms ago: executing program 0 (id=396): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz2\x00', 0x2, 0x0) read(r1, 0x0, 0x0) (async) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r3, 0x0) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000040)) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0xd1383000) prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x0, 0x0) (async) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000007, 0x80010, r2, 0x0) (async) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r2, 0x0) 811.38µs ago: executing program 1 (id=397): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={[{0x84, 0x5, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1}]}) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x3, 0x800000, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x6, 0x2, 0x5, 0x6, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x341840}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x400c6314}], 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=398): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x100, 0x2}) (async) openat$incfs(0xffffffffffffff9c, 0x0, 0x14040, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async, rerun: 32) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 32) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$KVM_CAP_MAX_VCPU_ID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x80, 0x0, 0x8c8ddd2}) (rerun: 64) write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x12fe) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async, rerun: 32) mmap$binder(&(0x7f00000c0000)=nil, 0x0, 0x1, 0x11, r2, 0x80000000) (async, rerun: 32) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0) (async) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080), 0x80800, 0x0) close(r3) (async, rerun: 32) prctl$PR_SET_NAME(0xf, &(0x7f0000000040)='-:\x9d#)\x00') (async, rerun: 32) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc9a, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0xfffffffffffffce6}}, 0x10}], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.150' (ED25519) to the list of known hosts. [ 22.922844][ T36] audit: type=1400 audit(1750363687.909:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.924011][ T281] cgroup: Unknown subsys name 'net' [ 22.948063][ T36] audit: type=1400 audit(1750363687.909:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.980245][ T36] audit: type=1400 audit(1750363687.949:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.980464][ T281] cgroup: Unknown subsys name 'devices' [ 23.171169][ T281] cgroup: Unknown subsys name 'hugetlb' [ 23.177261][ T281] cgroup: Unknown subsys name 'rlimit' [ 23.267615][ T36] audit: type=1400 audit(1750363688.249:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.291420][ T36] audit: type=1400 audit(1750363688.249:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 23.303057][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.316887][ T36] audit: type=1400 audit(1750363688.249:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.349004][ T36] audit: type=1400 audit(1750363688.319:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.370189][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.377471][ T36] audit: type=1400 audit(1750363688.319:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.412404][ T36] audit: type=1400 audit(1750363688.349:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.438817][ T36] audit: type=1400 audit(1750363688.349:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.732289][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.739736][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.746896][ T288] bridge_slave_0: entered allmulticast mode [ 24.753159][ T288] bridge_slave_0: entered promiscuous mode [ 24.759877][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.767098][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.774351][ T288] bridge_slave_1: entered allmulticast mode [ 24.781784][ T288] bridge_slave_1: entered promiscuous mode [ 24.854955][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.862519][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.869925][ T289] bridge_slave_0: entered allmulticast mode [ 24.876165][ T289] bridge_slave_0: entered promiscuous mode [ 24.890958][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.898835][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.906452][ T291] bridge_slave_0: entered allmulticast mode [ 24.912993][ T291] bridge_slave_0: entered promiscuous mode [ 24.920698][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.928105][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.937169][ T289] bridge_slave_1: entered allmulticast mode [ 24.945624][ T289] bridge_slave_1: entered promiscuous mode [ 24.953338][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.960932][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.969857][ T291] bridge_slave_1: entered allmulticast mode [ 24.976377][ T291] bridge_slave_1: entered promiscuous mode [ 25.027448][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.035036][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.042949][ T290] bridge_slave_0: entered allmulticast mode [ 25.049533][ T290] bridge_slave_0: entered promiscuous mode [ 25.063117][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.071784][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.079581][ T290] bridge_slave_1: entered allmulticast mode [ 25.086397][ T290] bridge_slave_1: entered promiscuous mode [ 25.145753][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.153536][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.161280][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.168817][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.241094][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.249421][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.272202][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.279363][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.293994][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.301275][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.340962][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.348441][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.374173][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.382529][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.393743][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.400918][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.411622][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.418695][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.439085][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.446301][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.456937][ T288] veth0_vlan: entered promiscuous mode [ 25.465490][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.473391][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.499396][ T288] veth1_macvtap: entered promiscuous mode [ 25.531794][ T291] veth0_vlan: entered promiscuous mode [ 25.549701][ T290] veth0_vlan: entered promiscuous mode [ 25.560817][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 25.568615][ T291] veth1_macvtap: entered promiscuous mode [ 25.587268][ T289] veth0_vlan: entered promiscuous mode [ 25.594499][ T290] veth1_macvtap: entered promiscuous mode [ 25.620593][ T308] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.647882][ T289] veth1_macvtap: entered promiscuous mode [ 25.774262][ T324] rust_binder: Write failure EINVAL in pid:4 [ 25.806199][ T328] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.814461][ T328] rust_binder: Error while translating object. [ 25.823133][ T328] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.830869][ T328] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:6 [ 25.856062][ T330] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.869382][ T330] rust_binder: Error in use_page_slow: ESRCH [ 25.876280][ T330] rust_binder: use_range failure ESRCH [ 25.882664][ T330] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 25.888495][ T330] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 25.896915][ T330] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:8 [ 25.923969][ T332] binder: Unknown parameter 'fscontext?}' [ 26.020505][ T348] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 26.020532][ T348] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 26.037856][ T348] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:6 [ 26.075081][ T357] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 26.079767][ T359] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 26.084718][ T357] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:8 [ 26.095015][ T359] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:15 [ 26.163972][ T363] rust_binder: Write failure EINVAL in pid:17 [ 26.307495][ T370] rust_binder: Write failure EINVAL in pid:24 [ 26.324123][ T373] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.362686][ T373] rust_binder: Error while translating object. [ 26.375795][ T373] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 26.385047][ T373] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:27 [ 26.412193][ T390] rust_binder: Write failure EFAULT in pid:14 [ 26.443739][ T394] rust_binder: Write failure EINVAL in pid:32 [ 26.477220][ T400] ======================================================= [ 26.477220][ T400] WARNING: The mand mount option has been deprecated and [ 26.477220][ T400] and is ignored by this kernel. Remove the mand [ 26.477220][ T400] option from the mount to silence this warning. [ 26.477220][ T400] ======================================================= [ 26.627333][ T407] rust_binder: Write failure EFAULT in pid:19 [ 26.671675][ T414] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.686602][ T414] SELinux: security_context_str_to_sid () failed with errno=-22 [ 26.703927][ T414] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:20 [ 26.739960][ T288] cgroup: fork rejected by pids controller in /syz0 [ 26.782336][ T416] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 26.870601][ T59] bridge_slave_1: left allmulticast mode [ 26.878713][ T59] bridge_slave_1: left promiscuous mode [ 26.884614][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.908857][ T59] bridge_slave_0: left allmulticast mode [ 26.915996][ T59] bridge_slave_0: left promiscuous mode [ 26.928873][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.050671][ T426] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 27.111853][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.128352][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.165884][ T428] bridge_slave_0: entered allmulticast mode [ 27.174769][ T437] binder: Unknown parameter '' [ 27.187030][ T428] bridge_slave_0: entered promiscuous mode [ 27.203529][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.212274][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.220469][ T428] bridge_slave_1: entered allmulticast mode [ 27.227081][ T428] bridge_slave_1: entered promiscuous mode [ 27.237809][ T443] Bluetooth: hci0: Frame reassembly failed (-90) [ 27.256646][ T59] veth1_macvtap: left promiscuous mode [ 27.262822][ T304] Bluetooth: hci0: Frame reassembly failed (-84) [ 27.269736][ T59] veth0_vlan: left promiscuous mode [ 27.304048][ T450] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.392254][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.405915][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.413823][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.421155][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.428754][ T455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.472420][ T459] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 27.480113][ T459] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:35 [ 27.494242][ T428] veth0_vlan: entered promiscuous mode [ 27.515755][ T428] veth1_macvtap: entered promiscuous mode [ 27.550873][ T462] rust_binder: Write failure EFAULT in pid:2 [ 27.804663][ T478] SELinux: security_context_str_to_sid () failed with errno=-22 [ 27.990049][ T495] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.990563][ T36] kauditd_printk_skb: 86 callbacks suppressed [ 27.990576][ T36] audit: type=1400 audit(1750363692.979:160): avc: denied { write } for pid=491 comm="syz.2.62" name="binder1" dev="binder" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 28.028010][ T495] rust_binder: Error in use_page_slow: ESRCH [ 28.028030][ T495] rust_binder: use_range failure ESRCH [ 28.035561][ T495] rust_binder: Failed to allocate buffer. len:112, is_oneway:false [ 28.041935][ T495] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 28.052441][ T495] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:63 [ 28.669427][ T36] audit: type=1400 audit(1750363693.659:161): avc: denied { write } for pid=498 comm="syz.0.64" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.682470][ T499] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 28.703569][ T36] audit: type=1400 audit(1750363693.659:162): avc: denied { remove_name } for pid=498 comm="syz.0.64" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.737332][ T36] audit: type=1400 audit(1750363693.659:163): avc: denied { unlink } for pid=498 comm="syz.0.64" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 28.901052][ T36] audit: type=1400 audit(1750363693.889:164): avc: denied { read } for pid=503 comm="syz.0.66" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 28.901061][ T504] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 28.901312][ T505] SELinux: policydb magic number 0xa does not match expected magic number 0xf97cff8c [ 28.935156][ T36] audit: type=1400 audit(1750363693.889:165): avc: denied { load_policy } for pid=503 comm="syz.0.66" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 28.943840][ T505] SELinux: failed to load policy [ 29.000081][ T508] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:47 [ 29.194122][ T36] audit: type=1400 audit(1750363694.179:166): avc: denied { unmount } for pid=428 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 29.225020][ T533] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:40 [ 29.288380][ T493] Bluetooth: hci0: command 0x1003 tx timeout [ 29.288588][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 29.340832][ T36] audit: type=1400 audit(1750363694.329:167): avc: denied { block_suspend } for pid=539 comm="syz.3.78" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 29.452682][ T545] input: syz0 as /devices/virtual/input/input6 [ 29.474428][ T545] binder: Unknown parameter 'soyBLV"/n3i5n0x000000000000000300000000000000000000003' [ 29.487803][ T36] audit: type=1400 audit(1750363694.459:168): avc: denied { remount } for pid=544 comm="syz.1.80" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 29.621486][ T557] binder: Unknown parameter '}Q?9^tOqQx:*zBm EGe@XvGV){cV5m \' [ 29.713665][ T568] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 29.720112][ T36] audit: type=1326 audit(1750363694.709:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=571 comm="syz.0.88" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f605e38e929 code=0x0 [ 29.998462][ T446] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 30.043188][ T591] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 30.124097][ T600] input: syz0 as /devices/virtual/input/input8 [ 30.171280][ T600] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:71 [ 30.199324][ T604] input: syz1 as /devices/virtual/input/input9 [ 30.290676][ T610] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 120, size: 64) [ 30.290699][ T610] rust_binder: Error while translating object. [ 30.303747][ T610] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.312752][ T610] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:73 [ 30.353630][ T615] random: crng reseeded on system resumption [ 30.470832][ T617] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 30.534851][ T624] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.557356][ T624] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.565785][ T624] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.690946][ T633] SELinux: failed to load policy [ 31.087135][ T692] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:101 [ 31.100450][ T692] rust_binder: Error while translating object. [ 31.100480][ T692] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.107126][ T692] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:101 [ 31.117426][ T693] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.184377][ T706] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:93 [ 31.231532][ T704] rust_binder: Write failure EINVAL in pid:111 [ 31.273414][ T717] __vm_enough_memory: pid: 717, comm: syz.0.134, bytes: 281474976845824 not enough memory for the allocation [ 31.481561][ T724] binder: Bad value for 'max' [ 32.056679][ T778] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.059316][ T778] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 32.171055][ T788] SELinux: security_context_str_to_sid () failed with errno=-22 [ 32.198457][ T792] rust_binder: Read failure Err(EAGAIN) in pid:124 [ 32.317963][ T797] rust_binder: Error while translating object. [ 32.325027][ T797] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.332404][ T797] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:128 [ 32.343228][ T798] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.402076][ T806] binder: Bad value for 'defcontext' [ 32.416667][ T806] binder: Unknown parameter '' [ 32.697346][ T816] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:147 [ 32.942844][ T827] rust_binder: Write failure EINVAL in pid:98 [ 32.951260][ T829] rust_binder: Write failure EFAULT in pid:113 [ 32.963063][ T830] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.983409][ T827] rust_binder: Write failure EINVAL in pid:98 [ 32.984333][ T832] can0: slcan on ptm0. [ 33.003245][ T36] kauditd_printk_skb: 16 callbacks suppressed [ 33.003259][ T36] audit: type=1400 audit(1750363697.999:186): avc: denied { read } for pid=147 comm="dhcpcd" name="n15" dev="tmpfs" ino=1568 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.042418][ T36] audit: type=1400 audit(1750363697.999:187): avc: denied { open } for pid=147 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=1568 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.072715][ T36] audit: type=1400 audit(1750363697.999:188): avc: denied { getattr } for pid=147 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=1568 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.110230][ T36] audit: type=1400 audit(1750363698.089:189): avc: denied { map } for pid=841 comm="syz.3.176" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 33.138588][ T832] can0 (unregistered): slcan off ptm0. [ 33.196155][ T853] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 33.196186][ T853] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:127 [ 33.228141][ T36] audit: type=1400 audit(1750363698.209:190): avc: denied { create } for pid=840 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.239875][ T853] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 33.274568][ T36] audit: type=1400 audit(1750363698.219:191): avc: denied { write } for pid=840 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.can0.link" dev="tmpfs" ino=1596 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.298270][ T853] rust_binder: Read failure Err(EFAULT) in pid:127 [ 33.313433][ T36] audit: type=1400 audit(1750363698.219:192): avc: denied { append } for pid=840 