last executing test programs: 2.278587667s ago: executing program 2 (id=526): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x20, 0x6, 0x0, 0xa1}, {0x6}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d00, 0x0, 0x9}]}) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f00000021c0)={[], [{@context={'context', 0x3d, 'system_u'}}]}) 2.188642808s ago: executing program 2 (id=527): openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000040)='%((@\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="600ed9dcc4d5c6b9"]) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000ffe000/0x1000)=nil}) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x4, 0xc2, 0x4f, 0x40, 0x2, 0x80, 0x1, 0x3, 0x44, 0x8, 0x0, 0x9}, {0xb, 0x5, 0x6, 0x8, 0x9, 0xff, 0x4, 0x3, 0xa, 0x13, 0x7, 0x6, 0x1}, {0x1ff, 0x7, 0xd, 0x10, 0x25, 0x9, 0x0, 0xfb, 0x4, 0x5, 0x0, 0x2, 0x4}], 0x9}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000100)=@arm64={0x5, 0x2, 0xc7}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, 0x0) 2.117144179s ago: executing program 2 (id=530): r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read(r0, 0x0, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)=ANY=[@ANYBLOB="8a39648c02cfabd22c00"]) 2.113797289s ago: executing program 2 (id=531): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28131, 0xffffffffffffffff, 0x0) (async) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(r3, 0x40103d0b, &(0x7f0000000040)={{0x0, 0x3}}) (async) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x0) (async) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000300)=0x2) (async) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180)) (async) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0x2) (async) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0x1) (async) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100)=0x7) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_GET_REGS(r4, 0x8090ae81, &(0x7f0000000380)) read(r2, &(0x7f0000000440)=""/99, 0x63) (async) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x0, &(0x7f00000001c0)={@flat, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, 0x0}, 0x10}], 0x5e, 0x0, &(0x7f0000000280)="27340dbe79e8af432ff4fa2360c88df5a04d8e7eeb14f8d0fab09d900a6bb5bc0f07887e054cb7693ae1fb57bdf9173c6f2dd3f6284401f0a87fa2166027d3eda04b0809ab53399e60c5169690bcaa67b7123d2729933e63d78255ba0d07"}) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) ioctl$ASHMEM_GET_NAME(r7, 0x81007702, &(0x7f0000000300)=""/67) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) (async) write$uinput_user_dev(r8, &(0x7f0000005140)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000], [0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40004, 0x10001, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfae, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x1], [0x2, 0x0, 0x0, 0x0, 0x0, 0x65e, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x533f30c6, 0x0, 0x0, 0x0, 0x5, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100004, 0x80000000, 0x0, 0xfffffffe, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$KVM_CREATE_DEVICE(r5, 0xc018aec0, &(0x7f0000000040)={0x1, 0xffffffffffffffff, 0x1}) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) (async) r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syz_tun\x00', 0x1bec39af700e7306}) (async) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x2000003, 0x10, r0, 0x0) (async) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 557.895952ms ago: executing program 3 (id=554): mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f00000021c0)={[], [{@context={'context', 0x3d, 'system_u'}}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x0, 0x0) 556.521062ms ago: executing program 3 (id=555): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_MCE_KILL(0x35, 0x0, 0x8) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x2) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000140)={0x2, 0x0, {0x0, 0x0, 0x0, 0x18, 0x0, 0x60}}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x0) 550.536322ms ago: executing program 3 (id=556): r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000006200), 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000080)=0x8000000) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000000)=0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000000000007005"]) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4188aec6, &(0x7f00000012c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0xf7}, {}, {}, {0x0, 0x1}]}}) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000006300)={0x30, 0x5, 0x0, {0x0, 0x6, 0x5, 0x4}}, 0x30) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001']) 518.220423ms ago: executing program 1 (id=557): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r1, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb77b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x80000]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x101c82, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000400), 0x1090c2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r3, 0x0) mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x1000) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x2000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000480)={0x2, &(0x7f00000004c0)=[{0x14}, {0x6}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0) 445.717813ms ago: executing program 3 (id=558): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r1, &(0x7f0000000800)={'syz1\x00', {}, 0x100000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa37a, 0x0, 0x0, 0x0, 0x100], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x1000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x40000000, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80, 0x0, 0x10400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0xfffffffd, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) close(0x3) openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f0000000340)={0x0, 0x18, 0x30}}, 0x10}], 0x6b, 0x0, &(0x7f0000000280)="27340dbe79e8af432ff4fa2360c88df5a04d8e7eeb14f8d0fab09d900a6bb5bc0f07887e054cb7693ae1fb57bdf9173c6f2dd3f6284401f0a87fa2166027d3eda04b0809ab53399e60c5169690bcaa67b7123d2729933e63d78255ba0d073c4c19e166677001adbe306baa"}) 445.066813ms ago: executing program 3 (id=559): ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x400) (async) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)) (async, rerun: 32) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000080)="1874b746fa0bba428023cb06257e9c6b0f3a7e7a103f1603ccfd89945e6fa3998af5a06722abe93ef41c30432da53fa3f0a608e0eb866bc5cf64f52b9ae478e89b1b31") (rerun: 32) ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d03, &(0x7f0000000100)={{0x4, 0x5}, {0x1, 0x1000}, 0x7f, 0x1}) read(r0, &(0x7f0000000140)=""/63, 0x3f) (async) write$UHID_INPUT(r0, &(0x7f0000000180)={0x8, {"f46718f863e58d7ca4de61f2722e97e2c129980340292e9766c1cf642bc4807c6804942e481fb882efd86d86cc698544e72f27103f0182ca1e245e3c64874617b32c832606ff01c150ea40bf7dac8884e3f981fdf26a66316d52b31c12f67609f5aa24f84689febc2287a93196a073f29999d24c78d809752f9d3e2a1f8c581751b54d0f3e1ab367abd8a69097c76d074ad34c38edad27b17f42f6495dd41ae4f927512d996d9fafb0764a31ce7c3d4c08f95f426eef7f1a2b65a422dd3a3e0ecda97dac513541ec6a462e880421b9c6e385b681080ad5e6812437e3397aa3b1f8b41d8def31f4c5b36b7f633aafb86e7ee68a5733dba5d16d3f0a8b89cc9dd9ee509c2a2791cbe83043d0985c477c34b35811a7d38d0669bc4b300eef55d36bdadf945e0b2efb53f38a9eafc223b4d7d89e2f3061ddba69b51b34cac8c69cd0bb24d95eba93b0f2cd90834633eee7a54c54978835a29d69e859fdfe4ea7b3410baf2b26b3ce9b88e7fbb410812c4a89dea55abb049b1778fa4cd2217695406fb73d1e58f1e506b5d57ebaacfc0aebcad422d7a66c14164afbdeef5abaed2e8e9503c872a60916cb2b7ba2d24f3635fe8d76fe0e84c68891eb042b30696ea76a14fdaf78b6b13ec41bd22c8bab49f5753544addf939ae3e53a8fbc7c33dffb26239ae296774c234a9dc71f429d7cfac77cfed99b2a5a402f442e7cbe793d7bb5f81344f9facc659a72d562b575c8c0b90a317e4169ca8272f0102e56042217e02adef2f620bc29219a7c26235dd2cf1d6b1976f9e07dac6bd86ce578827be562b23bfa77b44429c0cc86fad707c5bda81fa1ca116df9d97d64778df1610a0cdc0d644dfb6ec21e41474a4b702de58a746aa3b26c4fe2660149b660dfd402a9b28d72d4a2dabc1d075168d29e8afbd9279fde4d5e5a74b025d933bb1e3342219ef75849dea66dd666353b9d6d07427111871701bbdd0d3a831edf98b5c8c6402ba8b16e45988282aa199535c1d0dc604004e74a2851c0266d625afc4b180360472a8253ebf946018fbee1205344a0e646f970d3cf439efda38d94117c16b761f4efce2c7309ca09f1a68e5f4b3bb68a84af5856b3e979e6900016f840f0b3d68e6387decf77abb6ecb91f993377bee8fb66e060fb00f5a2aa46d260609d0083c8d188a7652bd54260d757d01f273aea64483c922e5259159600d61184a3a49eabf9bbcbf2a338e20ac03510ea39de3fc0341e0c2188752bdb8c77583ac500516454fe02be9a4a355a8be766220288da8251bda335809526d32285329b6427cc954c793d08f10a667db55c7aee0d1be86ef38fe07f8043d7bebf323aec15ba837dc0b33eb48a7895227ed2ef19e2124f1ed1026d72e1affb7df7ebb6ac56104c187e223f3b0e5775fbeb1d06f85503ce356a0129bf000f91fd6dad3cda41722e7c49c2e279d95a6a291e2f6660b24cb5ee6aedddb03a915bf5f5d1bfc8b9e3219e825fd00c64273e02622ca2a389e6290cd21066716a5a91f17b759bcc1273e40b954876d747243f40726514fddd98c800c6ab24d1c06c04878f5416495da3efe3778d368dfab7f4886c628b864d645da9dd77fd35bc25abd31aef8b140d51bf699f27142cddb296c658b39bb50d951dbd7ecaf8e33b47b60dc6705fe89de8eb8cbd4c345779a955f2591d5d396022d0ec36168aaa01ca87caf4434edcf91af7f5d3408a4f429f841e