last executing test programs: 20.063455753s ago: executing program 2 (id=1217): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x1b) read(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000002b80)={'geneve1\x00', @local}) mmap(&(0x7f0000ffc000/0x1000)=nil, 0xfffffffffffff002, 0x0, 0x32, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xa1) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x404, &(0x7f0000000180)=ANY=[]) r5 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x1, 0x2) write$FUSE_NOTIFY_RETRIEVE(r5, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000100)=@x86={0x2, 0xd, 0xb1, 0x0, 0x81, 0xfc, 0x9, 0x5, 0xd2, 0xb0, 0x2f, 0x4, 0x0, 0x2, 0x2, 0xd, 0xc5, 0x6, 0x3, '\x00', 0x7, 0xed}) 19.953571825s ago: executing program 2 (id=1220): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/custom0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x400c6314}], 0x0, 0x0, 0x0}) 19.947010475s ago: executing program 2 (id=1221): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_serviced\x00', 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x4008af10, &(0x7f0000002980)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r6, 0x4188aea7, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000000000000700000000000020810000000000000058"]) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00', 0x10}) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r7, &(0x7f0000000300)={0x2020}, 0x2020) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r12, 0x40345410, &(0x7f00000000c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r12, 0x40505412, &(0x7f0000000040)={0x4, 0x3, 0x80}) r13 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x200) ioctl$KVM_SET_MSRS(r13, 0x4008ae89, &(0x7f0000000540)=ANY=[@ANYBLOB="0100000000000000b4c20040000000000800000000000000"]) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x4c) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r8, 0x400000000) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r8, 0x10) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000002340)={0x1, 0x0, @ioapic={0xd000, 0xfffffff3, 0x6, 0x7, 0x0, [{0x0, 0x25, 0x0, '\x00', 0x9}, {0x7, 0x81, 0x8, '\x00', 0x2}, {0xb, 0x2, 0x6, '\x00', 0xa}, {0x9, 0x81, 0xd4}, {0x9, 0x7, 0x3, '\x00', 0x8}, {0xa, 0xf1, 0x3, '\x00', 0x4}, {0x0, 0x2, 0x4, '\x00', 0x81}, {0x9, 0x4f, 0x40, '\x00', 0x2}, {0x1, 0xff, 0x3}, {0x1, 0x6, 0x2, '\x00', 0xac}, {0x2, 0xc0, 0x8}, {0x3, 0xf4, 0x6, '\x00', 0x2c}, {0x4, 0x3, 0x7, '\x00', 0x20}, {0x0, 0x10, 0x7, '\x00', 0xfd}, {0x7, 0xff, 0x5, '\x00', 0x6}, {0x9, 0x5, 0x2}, {0x3, 0xfc, 0x7, '\x00', 0x61}, {0x8, 0x1, 0x4, '\x00', 0x49}, {0x4, 0xf, 0x6, '\x00', 0x9d}, {0x7, 0x6, 0x2}, {0xb, 0xfc, 0x7b, '\x00', 0x1}, {0x0, 0x9, 0x3, '\x00', 0xa4}, {0x7f, 0x7f, 0xe0, '\x00', 0x3}, {0x8, 0x2, 0x6, '\x00', 0x1}]}}) 19.743397058s ago: executing program 2 (id=1226): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_ALM_READ(r0, 0x40187014, &(0x7f0000000180)) mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$RTC_ALM_READ(r0, 0x40187014, &(0x7f0000000180)) (async) mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) (async) 19.685371399s ago: executing program 2 (id=1228): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r1, 0x400454cc, 0x206) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSTI(r3, 0x5412, 0x0) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) read(r4, &(0x7f0000000080)=""/93, 0xffffff6c) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000280)=0x10) ioctl$TCXONC(r5, 0x540a, 0x2) 18.93334541s ago: executing program 2 (id=1245): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xe5, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 3.26854179s ago: executing program 32 (id=1245): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xe5, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.397294398s ago: executing program 3 (id=1521): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0xa0, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x925a1bcfd5104300, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000140)={@flat=@binder={0x73622a85, 0x1100, 0x3}, @flat=@weak_handle={0x77682a85, 0x1, 