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" dev="tmpfs" ino=1596 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.363211][ T36] audit: type=1400 audit(1750363698.309:193): avc: denied { unlink } for pid=864 comm="rm" name="resolv.conf.can0.link" dev="tmpfs" ino=1596 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.543996][ T908] rust_binder: Error while translating object. [ 33.544023][ T908] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 33.550566][ T908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:118 [ 33.582086][ T913] SELinux: truncated policydb string identifier [ 33.607440][ T913] SELinux: failed to load policy [ 33.773891][ T36] audit: type=1400 audit(1750363698.759:194): avc: denied { map } for pid=930 comm="syz.3.196" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 33.813147][ T933] rust_binder: Write failure EFAULT in pid:131 [ 33.839882][ T36] audit: type=1400 audit(1750363698.819:195): avc: denied { setcheckreqprot } for pid=934 comm="syz.1.198" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 33.868470][ T933] rust_binder: Write failure EFAULT in pid:131 [ 33.892876][ T942] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.921920][ T935] rust_binder: Write failure EFAULT in pid:126 [ 33.937804][ T935] rust_binder: Error in use_page_slow: ESRCH [ 33.944774][ T935] rust_binder: use_range failure ESRCH [ 33.952045][ T935] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 33.968440][ T935] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 33.977056][ T935] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:126 [ 34.015498][ T959] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:139 [ 34.110823][ T970] input: syz0 as /devices/virtual/input/input14 [ 34.155221][ T975] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:129 [ 34.155296][ T975] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:129 [ 34.322861][ T986] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 34.340576][ T986] rust_binder: Write failure EINVAL in pid:183 [ 34.343158][ T986] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 34.377197][ T990] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.377286][ T986] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 34.396144][ T986] rust_binder: Write failure EINVAL in pid:183 [ 34.425740][ T996] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:188 [ 34.465529][ T996] rust_binder: Error in use_page_slow: ESRCH [ 34.465558][ T996] rust_binder: use_range failure ESRCH [ 34.472473][ T996] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 34.478611][ T996] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 34.489875][ T996] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:188 [ 34.527538][ T1004] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:159 [ 34.596462][ T1027] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:149 [ 34.680283][ T1028] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:151 [ 34.722764][ T1028] SELinux: failed to load policy [ 34.757668][ T1049] binder: Unknown parameter 'fscontext?}' [ 34.872549][ T1055] rust_binder: Write failure EFAULT in pid:167 [ 34.973965][ T1068] SELinux: security_context_str_to_sid () failed with errno=-22 [ 35.100109][ T1074] rust_binder: Write failure EFAULT in pid:159 [ 35.139406][ T1082] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 35.141000][ T460] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 35.146614][ T1082] rust_binder: Error while translating object. [ 35.190561][ T1082] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.220656][ T1082] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:162 [ 35.246515][ T1084] fido_id[1084]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 35.257264][ T1086] binder: Unknown parameter '' [ 35.337015][ T1097] rust_binder: Write failure EFAULT in pid:167 [ 35.363222][ T1102] SELinux: policydb table sizes (0,0) do not match mine (6,7) [ 35.387100][ T1102] SELinux: failed to load policy [ 35.394432][ T1102] __vm_enough_memory: pid: 1102, comm: syz.1.248, bytes: 281474976845824 not enough memory for the allocation [ 35.508415][ T1111] rust_binder: Write failure EFAULT in pid:178 [ 35.576404][ T1125] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.593359][ T1124] kvm: kvm [1123]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0x3 [ 35.637687][ T1128] binder: Unknown parameter 'tats' [ 35.666300][ T1130] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 35.894364][ T1152] input: syz0 as /devices/virtual/input/input17 [ 35.903687][ T1152] input: failed to attach handler leds to device input17, error: -6 [ 35.945708][ T1154] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 35.946504][ T1159] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.951592][ T1157] PM: Enabling pm_trace changes system date and time during resume. [ 35.951592][ T1157] PM: Correct system time has to be restored manually after