080aa367d29f2fed21731f8d96f079ded8deb1c41c8bc5dd91a5a5482ffeb64de5ca8a40a83038ebf7cc8199afbf7d4f2fa63c3a3b77a2c68db3e0cf2dd675c6380b1b431cb383b6944a7dbf8713dd8809b6e52f27f3775e9fd9337533bc3c748a2b928fa51a242686cc8821cc8a94a15c5e77baa7ea2d538f26fb5fb86be94fd39bc9df6cf9b9de7b6818ba7645c7ccd483e22bb43e8cb7cef21f2d9bca5daa15ef9f52ffe7279f3bce402007e148f49e64a27c3a23f3c130bb4774e0731264f2b42203d3f54c254aff2315227f5cdd98b81439b6905def46253023b87ea88e6596908722884c33c94f7a87b18f4055c86aa200deffcdc9a702082ee3e3d548ff052e88ba39da2c14df6113c46e7b119660456967230483ec2331bad8cc4a05c63e01b44df60d179a34da26dd55d2d8d31765ef6874c5846434d472a4153d32abaa95495523e695556e336112049435f973f730fea0304469d2ff07381d365c5af8d0c741761148600d4b14242f39336040d7e9a0f233a248c6079679418580bf6257cdbe76209755b8e6fb6f496857fd10760b519b7503a05ee1f114e16fe6fc3be495776a2cf7a5aba359bef7bf537bd4b859352186a9fe0cdaa44746e3ab2141082c626330c6d1972cb1ce71658dda8d803477b801e16ec1d76a3a62c0ce43adb5f1d17e90249b6af7f18fbc0537e27ce0ed2a126bc3c0ffdc753fa617acb854f1ef653ca8ab41a438c5538eb6f0378b193bd97aa37954290c3ec55b35d3c4321652ff85e1824ee4076c018fd9117626279e9c3882ca63cf8c54cf33472bf63051c6113860fc9aefded53d2ce03276fa868f634d19b9d5e0bd750097239d409ddac9d02d8e52b7895f96f8b1fc0e3b0cbcec520754a3ed06557b13db7c1ffeea817f19d8de2a6eca60b756f691b527fb9c9245603cad4b358713d2e50fa162185492bed552094d1e1e6905f269789de16a0b88efc8ccd0d821d616fa6b497e0e645d745a470c75862ea72edce83f0a99fcaf1690b7bfeccdf7e51db8c13929a46ded2e31967c49867b4eb0022e955225d86a2f5e355f17ba9792bbed671b2682cee0d451b1a7910020e456879bb6115bd12c1258fdd9668819183966f3a9a4598fed30269fed79773f2fbe2238cd8bd86bcce35d7427a77e07bfeba91d3fa806ad4927e86b4c1ade563ee310891096983130c6df0208ffa31ec2b91274e037a48241c83e7a2d9936f381e37ca8bafe860642edd4b17a76e843386242b7c24d3cc00ae3601eefd7c82c33d0e5b44f3664d9e9f4de5c435e433c04cd93293c5fbc45f2b52bf5921c7f979a18671a081559495233ef19bcdb4c2556863b4ec3706da8ac829a3729da1cec4506502ecb8a56f70450a7fc90d27d1da7e9b45da7a26166ba2636280d78d2c8662e860fbe499fafbe88a33437db2b78902f1fe82bd036ba50d45c56db0bba13568a7b40e3efdedb04015bfbb0b46ca4672a3a33bcf819873390431ece719339e78a9ef3ce37248e06a532070eae50e279917ef17c7b41ca3d4b74810f919f6f977cf0e100bb88f4d85c92ac2c4cf75495e4fbbd41648887966c6e8a43ad376872507002ab6c51e05cbb6bb7ce56a574b9dd184f6cec14d806c7cf56ff5e7d5545c83c542de974da5d42652b82be641cfc661810aa7f882aeb2255dbf7333d187930adc59f37e64ba940cfe4ca72d9f498313b045ba5f0231980c141d1453be31e08824a89d02d5afbb3d63d252f2f970021826f2cb60bd510dd2ed16b5a3234739e7a6a84a23ff3ac1b62e4744300e69a4c3d2871d69d326e94daad8255f9957d839897860c3a42433f9d2927b32c912950f5c4bef1543c4f5e49677037e214d344127a3d55f4c99ec448030a9b687856a04cd71d72a412bc373baf51952a9e927cbf1343a153abf99c81d499ca28322b85e30b08828a68c8290e3a3e2c6cdbaa1d7fb1ce9d35b49aef6a48f1ccc650a1d84419a605fb3e11825b58304595d433db16e6db4557e1bc633cf6fe7e663c40efe57bfc3497be0145aeb2456115a2000cef29a742b0b8f0ca255dda9a5100d28ca48efc44ba2714e7bafc7d01655bd814d9f603e1ac3211ee313cb7ba89744560bf4598c690373d5bd2c515ee5c6268e5d5d1a69090f5caef397230ae96370106c8b7c940e831a9d711f400f3da9afe0267463dcb20ef665dae9689cf7b4f1bb9d25c07f3b5e6c4dd77c70343a072977a7fc14f14e8588df75bd93aed548afd88a1ba1c9fbcafefd5ec557bdd64cfa6ddaf0a21bd22639a606c728a7d0dbbceb165ebe37a5ca48056f25cdf54dd7fbca6c5c6fbe75e8e692425beeeabd1d406e5503ca9e8246945dd0d39b98405aedb40cc1250cb9302e3438a690781270f66b1cd92611d0f942c31e54c879eeefeb930d0e63684286f1a94f2dafe3cb5aa86fbca318e2fca47255f55680a1203c350428e50fa4d2416e3809f895323761f39f06346e217bab2fae045309b340fce3c81b5ed2e0ca1ed79a3865583790a58c981f67f512ebb7b181fcb31a56ec71067afcc68eeaf8c917279bcdb67dae772cb3a06c2ec2def3970279e7fdcc5b299579e035c2c354eb19a9b1a9df633dba0931ae9ab775aeaf935bcc9c6336d22c82877f3255c5b9368ca52ba60987bc3ff1be40521e1bef090f7750eeec883128b3e6649ebf71ebda0e41e80190f0be507cfb16b84b74f24aeedb28b95f5d0bfa518195f8e929eb1c32e8de118d522fd5c4e2718e984f4dd503a1ff2dcff3120ba8b25c51033b5c90930ad057e16b0d019849c3cd968c0edf19928cf30076a1860c806ad99cec4e464368fa84634d163a59b955c3555f68b35993fd9d0cfe8f8a9fa4fd73f8c39f9771637d744ae027150be22fcb121c5cba3332855ccb7991b0b65b9aa9dc201e7ab463d7ca5cbf66e9a9c0c3dc8aca9d7a1782c753addcc36bf86a4300aa499600128a16456396639f7fa17e39b22bd6c8c0d6d602f8b5295438668eb8f3c0850b5e86f2ef975caa423cff12ebc66448d3d40db47ba547215c101822b42ed01ae56eda60c97bd43d22e4410c351dfad05817d5be5835db07d7d814f73ba99a0a8b1a5488cc6834a5abc2ebad37b2d4f4da1991ae25cf539f1a43afe3139a7a65878b0a6927c5a0cecee6cf010a98b905a4a602309e4d2f42f8cc0496337c0c74f5715bee7bddbd93e1e4619425781f32d2a4244c961cb3a7f3ee567a7ad01e9f86f7824a9e051f7f85e5bc7e1395c9bce25a8fb835fe29d012b818f0833364935e537250254096d44a1072fea38cd8c490d0b9ba587b8cfb9bfdd2b5d3816d1bfbb2117b6c85d53eb6fb0eaeb13225f4b5ae16dd2ff8b49357678af0411a8c3aae63093c3e4a996ab5fc57ce83cbef78368d4b3a0d3683ddb0cd39b591d6cf3d6ffb6fcb7ae953be4e1fc08441870dc3b1e7e8c25e95d6fdc2acc476cef862d5e9f1d98f9dcb6385110976bfbeb158499de6d6e0fc033a513833421df30d7c0b818f3537b7bd8b9390c893f1f12f797364feebf945aff6d972a55b5db08c848303e68e03c19efb8fcff3e2cce1b86e4753d0aa053dd8e9b7f5738a5a7d5f533b75bb7235c9e83c997cd66fe512ba2df39328e6b01a81171b1838420d815ee26a5ffd2ad7a9a10b2b685c7bd6871f3243ace0e06560abe21ce0ca8b4c8b9fcb1f17f9db3e2da581b7455543961b22ea10759fafbe785b156fce6be8729774c1bd66292b9b18101fc9af398756126d77366de0e86607a7dc4a11018701aaa3ea6a3c9a651596ccad7d77819116406c644944e2b2b37957acbfb6b862d12e9b1d0dd63c0e2e35f4f9767d641afe38eacf3ba6b0c7dc8842f4c7cd77983fb37f36539824d9c68858bd7c9e27563de467564fdf8f43a0ecfedee7b3b8eb4820c14a5ee24f5fb56529dd29bdb3b1806bab6cdcaae994e6399c96d367e4fb1e668bb2f961b869666d728e857ad110b21d42443d450769a8052d7746dd1cb9837f8d2fa57ead920e75bb4fe601d7495ca64a548700522dc924d8f3f3e77ce2bf52939437b508cf6c432e3", 0x1000}}, 0x1006) (async) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f00000011c0)) r1 = openat$cgroup_ro(r0, &(0x7f0000001200)='blkio.bfq.io_queued\x00', 0x0, 0x0) (async, rerun: 64) write$cgroup_int(r0, &(0x7f0000001240)=0x2, 0x12) (async, rerun: 64) ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000001280)) (async) mkdirat$cgroup(r0, &(0x7f00000012c0)='syz0\x00', 0x1ff) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000001300)={0x2, 0x400, 0x8, 0x4, 0x14, "3787b3af654bd9123b8396b4a376497ad886ff"}) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000001340)=""/58) (async) r2 = syz_clone(0x40070080, &(0x7f0000001500)="ccf2e94fc46cb11be4b4c27afd6823a7078de8156ce846922b1ad21b7ecee94a9dfcec550d048995569a7c3b6c8ccff13bf895dc5bc8a3f215590b1181f611ebab2f90094a46a96e7be7c94c29b5d34f9e92add587d9e55ff582068b3f7da39d467c0eae8085f0e0d452cd625578b9ccc0017d6486935720049877ada5c0580d278941d45a9feb7f4bedab2d2d397987b4afacb81b132dd8b02846d587efd9eb139cbcaadb68a45a1b998bb6ce0e5e09bda599280750624826322eafd9ebed0428781bdfe0f9b14e67a5ebe54df8337fe98c50", 0xd3, &(0x7f0000001600), &(0x7f0000001640), &(0x7f0000001680)="bd788214e36b4378a655e76b9900b835e870604adf35bcebc4b16e0cff5fd240745f905a3aa799defdade2d5488fce9a8fdf2c41636e073d55a456bd7ec2c7b2844e947b334b29503e180736b480a28179650e175a674ef2f752e482906225") read$FUSE(r0, &(0x7f0000001700)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_clone3(&(0x7f0000003980)={0x45202000, &(0x7f0000003740), &(0x7f0000003780), &(0x7f00000037c0)=0x0, {0x25}, &(0x7f0000003800)=""/40, 0x28, &(0x7f0000003840)=""/249, &(0x7f0000003940)=[0xffffffffffffffff, 0x0, 0x0], 0x3, {r0}}, 0x58) (async) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000003a00)=0x0) (async) read$FUSE(r1, &(0x7f0000003a40)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 32) read$FUSE(0xffffffffffffffff, &(0x7f0000005a80)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (rerun: 32) syz_clone3(&(0x7f0000007b00)={0x20044000, &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400), {0x12}, &(0x7f0000001440)=""/27, 0x1b, &(0x7f0000001480)=""/65, &(0x7f0000007ac0)=[0x0, r2, r3, r4, r5, r6, 0x0, r7], 0x8, {r1}}, 0x58) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007e00)={0x5c, 0x0, &(0x7f0000007d40)=[@dead_binder_done, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000007c80)={@flat=@handle={0x73682a85, 0x101, 0x3}, @ptr={0x70742a85, 0x1, &(0x7f0000007b80)=""/252, 0xfc, 0x1, 0x1a}, @fda={0x66646185, 0x8, 0x1, 0x3e}}, &(0x7f0000007d00)={0x0, 0x18, 0x40}}, 0x40}, @enter_looper], 0x0, 0x0, &(0x7f0000007dc0)}) (async) ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000007e40)={0x8, 0x8, 0x4, 0x101}) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000007e80), 0x22800, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) (async) ioctl$TIOCGICOUNT(r1, 0x545d, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000007ec0)=@arm64={0x1, 0x9, 0x6, '\x00', 0x7f}) (async) ioctl$TIOCL_SELLOADLUT(r8, 0x541c, &(0x7f0000007f00)={0x5, 0x0, 0x1, 0x5, 0x2aa}) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000007f40)={0x2a, 0x6, 0x0, {0x6, 0x3, 0x1, 0x0, '*'}}, 0x2a) 437.932104ms ago: executing program 3 (id=560): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x61, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b2"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000500)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0}) 432.050153ms ago: executing program 1 (id=561): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nr0\x00', 