0x3}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/158, 0x9e, 0x2, 0x34}, @fda={0x66646185, 0x2, 0x1, 0x11}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000080)={0x0, 0x28, 0x48}}, 0x400}], 0x89, 0x0, &(0x7f0000000440)="37d50d006bb2ca2997a0f9b8efdb67b22b41a738207b284d4a5c372f6443cbc7a57ba98813d05538ca3bb92428cf48db99645e2c44f70ee865662122e233ffd75fd8c69b354e10d4bc17b161e17fc984cca439f97c7a90286b834726f13fb48f7fc1443a66cf7b0fbcf40e3a65e6713db397df996dbf5a21ae123d831b91c320fc786390a8d9a4456b"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x50, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0}) 1.149947402s ago: executing program 3 (id=1523): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000580)={0x0, 0x4000001, 0x0, 0x0, 0x0, 0x4000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x5, 0x0, &(0x7f0000000040)=[@release={0x40046306, 0x1}], 0x19, 0x0, 0x0}) 1.092574273s ago: executing program 4 (id=1501): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1dd, 0x0, 0x390}]}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) (async) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x0, 0xfe, 0x0, 0x8}}) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2000000002) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x2ff, 0x0, 0xb5b1}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 1.019109695s ago: executing program 3 (id=1525): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f00000c0000)=nil, 0x0, 0x1, 0x11, r0, 0x5) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f0000000000)={0x2, 0x0, [{0x80000000, 0xffffffff, 0x9, 0x9bc, 0x4}, {0x1, 0x0, 0x8, 0x1, 0x130}]}) ioctl$FIONCLEX(r1, 0x5450) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000001, 0x8032, 0xffffffffffffffff, 0x21353000) 1.018167824s ago: executing program 1 (id=1478): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x10a02, 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c2) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x200) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x140, 0x50) (async) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mkdirat(r2, &(0x7f00000001c0)='./file0/file0\x00', 0x100) (async, rerun: 32) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (rerun: 32) ioctl$BLKOPENZONE(r3, 0x40101286, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)={0x8, 0x0, [{0xa7a, 0x0, 0x83}, {0x9af, 0x0, 0x9}, {0xacd, 0x0, 0x5}, {0xab0, 0x0, 0x7}, {0x9a9, 0x0, 0xfff}, {0x1db, 0x0, 0x100000000}, {0x31e, 0x0, 0x4}, {0x3a6, 0x0, 0x9}]}) (async) r6 = openat$cgroup_ro(r2, &(0x7f0000000240)='pids.events\x00', 0x0, 0x0) read(r6, &(0x7f0000000280)=""/12, 0xc) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$TUNGETDEVNETNS(r7, 0xff03, 0x0) (rerun: 64) ioctl$TUNGETDEVNETNS(r4, 0xff01, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x29) (async, rerun: 64) close_range(r1, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) 907.703916ms ago: executing program 0 (id=1527): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x310a, 0x1}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000cf0800004503"]) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @flat=@handle={0x73682a85, 0xa, 0x3}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) 905.970366ms ago: executing program 4 (id=1501): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1dd, 0x0, 0x390}]}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) (async) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x0, 0xfe, 0x0, 0x8}}) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2000000002) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x2ff, 0x0, 0xb5b1}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 803.157898ms ago: executing program 0 (id=1528): ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000340)={0x1e0003, 0x0, [0xd, 0xff, 0xfffffffffffffff7, 0x3e00000000000000, 0x7fffffff, 0x7, 0x9, 0x8]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[0x8aba, 0x4, 0x2, 0x804, 0x7, 0xf, 0x120000, 0x5, 0x0, 0x8, 0xfff, 0x2, 0x0, 0x101, 0x3, 0x1], 0x8000000, 0x141200}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0xa, 0x3, 0x8, 0x0, 0xdeca, 0x3, 0x4, 0x9, 0x1, 0x36, 0x9, 0x9d, 