resume. [ 36.042084][ T1168] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:235 [ 36.088016][ T1173] rust_binder: Write failure EINVAL in pid:206 [ 36.120479][ T1173] rust_binder: Write failure EINVAL in pid:206 [ 36.134109][ T1175] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 36.148343][ T1175] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:185 [ 36.161548][ T1173] rust_binder: Write failure EINVAL in pid:206 [ 36.239882][ T1184] SELinux: security_context_str_to_sid () failed with errno=-22 [ 36.287620][ T1190] rust_binder: Got transaction with invalid offset. [ 36.287664][ T1190] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.296330][ T1190] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:239 [ 36.332957][ T1195] rust_binder: Error while translating object. [ 36.346411][ T1195] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.357821][ T1195] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:241 [ 36.449778][ T1203] binder: Unknown parameter 'defcontext01777777777777777777777' [ 36.508753][ T1203] binder: Unknown parameter 'dont_appraise' [ 36.519470][ T1203] binder: Unknown parameter 'defcontext01777777777777777777777' [ 36.607322][ T1212] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 36.607348][ T1212] rust_binder: Read failure Err(EFAULT) in pid:207 [ 36.658603][ T1216] rust_binder: Write failure EFAULT in pid:209 [ 36.791014][ T1223] binder: Binderfs stats mode cannot be changed during a remount [ 36.852818][ T1229] SELinux: failed to load policy [ 36.923943][ T1239] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.063322][ T1246] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.078644][ T1246] rust_binder: Write failure EINVAL in pid:235 [ 37.092352][ T1246] rust_binder: Error while translating object. [ 37.103187][ T1246] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 37.110055][ T1246] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:235 [ 37.154199][ T1253] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 37.175704][ T1253] rust_binder: Write failure EINVAL in pid:225 [ 37.184146][ T1255] random: crng reseeded on system resumption [ 37.244326][ T1268] binder: Unknown parameter 'coyBLV"i5ntext' [ 37.251936][ T1269] binder: Unknown parameter 'coyBLV"i5ntext' [ 37.267890][ T1271] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.459181][ T1276] binder: Unknown parameter 'defcontext18446744073709551615' [ 37.598318][ T52] Bluetooth: hci0: command 0x1003 tx timeout [ 37.598312][ T446] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 37.741965][ T1298] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 37.838332][ T1305] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:179 [ 37.873714][ T1312] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 37.894665][ T1312] rust_binder: Write failure EINVAL in pid:261 [ 37.932965][ T1317] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 38.031858][ T1334] rust_binder: Write failure EINVAL in pid:273 [ 38.031940][ T36] kauditd_printk_skb: 8 callbacks suppressed [ 38.031951][ T36] audit: type=1400 audit(1750363703.019:204): avc: denied { append } for pid=1333 comm="syz.2.323" name="binder0" dev="binder" ino=28 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 38.083056][ T1335] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:273 [ 38.083149][ T1334] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 38.095017][ T1334] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:273 [ 38.105129][ T1335] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.174552][ T1351] rust_binder: Write failure EINVAL in pid:200 [ 38.199120][ T36] audit: type=1400 audit(1750363703.189:205): avc: denied { read open } for pid=1352 comm="syz.1.328" path="net:[4026532449]" dev="nsfs" ino=4026532449 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 38.199442][ T1353] binder: Unknown parameter '/dev/net/tun' [ 38.205880][ T36] audit: type=1400 audit(1750363703.189:206): avc: denied { ioctl } for pid=1352 comm="syz.1.328" path="net:[4026532449]" dev="nsfs" ino=4026532449 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 38.345930][ T1356] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.381622][ T1357] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 38.397248][ T1357] SELinux: failed to load policy [ 38.428444][ T1357] binder: Unknown parameter '/dev/kvm' [ 38.590822][ T1375] rust_binder: Write failure EFAULT in pid:243 [ 38.594666][ T1375] geneve1: tun_chr_ioctl cmd 1074025672 [ 38.606818][ T1375] geneve1: ignored: set checksum enabled [ 38.617168][ T1375] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:243 [ 38.860177][ T1391] rust_binder: Read failure Err(EAGAIN) in pid:247 [ 39.005843][ T1394] rust_binder: Error while translating object. [ 39.012471][ T1394] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 39.022720][ T1394] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:298 [ 39.052252][ T36] audit: type=1326 audit(1750363704.039:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1395 comm="syz.2.343" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fceadd8e929 code=0x0 [ 39.101626][ T1398] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.102032][ T36] audit: type=1400 audit(1750363704.089:208): avc: denied { read write } for pid=1397 comm="syz.1.344" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 39.102236][ T1398] rust_binder: Write failure EINVAL in pid:249 [ 39.110028][ T36] audit: type=1400 audit(1750363704.089:209): avc: denied { open } for pid=1397 comm="syz.1.344" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 39.230000][ T1401] binder: Unknown parameter 'nXI' [ 39.319299][ T1404] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.319327][ T1404] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.387397][ T1411] binder: Unknown parameter 'nXI' [ 39.412505][ T1411] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 39.524320][ T1414] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.529138][ T1414] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 39.566602][ T1414] rust_binder: Write failure EINVAL in pid:264 [ 39.691564][ T1416] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.747875][ T1423] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.784468][ T1423] rust_binder: Write failure EINVAL in pid:273 [ 39.791621][ T1427] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:266 [ 39.845662][ T1432] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.855594][ T1433] SELinux: security_context_str_to_sid () failed with errno=-22 [ 39.871752][ T1432] rust_binder: Error in use_page_slow: ESRCH [ 39.871771][ T1432] rust_binder: use_range failure ESRCH [ 39.877890][ T1432] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 39.890201][ T1432] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 39.904903][ T1437] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.905394][ T36] audit: type=1400 audit(1750363704.889:210): avc: denied { relabelfrom } for pid=1434 comm="syz.2.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 39.914712][ T1432] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:276 [ 39.942716][ T36] audit: type=1400 audit(1750363704.889:211): avc: denied { relabelto } for pid=1434 comm="syz.2.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 39.944622][ T1438] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.952163][ T36] audit: type=1326 audit(1750363704.939:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1436 comm="syz.0.358" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f605e38e929 code=0x0 [ 40.031473][ T1450] rust_binder: Error while translating object. [ 40.031498][ T1450] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 40.048103][ T1447] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 40.070850][ T1450] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:215 [ 40.111239][ T1453] kvm: apic: phys broadcast and lowest prio [ 40.140580][ T1457] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 40.140606][ T1457] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:305 [ 40.164203][ T1457] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.174147][ T1457] rust_binder: Write failure EINVAL in pid:305 [ 40.250482][ T1459] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 40.257014][ T1459] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:289 [ 40.346192][ T434] Bluetooth: hci0: Frame reassembly failed (-84) [ 40.346274][ T36] audit: type=1400 audit(1750363705.329:213): avc: denied { append } for pid=1463 comm="syz.3.367" name="pfkey" dev="proc" ino=4026532620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 40.355806][ T304] Bluetooth: hci0: Frame reassembly failed (-84) [ 40.369540][ T1465] rust_binder: Write failure EINVAL in pid:223 [ 40.403374][ T1464] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 40.409769][ T1464] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 40.417967][ T1464] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:223 [ 40.781461][ T1477] binder: Unknown parameter 'Vontext' [ 41.003921][ T1498] rust_binder: Write failure EFAULT in pid:308 [ 41.071538][ T1500] input: syz1 as /devices/virtual/input/input84 [ 41.181138][ T1508] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.181346][ T1508] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:312 [ 41.188113][ T1508] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 41.197377][ T1508] rust_binder: Read failure Err(EFAULT) in pid:312 [ 41.214846][ T1508] rust_binder: Error while translating object. [ 41.222024][ T1508] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 41.228560][ T1508] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:312 [ 41.320310][ T1504] rust_binder: Read failure Err(EFAULT) in pid:298 [ 41.498422][ T1534] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 