0x2}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000600)={0x2, &(0x7f0000000340)=[{0x5c}, {0x6}]}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0), 0x61, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b2"}) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080), 0xb4eef1b308519442, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x10007, 0x3, 0x100000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 293.682706ms ago: executing program 1 (id=562): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000340)={0x1, 0x0, [{0x247, 0x0, 0x7}]}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FICLONERANGE(r4, 0x4020940d, &(0x7f0000001280)={{r4}}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) write$FUSE_LSEEK(r5, &(0x7f00000021c0)={0x18, 0x0, 0x0, {0x8}}, 0x18) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0xff, 0x9}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xaece, 0x2) read$FUSE(r8, &(0x7f0000000dc0)={0x2020, 0x0, 0x0}, 0x2020) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) write$FUSE_BMAP(r4, &(0x7f00000003c0)={0x18, 0x0, r9, {0x200}}, 0x18) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) r15 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r15, 0x4070aea0, &(0x7f00000001c0)={[{0xfff, 0x3ff, 0x8, 0x2, 0x1c, 0xd2, 0x3, 0x8, 0x7, 0x80, 0x1, 0x7, 0xda01}, {0x6, 0x40, 0x0, 0xb0, 0x0, 0x2, 0x0, 0x6, 0x4c, 0x2, 0x9, 0x8, 0x3c0}, {0x4, 0x9, 0x0, 0x2, 0x0, 0x3, 0x3, 0x8, 0x2d, 0x77, 0x4, 0x88, 0xffffffffffff7006}], 0xf}) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_SET_PIT(r13, 0x8048ae66, &(0x7f00000002c0)={[{0x4, 0x200, 0x3e, 0x8, 0x8, 0x35, 0x9, 0x8, 0x0, 0xc0, 0x6b, 0x80, 0x1}, {0x1, 0xfff, 0x9, 0x11, 0x3, 0x3, 0x10, 0x7f, 0x8c, 0x6, 0x5, 0x8, 0x58}, {0x9a57, 0x8, 0x9, 0xf, 0x9, 0x8, 0x4, 0x3, 0x3, 0xb, 0xc, 0x10, 0x6}], 0x3}) ioctl$KVM_RUN(r14, 0xae80, 0x0) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r10, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x12}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x2, &(0x7f0000000240)=""/1, 0x1}}, &(0x7f0000000280)={0x0, 0x20, 0x38}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)}) 281.888156ms ago: executing program 0 (id=564): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\x00\x00\x00\x00\x00\x00\x00\x00\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xb77K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.9i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xe46\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xafec\x9a\x8d\xeeQ\xfc+W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x85\x1f') 273.680356ms ago: executing program 0 (id=565): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2b26c0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x8f) prctl$PR_CAPBSET_DROP(0x18, 0xfffffffffffffffd) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000040)={0x200028, 0x27, 0x20000000, 0x12, 0x3, 0x400004f, 0x1100010, 0x2c, 0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x3, 0x0, 0x0, 0x5, 0x0, 0x4002004c4, 0x1000], 0xeeee8000, 0x1144}) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x769f00b363895638, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$UHID_CREATE2(r6, 0x0, 0x2) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)=ANY=[]) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext']) 221.910927ms ago: executing program 0 (id=566): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000700)={0x10, 0x0, &(0x7f0000000540)=[@clear_death={0x400c630f, 0x3}], 0x0, 0x0, 0x0}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001']) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000700)={0x10, 0x0, &(0x7f0000000540)=[@clear_death={0x400c630f, 0x3}], 0x0, 0x0, 0x0}) (async) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001']) (async) 220.972837ms ago: executing program 0 (id=567): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000002780), 0x0, 0x0) read(r1, &(0x7f00000027c0)=""/62, 0x3e) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000140)={@host}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xb0, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac1"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000080)=@arm64={0x3, 0xc, 0xf, '\x00', 0x10001}) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f00000002c0)={0x150002, 0x0, [0x3, 0xfffffffffffffffa, 0x5, 0x200, 0x6, 0x1, 0x9, 0xe8f]}) r6 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$selinux_user(r6, &(0x7f0000000100)=ANY=[@ANYBLOB="73797374656d5f753a6f358ffe50745f723a7661725f6c6f636b5f743a73302075"], 0x2d) close(r6) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r7, 0x6, 0x50, r8, 0x0) 172.029097ms ago: executing program 1 (id=568): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700a3fcf070d1"], 0xffdd) openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x1, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x200) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r5, 0x4004ae86, &(0x7f0000000000)=0x5) write$cgroup_int(r2, &(0x7f0000000200), 0x806000) ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000380)={0x0, 0x2, 0xfffffffffffffff9, 0xac}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x30b) openat(r2, &(0x7f0000000000)='./file0\x00', 0x1c70c0, 0x8a) openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 153.091208ms ago: executing program 0 (id=569): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x6aeacc6645c0d41e, 0x0) write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20, 0x1, 0x0, 0x0, 0xffffffff}}, 0x11c) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x481, 0x0, 0xc}]}) (async) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000e, 0x8053, r5, 0x1764000) (async) ioctl$KVM_CREATE_PIT2(r5, 0x4188aec6, &(0x7f0000000040)) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0) (async) ioctl$VHOST_SET_LOG_BASE(r7, 0x4008af04, &(0x7f0000000300)=&(0x7f0000000240)) (async) ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0xeeee0000}) (async) ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000680)) (async) ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x1) (async) close(r0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="82000000000000008204"]) (async) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]}) (async) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x42802, &(0x7f0000000000)=ANY=[]) 2.42398ms ago: executing program 1 (id=570): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) close(r0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x801, 0x0) 1.36291ms ago: executing program 1 (id=571): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xb) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x301a01, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x11) ioctl$GIO_FONTX(r2, 0x4b6b, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x23c0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000200)={0x10002, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) read(r6, 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000280)={0x4, 0x10000}) ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x100c2, 0x0) ioctl$TCFLSH(r9, 0x540b, 0x101) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x103442, 0x0) ioctl$TUNSETIFF(r10, 0x400454da, &(0x7f00000000c0)={'bridge_slave_1\x00', 0x8000}) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x240002, 0x0) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000300)={[{0x4, 0x2, 0x0, 0xff, 0xb, 0x3d, 0xff, 0x0, 0x80, 0x1, 0xfa, 0x4, 0x81}, {0x7d, 0x9, 0x6, 0xc0, 0x8, 0xd, 0x9, 0x7, 0x1, 0x7, 0x9, 0x0, 0xd}, {0x4, 0x1, 0xfb, 0x8, 0x10, 0x86, 0x10, 0xf, 0x1, 0x8, 0x40, 0x81, 0x5}], 0x4}) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) close(r10) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2d) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats']) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000200)={0x0, &(0x7f0000000180)}) 951.39µs ago: executing program 0 (id=572): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async, rerun: 64) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) (async) openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000040)=@x86={0x3, 0x8, 0x2, 0x0, 0xffffffff, 0x0, 0x2, 0xfc, 0x3, 0x12, 0xfe, 0x0, 0x0, 0x4, 0xa, 0x0, 0x0, 0x0, 0x9, '\x00', 0x7, 0x8000000000002}) (async, rerun: 64) write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x606c) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) 600.42µs ago: executing program 2 (id=573): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x800000) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000380)={{0xffffffffffffffff, 0x3, 0x5, 0x1, 0xe}, 0x6, 0x9, 'id1\x00', 'timer1\x00', 0x0, 0x7, 0x9, 0x1, 0xd09}) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000400)={0x54, 0x0, &(0x7f0000000300)=[@increfs, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, &(0x7f0000000080)={{0x8001, 0x4}, {0x5, 0xb9}, 0x80000001, 0x1}) 0s ago: executing program 2 (id=574): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BLKROSET(r1, 0x125d, &(0x7f00000000c0)=0xfffffffffffeffff) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) read(r0, &(0x7f0000000040)=""/106, 0x6a) kernel console output (not intermixed with test programs): [ 7.004516][ T36] audit: type=1400 audit(1750318104.900:58): avc: denied { read } for pid=201 comm="getty" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 syzkaller syzkaller login: [ 16.953359][ T36] audit: type=1400 audit(1750318114.860:59): avc: denied { transition } for pid=232 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.957124][ T36] audit: type=1400 audit(1750318114.860:60): avc: denied { noatsecure } for pid=232 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.960353][ T36] audit: type=1400 audit(1750318114.860:61): avc: denied { write } for pid=232 comm="sh" path="pipe:[1654]" dev="pipefs" ino=1654 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 16.963770][ T36] audit: type=1400 audit(1750318114.860:62): avc: denied { rlimitinh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.966710][ T36] audit: type=1400 audit(1750318114.860:63): avc: denied { siginh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts. [ 23.994395][ T36] audit: type=1400 audit(1750318121.900:64): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.995503][ T282] cgroup: Unknown subsys name 'net' [ 24.017305][ T36] audit: type=1400 audit(1750318121.900:65): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.044708][ T36] audit: type=1400 audit(1750318121.930:66): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.044889][ T282] cgroup: Unknown subsys name 'devices' [ 24.229923][ T282] cgroup: Unknown subsys name 'hugetlb' [ 24.235660][ T282] cgroup: Unknown subsys name 'rlimit' [ 24.408963][ T36] audit: type=1400 audit(1750318122.320:67): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.432319][ T36] audit: type=1400 audit(1750318122.320:68): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 24.437977][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 24.457505][ T36] audit: type=1400 audit(1750318122.320:69): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 24.489064][ T36] audit: type=1400 audit(1750318122.380:70): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.514785][ T36] audit: type=1400 audit(1750318122.380:71): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.536093][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.540461][ T36] audit: type=1400 audit(1750318122.440:72): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.574587][ T36] audit: type=1400 audit(1750318122.440:73): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.799238][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.806332][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.813747][ T289] bridge_slave_0: entered allmulticast mode [ 25.820102][ T289] bridge_slave_0: entered promiscuous mode [ 25.833410][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.840662][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.847763][ T289] bridge_slave_1: entered allmulticast mode [ 25.854222][ T289] bridge_slave_1: entered promiscuous mode [ 25.872027][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.879106][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.886162][ T291] bridge_slave_0: entered allmulticast mode [ 25.892639][ T291] bridge_slave_0: entered promiscuous mode [ 25.904288][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.911388][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.918464][ T291] bridge_slave_1: entered allmulticast mode [ 25.924609][ T291] bridge_slave_1: entered promiscuous mode [ 25.973942][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.981075][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.988183][ T292] bridge_slave_0: entered allmulticast mode [ 25.994373][ T292] bridge_slave_0: entered promiscuous mode [ 26.008900][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.016027][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.023136][ T292] bridge_slave_1: entered allmulticast mode [ 26.029887][ T292] bridge_slave_1: entered promiscuous mode [ 26.057619][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.064823][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.072162][ T290] bridge_slave_0: entered allmulticast mode [ 26.078461][ T290] bridge_slave_0: entered promiscuous mode [ 26.085213][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.092477][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.099646][ T290] bridge_slave_1: entered allmulticast mode [ 26.105802][ T290] bridge_slave_1: entered promiscuous mode [ 26.244099][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.251217][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.258594][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.265618][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.284493][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.291568][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.298948][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.306014][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.315301][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.322400][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.329694][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.336900][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.348462][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.355507][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.362979][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.370021][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.418976][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.426334][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.433960][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.441857][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.449250][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.456525][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.463949][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.471280][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.489231][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.496280][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.505612][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.512706][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.525996][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.533081][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.560678][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.567736][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.575549][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.582606][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.591071][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.598138][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.605763][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.612829][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.623486][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.630585][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.655105][ T292] veth0_vlan: entered promiscuous mode [ 26.685577][ T292] veth1_macvtap: entered promiscuous mode [ 26.700118][ T290] veth0_vlan: entered promiscuous mode [ 26.714714][ T289] veth0_vlan: entered promiscuous mode [ 26.733069][ T291] veth0_vlan: entered promiscuous mode [ 26.747205][ T289] veth1_macvtap: entered promiscuous mode [ 26.762765][ T290] veth1_macvtap: entered promiscuous mode [ 26.776075][ T292] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 26.795358][ T291] veth1_macvtap: entered promiscuous mode [ 26.822805][ T307] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.865447][ T307] SELinux: security_context_str_to_sid () failed with errno=-22 [ 26.885750][ T307] kvm_intel: kvm [306]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3 [ 26.928557][ T315] rust_binder: Read failure Err(EAGAIN) in pid:2 [ 26.952604][ T321] cgroup: fork rejected by pids controller in /syz0 [ 26.977363][ T307] binder: Unknown parameter 'Ò ' [ 27.245228][ T336] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.252553][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.260095][ T336] bridge_slave_0: entered allmulticast mode [ 27.268304][ T336] bridge_slave_0: entered promiscuous mode [ 27.274723][ T336] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.282206][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.289350][ T336] bridge_slave_1: entered allmulticast mode [ 27.295587][ T336] bridge_slave_1: entered promiscuous mode [ 27.307442][ T13] bridge_slave_1: left allmulticast mode [ 27.313163][ T13] bridge_slave_1: left promiscuous mode [ 27.318842][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.326327][ T13] bridge_slave_0: left allmulticast mode [ 27.332566][ T13] bridge_slave_0: left promiscuous mode [ 27.338506][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.486018][ T336] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.493136][ T336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.500491][ T336] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.507538][ T336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.515327][ T344] ======================================================= [ 27.515327][ T344] WARNING: The mand mount option has been deprecated and [ 27.515327][ T344] and is ignored by this kernel. Remove the mand [ 27.515327][ T344] option from the mount to silence this warning. [ 27.515327][ T344] ======================================================= [ 27.550433][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.558461][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.582093][ T305] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.589209][ T305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.598647][ T305] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.605831][ T305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.620812][ T13] veth1_macvtap: left promiscuous mode [ 27.626610][ T13] veth0_vlan: left promiscuous mode [ 27.632614][ T349] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.701320][ T336] veth0_vlan: entered promiscuous mode [ 27.732281][ T336] veth1_macvtap: entered promiscuous mode [ 27.774335][ T357] SELinux: security_context_str_to_sid (syteÿÿÿ) failed with errno=-22 [ 28.039020][ T367] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 28.039064][ T367] rust_binder: Error in use_page_slow: EBUSY [ 28.058664][ T367] rust_binder: use_range failure EBUSY [ 28.064778][ T367] rust_binder: Failed to allocate buffer. len:8, is_oneway:false [ 28.075131][ T367] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 28.083077][ T371] binder: Bad value for 'max' [ 28.097789][ T367] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 28.097867][ T367] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:6 [ 28.293948][ T388] input: syz1 as /devices/virtual/input/input5 [ 28.467332][ T403] binder: Unknown parameter 'mask' [ 28.473153][ T402] binder: Unknown parameter 'mask' [ 28.608421][ T417] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:31 [ 28.850400][ T430] rust_binder: Write failure EINVAL in pid:34 [ 28.872525][ T432] SELinux: security_context_str_to_sid () failed with errno=-22 [ 28.902489][ T435] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.945065][ T447] binder: Bad value for 'stats' [ 29.033719][ T36] kauditd_printk_skb: 82 callbacks suppressed [ 29.033737][ T36] audit: type=1400 audit(1750318126.940:156): avc: denied { associate } for pid=452 comm="syz.1.46" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 29.107897][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 29.108727][ T333] Bluetooth: hci0: command 0x1003 tx timeout [ 29.270439][ T465] SELinux: security_context_str_to_sid () failed with errno=-22 [ 29.403225][ T473] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 29.403262][ T473] rust_binder: Error in use_page_slow: EBUSY [ 29.428178][ T473] rust_binder: use_range failure EBUSY [ 29.436496][ T473] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 29.450068][ T473] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 29.473395][ T473] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 29.490100][ T473] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:15 [ 29.566345][ T484] kvm: apic: phys broadcast and lowest prio [ 29.717851][ T36] audit: type=1400 audit(1750318127.620:157): avc: denied { ioctl } for pid=498 comm="syz.1.59" path="/dev/rtc0" dev="devtmpfs" ino=195 ioctlcmd=0x7008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 30.199324][ T36] audit: type=1326 audit(1750318128.110:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.2.72" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7ff188b8e929 code=0x0 [ 30.370771][ T539] binder: Unknown parameter 'ÿdev/kvm' [ 30.444487][ T550] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 30.454803][ T550] rust_binder: Failed to allocate buffer. len:65568, is_oneway:false [ 30.472053][ T36] audit: type=1400 audit(1750318128.380:159): avc: denied { ioctl } for pid=543 comm="syz.0.74" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 30.655986][ T36] audit: type=1400 audit(1750318128.560:160): avc: denied { map } for pid=575 comm="syz.2.84" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 30.811829][ T587] rust_binder: Write failure EINVAL in pid:47 [ 30.829734][ T36] audit: type=1400 audit(1750318128.740:161): avc: granted { setsecparam } for pid=592 comm="syz.2.89" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 30.884952][ T599] input: syz0 as /devices/virtual/input/input6 [ 30.891947][ T599] input: failed to attach handler leds to device input6, error: -6 [ 31.069927][ T36] audit: type=1400 audit(1750318128.980:162): avc: denied { read open } for pid=616 comm="syz.2.96" path="net:[4026532309]" dev="nsfs" ino=4026532309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 31.094019][ T36] audit: type=1400 audit(1750318128.980:163): avc: denied { ioctl } for pid=616 comm="syz.2.96" path="net:[4026532309]" dev="nsfs" ino=4026532309 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 31.141188][ T619] random: crng reseeded on system resumption [ 31.152162][ T36] audit: type=1400 audit(1750318129.050:164): avc: denied { append } for pid=618 comm="syz.0.97" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 31.178039][ T36] audit: type=1400 audit(1750318129.050:165): avc: denied { open } for pid=618 comm="syz.0.97" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 31.209892][ T624] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 31.390994][ T644] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.391033][ T644] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:78 [ 31.477569][ T646] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 31.501884][ T646] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 31.535525][ T651] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 31.543501][ T651] rust_binder: Read failure Err(EFAULT) in pid:84 [ 31.566626][ T654] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62 [ 31.575359][ T654] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.584737][ T654] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62 [ 31.742813][ T666] rust_binder: Failed to allocate buffer. len:65568, is_oneway:false [ 31.804722][ T672] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 31.868134][ T675] rust_binder: Write failure EFAULT in pid:89 [ 31.885304][ T682] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 31.945363][ T685] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.945386][ T686] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.099172][ T690] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.105774][ T690] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:82 [ 32.175129][ T695] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 32.203657][ T305] Bluetooth: hci0: Frame reassembly failed (-84) [ 33.120123][ T728] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.433583][ T734] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:125 [ 33.442926][ T738] binder: Unknown parameter 's' [ 33.506933][ T744] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.507657][ T744] rust_binder: Error while translating object. [ 33.507661][ T743] rust_binder: Error while translating object. [ 33.507698][ T744] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 33.514399][ T743] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 33.520788][ T744] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:127 [ 33.526893][ T743] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:127 [ 33.572111][ T746] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.720935][ T754] binder: Unknown parameter 'maxv/kvm' [ 33.792370][ T760] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 33.910284][ T764] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:145 [ 34.009774][ T766] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 34.112606][ T771] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.120977][ T771] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:149 [ 34.143385][ T775] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.154284][ T775] rust_binder: Error while translating object. [ 34.154284][ T774] rust_binder: Error while translating object. [ 34.154309][ T775] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 34.175155][ T774] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 34.176107][ T775] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:91 [ 34.189795][ T774] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:91 [ 34.196988][ T775] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.212911][ T783] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.220915][ T774] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.228147][ T333] Bluetooth: hci0: command 0x1003 tx timeout [ 34.240586][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 34.282376][ T789] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 34.320799][ T36] kauditd_printk_skb: 7 callbacks suppressed [ 34.320821][ T36] audit: type=1400 audit(1750318132.230:173): avc: denied { write } for pid=796 comm="syz.1.159" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 34.382921][ T797] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 34.392093][ T797] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 34.598127][ T36] audit: type=1400 audit(1750318132.510:174): avc: granted { setsecparam } for pid=825 comm="syz.1.168" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 34.598325][ T826] rust_binder: Write failure EINVAL in pid:130 [ 34.632271][ T827] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 34.654404][ T827] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:99 [ 34.690379][ T833] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 34.702278][ T831] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.710312][ T831] rust_binder: Error while translating object. [ 34.715176][ T835] kvm: kvm [828]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x186) = 0x3 [ 34.719236][ T831] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 34.731543][ T831] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:132 [ 34.811198][ T36] audit: type=1400 audit(1750318132.720:175): avc: denied { execute } for pid=838 comm="syz.0.172" path="/56/cgroup.stat" dev="tmpfs" ino=310 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 34.890572][ T850] tap0: tun_chr_ioctl cmd 1074025678 [ 34.896008][ T850] tap0: group set to 0 [ 34.936872][ T36] audit: type=1326 audit(1750318132.840:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.3.177" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c7958e929 code=0x0 [ 35.168791][ T36] audit: type=1400 audit(1750318133.080:177): avc: denied { load_policy } for pid=860 comm="syz.0.181" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 35.168802][ T861] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 35.168834][ T861] SELinux: failed to load policy [ 35.236374][ T863] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.302507][ T36] audit: type=1400 audit(1750318133.210:178): avc: denied { write } for pid=870 comm="syz.0.184" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.324563][ T36] audit: type=1400 audit(1750318133.210:179): avc: denied { remove_name } for pid=870 comm="syz.0.184" name="binder1" dev="binder" ino=44 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.348307][ T36] audit: type=1400 audit(1750318133.210:180): avc: denied { unlink } for pid=870 comm="syz.0.184" name="binder1" dev="binder" ino=44 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 35.419480][ T875] rust_binder: Write failure EINVAL in pid:103 [ 35.506571][ T881] binder: Binderfs stats mode cannot be changed during a remount [ 35.584833][ T893] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152 [ 35.585229][ T890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.605861][ T890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.609608][ T886] kvm: user requested TSC rate below hardware speed [ 35.615920][ T890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.622185][ T894] kvm: user requested TSC rate below hardware speed [ 35.630105][ T890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.636940][ T884] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=320745794 (2565966352 ns) > initial count (325012024 ns). Using initial count to start timer. [ 35.645435][ T890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.671488][ T890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.739716][ T36] audit: type=1326 audit(1750318133.650:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=895 comm="syz.1.191" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd891d8e929 code=0x0 [ 35.919240][ T905] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 36.100532][ T916] rust_binder: Error while translating object. [ 36.100573][ T916] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 36.106790][ T916] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:203 [ 36.269953][ T927] binder: Unknown parameter 'smaýkfsdef' [ 36.414602][ T955] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 36.457368][ T958] random: crng reseeded on system resumption [ 36.464713][ T36] audit: type=1400 audit(1750318134.360:183): avc: denied { write } for pid=956 comm="syz.2.212" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 36.506210][ T957] tap0: tun_chr_ioctl cmd 1074025677 [ 36.511698][ T957] tap0: linktype set to 774 [ 36.760813][ T971] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 36.816531][ T981] rust_binder: Read failure Err(EAGAIN) in pid:168 [ 37.022549][ T987] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:124 [ 37.165907][ T994] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 37.183926][ T994] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:126 [ 37.196590][ T993] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:126 [ 37.309578][ T1003] binder: Unknown parameter 'xt' [ 37.361401][ T1007] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 37.361432][ T1007] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:185 [ 37.378929][ T1009] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.384260][ T1007] rust_binder: Read failure Err(EAGAIN) in pid:185 [ 37.455656][ T1020] SELinux: syz.0.235 (1020) set checkreqprot to 1. This is no longer supported. [ 37.620127][ T1061] binder: Unknown parameter 'dont_hash' [ 37.682411][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 37.685273][ T1071] input: syz0 as /devices/virtual/input/input13 [ 37.688984][ T1067] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 37.720862][ T1072] SELinux: failed to load policy [ 37.936936][ T1085] binder: Unknown parameter 'nXI' [ 37.953414][ T1083] binder: Bad value for 'defcontext' [ 38.256113][ T1106] binder: Bad value for 'stats' [ 38.421903][ T1117] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:161 [ 38.422289][ T1111] binder: Bad value for 'max' [ 38.468475][ T1119] random: crng reseeded on system resumption [ 38.576157][ T1124] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:162 [ 38.576217][ T1124] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 38.585659][ T1124] rust_binder: Read failure Err(EFAULT) in pid:162 [ 38.842756][ T1132] binder: Bad value for 'max' [ 39.592556][ T1173] input: syz1 as /devices/virtual/input/input16 [ 39.598538][ T1179] rust_binder: Read failure Err(EAGAIN) in pid:167 [ 39.598878][ T36] kauditd_printk_skb: 63 callbacks suppressed [ 39.598893][ T36] audit: type=1400 audit(1750318137.500:246): avc: denied { read append } for pid=1175 comm="syz.3.281" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 39.598896][ T1177] rust_binder: Write failure EINVAL in pid:167 [ 39.607175][ T1180] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.658650][ T1184] input: syz1 as /devices/virtual/input/input17 [ 39.747640][ T1189] random: crng reseeded on system resumption [ 39.753722][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 39.753733][ T333] Bluetooth: hci0: command 0x1003 tx timeout [ 39.766739][ T36] audit: type=1400 audit(1750318137.670:247): avc: denied { ioctl } for pid=1187 comm="syz.2.284" path="/dev/snapshot" dev="devtmpfs" ino=21 ioctlcmd=0x3309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 39.907720][ T36] audit: type=1400 audit(1750318137.810:248): avc: denied { associate } for pid=1209 comm="syz.0.290" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 39.939735][ T36] audit: type=1400 audit(1750318137.810:249): avc: denied { write } for pid=1209 comm="syz.0.290" name="pfkey" dev="proc" ino=4026532894 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 39.942814][ T1217] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 39.963009][ T36] audit: type=1400 audit(1750318137.850:250): avc: denied { write } for pid=1216 comm="syz.2.293" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 39.995125][ T1224] binder: Unknown parameter '¡)ÙƒèFç^¡¹Ufo9—6ñzð³Ë˜KwpaðËÜoˆ¦~½DçÛÄ´Í#Þ' [ 40.014628][ T1229] rust_binder: Write failure EFAULT in pid:203 [ 40.021162][ T1227] input: syz1 as /devices/virtual/input/input19 [ 40.043171][ T36] audit: type=1326 audit(1750318137.950:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1230 comm="syz.3.296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c7958e929 code=0x0 [ 40.094444][ T1235] binder: Bad value for 'stats' [ 40.181226][ T1248] input: syz1 as /devices/virtual/input/input20 [ 40.258522][ T1252] syz.1.302 (1252) used obsolete PPPIOCDETACH ioctl [ 40.295317][ T36] audit: type=1400 audit(1750318138.200:252): avc: denied { read write } for pid=1261 comm="syz.0.305" name="uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 40.319806][ T36] audit: type=1400 audit(1750318138.200:253): avc: denied { open } for pid=1261 comm="syz.0.305" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 40.345442][ T36] audit: type=1400 audit(1750318138.210:254): avc: denied { ioctl } for pid=1261 comm="syz.0.305" path="/dev/uhid" dev="devtmpfs" ino=199 ioctlcmd=0x7213 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 40.409844][ T36] audit: type=1400 audit(1750318138.320:255): avc: denied { append } for pid=1269 comm="syz.2.309" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 40.475278][ T1272] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION duplicate cookie [ 40.482982][ T1272] rust_binder: Write failure EINVAL in pid:213 [ 40.759357][ T1314] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.766353][ T1314] rust_binder: Write failure EINVAL in pid:216 [ 40.774697][ T1314] rust_binder: Write failure EINVAL in pid:216 [ 40.793342][ T1319] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.811030][ T1321] binder: Binderfs stats mode cannot be changed during a remount [ 40.832446][ T1326] binder: Unknown parameter 'euid<00000000000000000000' [ 40.858116][ T1332] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 41.186976][ T1363] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:234 [ 41.330417][ T1376] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 41.351762][ T1376] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 41.405939][ T1381] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 41.504734][ T1391] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 41.554491][ T1399] binder: Unknown parameter 'subj_role' [ 41.655181][ T305] Bluetooth: hci0: Frame reassembly failed (-84) [ 41.655279][ T1404] binder: Unknown parameter 'defcontext01777777777777777777777' [ 41.715793][ T1417] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 41.745402][ T1419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:372 [ 41.814664][ T1426] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 41.914588][ T1430] binder: Bad value for 'stats' [ 41.916632][ T1436] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:246 [ 41.921296][ T1436] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:246 [ 42.049825][ T1446] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 42.070733][ T1446] SELinux: failed to load policy [ 42.142287][ T1459] binder: Unknown parameter '|‚ܬFs|’o8Âùcoftvxt' [ 42.176890][ T1461] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:381 [ 42.213793][ T1465] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 42.282414][ T1468] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 42.597110][ T1483] rust_binder: Read failure Err(EAGAIN) in pid:393 [ 42.627193][ T1490] tun0: tun_chr_ioctl cmd 1074025675 [ 42.639732][ T1490] tun0: persist disabled [ 42.645447][ T1490] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:274 [ 42.666041][ T1492] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.737632][ T1500] random: crng reseeded on system resumption [ 42.782027][ T1507] input: syz1 as /devices/virtual/input/input23 [ 42.797285][ T308] udevd[308]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory [ 42.931109][ T1520] input: syz1 as /devices/virtual/input/input24 [ 43.043635][ T1543] rust_binder: Error while translating object. [ 43.043667][ T1543] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 43.050811][ T1543] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:259 [ 43.114131][ T1550] random: crng reseeded on system resumption [ 43.214984][ T1552] input: syz0 as /devices/virtual/input/input27 [ 43.318802][ T1558] dump_vmcs: 59 callbacks suppressed [ 43.318833][ T1558] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 43.667951][ T333] Bluetooth: hci0: command 0x1003 tx timeout [ 43.667951][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 43.796802][ T1579] block device autoloading is deprecated and will be removed. [ 43.812022][ T1586] binder: Unknown parameter 'dont_hash' [ 43.893724][ T1594] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 43.938151][ T1600] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 43.969470][ T1606] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 44.265947][ T1636] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 44.309683][ T1640] input: syz0 as /devices/virtual/input/input32 [ 44.344307][ T1640] SELinux: failed to load policy [ 44.395724][ T1648] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 44.484137][ T1655] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 44.492636][ T1655] rust_binder: Error in use_page_slow: EBUSY [ 44.503093][ T1655] rust_binder: use_range failure EBUSY [ 44.509488][ T1655] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 44.514995][ T1655] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 44.522912][ T1655] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 44.532318][ T1655] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:313 [ 44.562277][ T1661] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:265 [ 44.582895][ T1661] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 220) [ 44.593622][ T1661] rust_binder: Error while translating object. [ 44.604766][ T1661] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 44.605203][ T1663] binder: Unknown parameter 'max000000000000001' [ 44.611272][ T1661] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:265 [ 44.757739][ T36] kauditd_printk_skb: 19 callbacks suppressed [ 44.757787][ T36] audit: type=1400 audit(1750318142.660:275): avc: denied { block_suspend } for pid=1668 comm="syz.0.447" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 44.759585][ T1669] binder: Unknown parameter 'smackfsroot' [ 44.826012][ T1677] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 44.860609][ T36] audit: type=1400 audit(1750318142.770:276): avc: denied { read open } for pid=1685 comm="syz.0.453" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 44.860721][ T1686] rust_binder: Write failure EINVAL in pid:450 [ 44.992282][ T1706] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 45.086671][ T1714] rust_binder: Error while translating object. [ 45.094672][ T1714] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 45.101097][ T1714] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:283 [ 45.158319][ T36] audit: type=1400 audit(1750318143.070:277): avc: denied { execute } for pid=1719 comm="syz.3.466" path="/dev/binderfs/binder0" dev="binder" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 45.226270][ T36] audit: type=1400 audit(1750318143.130:278): avc: denied { attach_queue } for pid=1728 comm="syz.3.468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 45.347580][ T1747] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:329 [ 45.348879][ T36] audit: type=1400 audit(1750318143.250:279): avc: denied { append } for pid=1746 comm="syz.1.475" name="binder0" dev="binder" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 45.362364][ T1751] input: syz1 as /devices/virtual/input/input35 [ 45.409265][ T1755] rust_binder: Read failure Err(EAGAIN) in pid:335 [ 45.419684][ T1758] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 45.419684][ T1759] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 45.455217][ T1762] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:341 [ 45.506978][ T36] audit: type=1400 audit(1750318143.410:280): avc: denied { sys_module } for pid=1769 comm="syz.1.481" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 45.540157][ T1773] rust_binder: Write failure EFAULT in pid:313 [ 45.582610][ T1776] kvm: kvm [1769]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff [ 45.630425][ T1777] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.630819][ T1777] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 45.638470][ T1775] rust_binder: Write failure EINVAL in pid:315 [ 45.688956][ T1779] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 45.812999][ T1789] input: syz1 as /devices/virtual/input/input36 [ 45.861248][ T1794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:320 [ 45.934891][ T1804] rust_binder: Error while translating object. [ 45.944393][ T1804] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 45.962571][ T1804] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:327 [ 45.964634][ T1806] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:338 [ 45.981481][ T36] audit: type=1400 audit(1750318143.870:281): avc: denied { ioctl } for pid=1805 comm="syz.2.494" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 ioctlcmd=0x9420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 45.998496][ T1804] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.026380][ T1804] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 46.036575][ T1804] rust_binder: Error while translating object. [ 46.048747][ T1804] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 46.054977][ T1804] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:327 [ 46.095973][ T1810] SELinux: security_context_str_to_sid () failed with errno=-22 [ 46.137286][ T1812] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:341 [ 46.194837][ T36] audit: type=1400 audit(1750318144.100:282): avc: denied { map } for pid=1817 comm="syz.3.498" path="/dev/ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 46.253506][ T1827] binder: Unknown parameter 'defcontext01777777777777777777777' [ 46.264409][ T1827] rust_binder: Error while translating object. [ 46.264436][ T1827] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 46.270768][ T1827] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:465 [ 46.310218][ T1829] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.343538][ T1831] SELinux: policydb version 51618937 does not match my version range 15-33 [ 46.358806][ T1831] SELinux: failed to load policy [ 46.401089][ T1835] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 46.401096][ T1837] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 46.438909][ T36] audit: type=1400 audit(1750318144.350:283): avc: denied { append } for pid=1843 comm="syz.3.506" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 46.520572][ T1855] binder: Unknown parameter 'uid<00000000000000060929' [ 46.521425][ T1854] binder: Unknown parameter 'uid<00000000000000060929' [ 46.551053][ T305] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 46.571311][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 46.586523][ T36] audit: type=1400 audit(1750318144.490:284): avc: denied { compute_member } for pid=1858 comm="syz.0.512" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 46.950849][ T1881] rust_binder: Write failure EINVAL in pid:480 [ 46.983320][ T1888] rust_binder: Failed to allocate buffer. len:65568, is_oneway:false [ 47.054552][ T1893] binder: Binderfs stats mode cannot be changed during a remount [ 47.098429][ T1904] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 47.131084][ T1906] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 47.142779][ T1895] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 47.142816][ T1895] rust_binder: Error