0x0, 0xd9be, 0x4, 0x40, 0x4, 0x7f, 0x5, '\x00', 0x0, 0xfffffffffffff1d5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="82000000000000008204"]) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x400, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00') r10 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r10, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r10, 0x4008af03, &(0x7f00000002c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r10, 0x4004af61, &(0x7f0000000000)=0x1) close(r8) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x40002, 0x0) 801.379158ms ago: executing program 1 (id=1478): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x10a02, 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c2) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x200) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x140, 0x50) (async) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mkdirat(r2, &(0x7f00000001c0)='./file0/file0\x00', 0x100) (async, rerun: 32) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (rerun: 32) ioctl$BLKOPENZONE(r3, 0x40101286, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)={0x8, 0x0, [{0xa7a, 0x0, 0x83}, {0x9af, 0x0, 0x9}, {0xacd, 0x0, 0x5}, {0xab0, 0x0, 0x7}, {0x9a9, 0x0, 0xfff}, {0x1db, 0x0, 0x100000000}, {0x31e, 0x0, 0x4}, {0x3a6, 0x0, 0x9}]}) (async) r6 = openat$cgroup_ro(r2, &(0x7f0000000240)='pids.events\x00', 0x0, 0x0) read(r6, &(0x7f0000000280)=""/12, 0xc) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$TUNGETDEVNETNS(r7, 0xff03, 0x0) (rerun: 64) ioctl$TUNGETDEVNETNS(r4, 0xff01, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x29) (async, rerun: 64) close_range(r1, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) 697.355119ms ago: executing program 3 (id=1529): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @fd, @ptr={0x70742a85, 0x2, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1000}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @fd, @ptr={0x70742a85, 0x2, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) (async) 693.253809ms ago: executing program 4 (id=1501): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1dd, 0x0, 0x390}]}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) (async) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x0, 0xfe, 0x0, 0x8}}) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2000000002) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x2ff, 0x0, 0xb5b1}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 583.610951ms ago: executing program 1 (id=1478): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x10a02, 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c2) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x200) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x140, 0x50) (async) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mkdirat(r2, &(0x7f00000001c0)='./file0/file0\x00', 0x100) (async, rerun: 32) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (rerun: 32) ioctl$BLKOPENZONE(r3, 0x40101286, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)={0x8, 0x0, [{0xa7a, 0x0, 0x83}, {0x9af, 0x0, 0x9}, {0xacd, 0x0, 0x5}, {0xab0, 0x0, 0x7}, {0x9a9, 0x0, 0xfff}, {0x1db, 0x0, 0x100000000}, {0x31e, 0x0, 0x4}, {0x3a6, 0x0, 0x9}]}) (async) r6 = openat$cgroup_ro(r2, &(0x7f0000000240)='pids.events\x00', 0x0, 0x0) read(r6, &(0x7f0000000280)=""/12, 0xc) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$TUNGETDEVNETNS(r7, 0xff03, 0x0) (rerun: 64) ioctl$TUNGETDEVNETNS(r4, 0xff01, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x29) (async, rerun: 64) close_range(r1, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) 511.631152ms ago: executing program 3 (id=1530): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x10000, 0x2000, &(0x7f000000f000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10201, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000ffe000/0x1000)=nil}) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'nr0\x00', 0x2}) (async) ioctl$TUNATTACHFILTER(r7, 0x401054d5, &(0x7f0000000600)={0x2, &(0x7f0000000340)=[{0x5c}, {0x6}]}) (async) write$cgroup_pid(r6, &(0x7f00000001c0), 