41.650975][ T1553] binder: Unknown parameter 'defcontext01777777777777777777777' [ 41.733799][ T1564] ------------[ cut here ]------------ [ 41.740480][ T1564] WARNING: CPU: 0 PID: 1564 at mm/page_alloc.c:5157 __alloc_pages_noprof+0xe4/0x6c0 [ 41.750244][ T1564] Modules linked in: [ 41.754258][ T1564] CPU: 0 UID: 0 PID: 1564 Comm: syz.2.398 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 41.768547][ T1564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.780445][ T1564] RIP: 0010:__alloc_pages_noprof+0xe4/0x6c0 [ 41.786448][ T1564] Code: 0f 1f 44 00 00 41 83 fd 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d a4 78 ee 05 00 0f 85 c4 00 00 00 c6 05 97 78 ee 05 01 <0f> 0b 31 c0 e9 b6 00 00 00 41 83 fd 0a 0f 87 aa 00 00 00 44 89 6c [ 41.807408][ T1564] RSP: 0018:ffffc9000767f5a0 EFLAGS: 00010246 [ 41.814236][ T1564] RAX: 0000000000000000 RBX: 1ffff92000ecfeb8 RCX: 0000000000000000 [ 41.823707][ T1564] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000767f648 [ 41.832645][ T1564] RBP: ffffc9000767f6c8 R08: ffffc9000767f647 R09: 0000000000000000 [ 41.840950][ T1564] R10: ffffc9000767f630 R11: fffff52000ecfec9 R12: ffffc9000767f5e0 [ 41.848977][ T1564] R13: 0000000000000012 R14: dffffc0000000000 R15: 0000000000000000 [ 41.857846][ T1564] FS: 00007fceadbca6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 41.871554][ T1564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.879903][ T1564] CR2: 0000200000001000 CR3: 000000011fb80000 CR4: 00000000003526b0 [ 41.888276][ T1564] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.896741][ T1564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.905645][ T1564] Call Trace: [ 41.909327][ T1564] [ 41.913319][ T1564] ? do_syscall_64+0x58/0xf0 [ 41.918144][ T1564] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 41.924150][ T1564] ? hashtab_init+0xdb/0x1f0 [ 41.929310][ T1564] ___kmalloc_large_node+0x9c/0x1d0 [ 41.935279][ T1564] ? hashtab_init+0xdb/0x1f0 [ 41.941164][ T1564] __kmalloc_large_node_noprof+0x1e/0xe0 [ 41.948568][ T1564] ? hashtab_init+0xdb/0x1f0 [ 41.953673][ T1564] __kmalloc_noprof+0x26d/0x450 [ 41.959721][ T1564] hashtab_init+0xdb/0x1f0 [ 41.964841][ T1564] ? common_read+0x16d/0x480 [ 41.970411][ T1564] symtab_init+0x44/0x70 [ 41.974881][ T1564] common_read+0x1de/0x480 [ 41.979596][ T1564] ? __cfi_common_read+0x10/0x10 [ 41.984677][ T1564] ? hashtab_init+0x105/0x1f0 [ 41.989383][ T1564] policydb_read+0xaa8/0x28c0 [ 41.994246][ T1564] ? kasan_save_alloc_info+0x40/0x50 [ 41.999692][ T1564] ? __cfi_policydb_read+0x10/0x10 [ 42.004820][ T1564] ? security_load_policy+0x128/0x12f0 [ 42.010554][ T1564] security_load_policy+0x162/0x12f0 [ 42.016489][ T1564] ? irqentry_exit+0x4a/0x60 [ 42.022465][ T1564] ? exc_page_fault+0x66/0xc0 [ 42.029285][ T1564] ? asm_exc_page_fault+0x2b/0x30 [ 42.034696][ T1564] ? __cfi_security_load_policy+0x10/0x10 [ 42.045198][ T1564] ? rep_movs_alternative+0x4a/0xa0 [ 42.050487][ T1564] sel_write_load+0x298/0x5e0 [ 42.055377][ T1564] ? futex_wait+0x288/0x540 [ 42.060622][ T1564] ? __cfi_sel_write_load+0x10/0x10 [ 42.066369][ T1564] ? __cfi_futex_wait+0x10/0x10 [ 42.071964][ T1564] ? bpf_lsm_file_permission+0xd/0x20 [ 42.077742][ T1564] ? __cfi_sel_write_load+0x10/0x10 [ 42.083384][ T1564] vfs_write+0x3c0/0xe80 [ 42.087974][ T1564] ? __cfi_vfs_write+0x10/0x10 [ 42.093139][ T1564] ? __kasan_check_write+0x18/0x20 [ 42.098579][ T1564] ? mutex_lock+0x92/0x1c0 [ 42.103281][ T1564] ? __cfi_mutex_lock+0x10/0x10 [ 42.108709][ T1564] ? __fget_files+0x2c5/0x340 [ 42.114805][ T1564] ksys_write+0x141/0x250 [ 42.119887][ T1564] ? xfd_validate_state+0x68/0x150 [ 42.125944][ T1564] ? __cfi_ksys_write+0x10/0x10 [ 42.131028][ T1564] ? __kasan_check_write+0x18/0x20 [ 42.136272][ T1564] ? fpregs_restore_userregs+0x11d/0x260 [ 42.142850][ T1564] __x64_sys_write+0x7f/0x90 [ 42.148090][ T1564] x64_sys_call+0x271c/0x2ee0 [ 42.153551][ T1564] do_syscall_64+0x58/0xf0 [ 42.158130][ T1564] ? clear_bhb_loop+0x35/0x90 [ 42.163411][ T1564] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 42.169551][ T1564] RIP: 0033:0x7fceadd8e929 [ 42.174175][ T1564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.194458][ T1564] RSP: 002b:00007fceadbca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.204148][ T1564] RAX: ffffffffffffffda RBX: 00007fceadfb6080 RCX: 00007fceadd8e929 [ 42.212734][ T1564] RDX: 00000000000012fe RSI: 0000200000000000 RDI: 0000000000000004 [ 42.220843][ T1564] RBP: 00007fceade10b39 R08: 0000000000000000 R09: 0000000000000000 [ 42.229835][ T1564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.237999][ T1564] R13: 0000000000000000 R14: 00007fceadfb6080 R15: 00007ffe5c9383c8 [ 42.246143][ T1564] [ 42.249565][ T1564] ---[ end trace 0000000000000000 ]--- [ 42.255403][ T1564] SELinux: failed to load policy [ 42.398331][ T52] Bluetooth: hci0: command 0x1003 tx timeout [ 42.398325][ T446] Bluetooth: hci0: Opcode 0x1003 failed: -110