in use_page_slow: EBUSY [ 47.153320][ T1895] rust_binder: use_range failure EBUSY [ 47.159531][ T1895] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 47.164999][ T1895] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 47.172723][ T1895] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 47.182100][ T1895] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:367 [ 47.256486][ T1917] binder: Unknown parameter 'Š9dŒÏ«Ò' [ 47.369629][ T1929] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 47.397068][ T1931] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 47.397226][ T1931] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 47.414569][ T1929] binder: Unknown parameter 'dont_hash' [ 47.422489][ T1932] binder: Unknown parameter 'dont_hash' [ 47.948823][ T1950] rust_binder: Write failure EINVAL in pid:385 [ 47.960744][ T1953] can0: slcan on ptm2. [ 47.972713][ T1953] binder: Bad value for 'stats' [ 48.048343][ T1952] can0 (unregistered): slcan off ptm2. [ 48.108456][ T1971] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 48.264596][ T1988] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 48.273829][ T1988] binder: Unknown parameter '' [ 48.330156][ T1991] rust_binder: Error while translating object. [ 48.330183][ T1991] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 48.336364][ T1991] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:399 [ 48.572490][ T2003] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.627936][ T1926] Bluetooth: hci0: command 0x1003 tx timeout [ 48.641162][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 48.746376][ T2012] rust_binder: Failed to allocate buffer. len:65568, is_oneway:false [ 48.792970][ T2017] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 48.822939][ T2019] rtc_cmos 00:00: Alarms can be up to one day in the future [ 48.877158][ T2023] input: syz1 as /devices/virtual/input/input41 [ 48.906313][ T2025] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.966795][ T2032] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.127326][ T2048] rust_binder: Write failure EINVAL in pid:517 [ 49.134790][ T2048] rust_binder: Write failure EINVAL in pid:517 [ 49.347896][ T333] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 49.357866][ T52] Bluetooth: hci1: command 0x1003 tx timeout [ 49.378239][ T2068] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:362 [ 49.401038][ T2067] ------------[ cut here ]------------ [ 49.415883][ T2067] WARNING: CPU: 1 PID: 2067 at mm/page_alloc.c:5157 __alloc_pages_noprof+0xe4/0x6c0 [ 49.425797][ T2067] Modules linked in: [ 49.429749][ T2067] CPU: 1 UID: 0 PID: 2067 Comm: syz.0.572 Not tainted 6.12.23-syzkaller-g30b14cdad458 #0 c708c6bafa1314b3e84c64b9f03b67766970ebbd [ 49.443454][ T2067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 49.454286][ T2067] RIP: 0010:__alloc_pages_noprof+0xe4/0x6c0 [ 49.458016][ T2076] kvm: apic: phys broadcast and lowest prio [ 49.460908][ T2067] Code: 0f 1f 44 00 00 41 83 fd 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d b4 7a ee 05 00 0f 85 c4 00 00 00 c6 05 a7 7a ee 05 01 <0f> 0b 31 c0 e9 b6 00 00 00 41 83 fd 0a 0f 87 aa 00 00 00 44 89 6c [ 49.466938][ T2076] kvm: Disabled LAPIC found during irq injection [ 49.486911][ T2067] RSP: 0018:ffffc9000abff680 EFLAGS: 00010246 [ 49.499454][ T2067] RAX: 0000000000000000 RBX: 1ffff9200157fed4 RCX: 0000000000000000 [ 49.507463][ T2067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000abff728 [ 49.515707][ T2067] RBP: ffffc9000abff7a8 R08: ffffc9000abff727 R09: 0000000000000000 [ 49.523737][ T2067] R10: ffffc9000abff710 R11: fffff5200157fee5 R12: ffffc9000abff6c0 [ 49.531759][ T2067] R13: 0000000000000011 R14: dffffc0000000000 R15: 0000000000000000 [ 49.539894][ T2067] FS: 00007f85f48af6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 49.548877][ T2067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.555489][ T2067] CR2: 0000200000006000 CR3: 000000011e4dc000 CR4: 00000000003526b0 [ 49.563522][ T2067] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.571546][ T2067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.579603][ T2067] Call Trace: [ 49.582992][ T2067] [ 49.585946][ T2067] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 49.591765][ T2067] ? __kasan_slab_alloc+0x73/0x90 [ 49.596822][ T2067] ? hashtab_init+0xdb/0x1f0 [ 49.601498][ T2067] ___kmalloc_large_node+0x9c/0x1d0 [ 49.606746][ T2067] ? ebitmap_read+0x21d/0x990 [ 49.611488][ T2067] ? hashtab_init+0xdb/0x1f0 [ 49.616116][ T2067] __kmalloc_large_node_noprof+0x1e/0xe0 [ 49.621832][ T2067] ? hashtab_init+0xdb/0x1f0 [ 49.626456][ T2067] __kmalloc_noprof+0x26d/0x450 [ 49.631385][ T2067] hashtab_init+0xdb/0x1f0 [ 49.635820][ T2067] ? policydb_read+0x86f/0x28c0 [ 49.640723][ T2067] symtab_init+0x44/0x70 [ 49.645026][ T2067] policydb_read+0x8fe/0x28c0 [ 49.649751][ T2067] ? kasan_save_alloc_info+0x40/0x50 [ 49.655058][ T2067] ? __cfi_policydb_read+0x10/0x10 [ 49.660280][ T2067] ? security_load_policy+0x128/0x12f0 [ 49.665768][ T2067] security_load_policy+0x162/0x12f0 [ 49.671106][ T2067] ? irqentry_exit+0x4a/0x60 [ 49.675718][ T2067] ? exc_page_fault+0x66/0xc0 [ 49.680425][ T2067] ? asm_exc_page_fault+0x2b/0x30 [ 49.685470][ T2067] ? __cfi_security_load_policy+0x10/0x10 [ 49.691245][ T2067] ? rep_movs_alternative+0x4a/0xa0 [ 49.696465][ T2067] sel_write_load+0x298/0x5e0 [ 49.701285][ T2067] ? futex_wait+0x288/0x540 [ 49.705805][ T2067] ? __cfi_sel_write_load+0x10/0x10 [ 49.711041][ T2067] ? __cfi_futex_wait+0x10/0x10 [ 49.715907][ T2067] ? bpf_lsm_file_permission+0xd/0x20 [ 49.721317][ T2067] ? __cfi_sel_write_load+0x10/0x10 [ 49.726543][ T2067] vfs_write+0x3c0/0xe80 [ 49.730815][ T2067] ? __cfi_vfs_write+0x10/0x10 [ 49.735609][ T2067] ? __kasan_check_write+0x18/0x20 [ 49.740761][ T2067] ? mutex_lock+0x92/0x1c0 [ 49.745202][ T2067] ? __cfi_mutex_lock+0x10/0x10 [ 49.750207][ T2067] ? __fget_files+0x2c5/0x340 [ 49.754916][ T2067] ksys_write+0x141/0x250 [ 49.759319][ T2067] ? xfd_validate_state+0x68/0x150 [ 49.764453][ T2067] ? __cfi_ksys_write+0x10/0x10 [ 49.769354][ T2067] ? __kasan_check_write+0x18/0x20 [ 49.774485][ T2067] ? fpregs_restore_userregs+0x11d/0x260 [ 49.780278][ T2067] __x64_sys_write+0x7f/0x90 [ 49.784991][ T2067] x64_sys_call+0x271c/0x2ee0 [ 49.789744][ T2067] do_syscall_64+0x58/0xf0 [ 49.794399][ T2067] ? clear_bhb_loop+0x35/0x90 [ 49.799295][ T2067] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 49.805421][ T2067] RIP: 0033:0x7f85f398e929 [ 49.809986][ T2067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.830100][ T2067] RSP: 002b:00007f85f48af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.838748][ T2067] RAX: ffffffffffffffda RBX: 00007f85f3bb5fa0 RCX: 00007f85f398e929 [ 49.846740][ T2067] RDX: 000000000000606c RSI: 0000200000000000 RDI: 0000000000000003 [ 49.855050][ T2067] RBP: 00007f85f3a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 49.863087][ T2067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.871121][ T2067] R13: 0000000000000000 R14: 00007f85f3bb5fa0 R15: 00007ffd240c4318 [ 49.879338][ T2067] [ 49.882377][ T2067] ---[ end trace 0000000000000000 ]--- [ 49.887987][ T2067] SELinux: failed to load policy [ 49.893596][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 49.903317][ T2067] SELinux: failed to load policy [ 49.910113][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 49.922225][ T2067] SELinux: failed to load policy [ 49.927394][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 49.937240][ T2067] SELinux: failed to load policy [ 49.942378][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 49.952507][ T2067] SELinux: failed to load policy [ 49.957655][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 49.967912][ T2067] SELinux: failed to load policy [ 49.973211][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 49.983273][ T2067] SELinux: failed to load policy [ 49.989052][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 49.998761][ T2067] SELinux: failed to load policy [ 50.003983][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.013602][ T2067] SELinux: failed to load policy [ 50.019124][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.028854][ T2067] SELinux: failed to load policy [ 50.033937][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.045292][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.055138][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.065213][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.075163][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.084879][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.094660][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.104425][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.114176][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.124051][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.133806][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.143574][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.153399][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.163591][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.173933][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.184057][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.193824][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 50.203691][ T2067] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c