0x12) (async) r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r8, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1}) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) close(0xffffffffffffffff) (async) r9 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$selinux_attr(r9, 0x0, 0x0) (async) ioctl$BLKRRPART(r3, 0x125f, 0x0) 511.192082ms ago: executing program 4 (id=1501): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1dd, 0x0, 0x390}]}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) (async) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x0, 0xfe, 0x0, 0x8}}) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2000000002) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x2ff, 0x0, 0xb5b1}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 353.651474ms ago: executing program 0 (id=1531): r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x10200, 0x0) ioctl$PTP_PIN_GETFUNC(r0, 0xc0603d06, &(0x7f0000000040)={'\x00', 0x1, 0x1, 0x9}) (async) ioctl$PTP_PIN_GETFUNC(r0, 0xc0603d06, &(0x7f0000000040)={'\x00', 0x1, 0x1, 0x9}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x1, 0x1, &(0x7f00000000c0)={0xb6, 0x1}}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x1, 0x1, &(0x7f00000000c0)={0xb6, 0x1}}) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) (async) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002180)='./cgroup/syz1\x00', 0x200002, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002180)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f00000021c0)={0x0, "a136123621777b1cbce68d1843054083740d783081b3c95017b216fad997f718a0dd66609c09a44832b67aa9d504f9a7d59d7ed8ca52311a9fc8753b91b7639fcf0346f62dae2a71086b7152661146a97b8f41ee830dd32bbb89ad6cc89fc9fd7e8c257347ba6c8d15d4c3fa205901353348f7fa82aab2cd2fbc00c20b4b5bc500ed6c2662731bf63b2a7e1ccbaff7ab2eddbb437188c8294cc3de95d80817322edb4e9ec122ba56acca11f4d0cf61171dc5424748bc662cf22efdbd22bb6adc8904b022e25adf222d45a93696a5dbac75fffa86dee972ec94a0f09c2d4493722217c7ded13121f4bb06272dba665e061da8f8bf2a579f9e115c99294f21e451e550c269acbf142dfe0c50762b4676f44198aa41887baa1d9705f9438db691a59f37c937d5e221fda4c76807e980bf1bbf2424ec75574c6775ea9b34294e4c410fa9e03e1279a57e278d1f4ba7402c46fb46df751b5bacb2166aecf7d16bafd6184c4b029710093b5a7125bbcfb8d7e7be792bbcae8792ae638ae504595cc1df61c84d881f8078decafe311f3bb0e8b60cb10f62b3f8be5701b66dc98690519caee20a9d192662f13b672e0788985d759ebfc27110dc182cc424d54eb8e2a217faa3ffbc63a5ed2f2a134d1a18ba265d118ea6c985c11982211181915766763e2edc0ab96a4e58c96813368e3cd595a75daf24fc11efc31b35d6c8c65e2d84c9"}) (async) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f00000021c0)={0x0, "a136123621777b1cbce68d1843054083740d783081b3c95017b216fad997f718a0dd66609c09a44832b67aa9d504f9a7d59d7ed8ca52311a9fc8753b91b7639fcf0346f62dae2a71086b7152661146a97b8f41ee830dd32bbb89ad6cc89fc9fd7e8c257347ba6c8d15d4c3fa205901353348f7fa82aab2cd2fbc00c20b4b5bc500ed6c2662731bf63b2a7e1ccbaff7ab2eddbb437188c8294cc3de95d80817322edb4e9ec122ba56acca11f4d0cf61171dc5424748bc662cf22efdbd22bb6adc8904b022e25adf222d45a93696a5dbac75fffa86dee972ec94a0f09c2d4493722217c7ded13121f4bb06272dba665e061da8f8bf2a579f9e115c99294f21e451e550c269acbf142dfe0c50762b4676f44198aa41887baa1d9705f9438db691a59f37c937d5e221fda4c76807e980bf1bbf2424ec75574c6775ea9b34294e4c410fa9e03e1279a57e278d1f4ba7402c46fb46df751b5bacb2166aecf7d16bafd6184c4b029710093b5a7125bbcfb8d7e7be792bbcae8792ae638ae504595cc1df61c84d881f8078decafe311f3bb0e8b60cb10f62b3f8be5701b66dc98690519caee20a9d192662f13b672e0788985d759ebfc27110dc182cc424d54eb8e2a217faa3ffbc63a5ed2f2a134d1a18ba265d118ea6c985c11982211181915766763e2edc0ab96a4e58c96813368e3cd595a75daf24fc11efc31b35d6c8c65e2d84c9"}) write$FUSE_WRITE(r0, &(0x7f0000002400)={0x18, 0x0, r1, {0xdc9}}, 0x18) (async) write$FUSE_WRITE(r0, &(0x7f0000002400)={0x18, 0x0, r1, {0xdc9}}, 0x18) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000002440)) read$FUSE(r0, &(0x7f0000002480)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000002480)={0x2020}, 0x2020) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f00000044c0)={0x0, 0x4, [@dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, @broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}, @random="822ffc12ef24"]}) close(r2) ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000004500)={0x1fe, 0x5, 0xc0fa002, 0x1000, &(0x7f0000ffd000/0x1000)=nil, 0x1f6, r0}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000045c0)='./binderfs2/binder1\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x23e7) r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000004600), 0x1, 0x0) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000004640)) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000004680), 0x80000, 0x0) close(r5) (async) close(r5) ioctl$TIOCL_UNBLANKSCREEN(r5, 0x541c, &(0x7f00000046c0)) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) read$FUSE(r4, &(0x7f0000004700)={0x2020}, 0x2020) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f0000006740)={0x9, [{0x0}], 0xb7, "cc76b6b5060c6c"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r2, 0xc0709411, &(0x7f0000007740)={{r6, 0x3, 0x80, 0x3, 0xb9b, 0x2, 0x100000000, 0x5, 0x6, 0x5, 0x3, 0x400, 0x8, 0x8, 0x9}, 0x10, [0x0, 0x0]}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f00000077c0)={0x2, 0x0, [{0x80a, 0x0, 0x4}, {0x13, 0x0, 0x2}]}) (async) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f00000077c0)={0x2, 0x0, [{0x80a, 0x0, 0x4}, {0x13, 0x0, 0x2}]}) read$FUSE(r0, &(0x7f0000007800)={0x2020}, 0x2020) openat$kvm(0xffffffffffffff9c, &(0x7f0000009840), 0x800, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) (async) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 352.124374ms ago: executing program 1 (id=1478): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x10a02, 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c2) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x200) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x140, 0x50) (async) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mkdirat(r2, &(0x7f00000001c0)='./file0/file0\x00', 0x100) (async, rerun: 32) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (rerun: 32) ioctl$BLKOPENZONE(r3, 0x40101286, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)={0x8, 0x0, [{0xa7a, 0x0, 0x83}, {0x9af, 0x0, 0x9}, {0xacd, 0x0, 0x5}, {0xab0, 0x0, 0x7}, {0x9a9, 0x0, 0xfff}, {0x1db, 0x0, 0x100000000}, {0x31e, 0x0, 0x4}, {0x3a6, 0x0, 0x9}]}) (async) r6 = openat$cgroup_ro(r2, &(0x7f0000000240)='pids.events\x00', 0x0, 0x0) read(r6, &(0x7f0000000280)=""/12, 0xc) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$TUNGETDEVNETNS(r7, 0xff03, 0x0) (rerun: 64) ioctl$TUNGETDEVNETNS(r4, 0xff01, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x29) (async, rerun: 64) close_range(r1, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) 303.274375ms ago: executing program 0 (id=1532): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6d61783d303f303030303030303030303030303030303030304e3cead9"]) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) 300.616305ms ago: executing program 4 (id=1501): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1dd, 0x0, 0x390}]}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) (async) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x0, 0xfe, 0x0, 0x8}}) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2000000002) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x2ff, 0x0, 0xb5b1}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 197.013147ms ago: executing program 3 (id=1533): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom1\x00', 0x800, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom1\x00', 0x800, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x1, 0xeeef0000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r2 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xc0010055, 0x0, 0x4}]}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xc, 0x0, &(0x7f0000000340)=[@free_buffer={0x40086303, r2}], 0x0, 0x0, 0x0}) 196.200977ms ago: executing program 0 (id=1534): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0x8008770b, 0x2) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000200)=0x1) close(0x3) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) 195.597407ms ago: executing program 1 (id=1478): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x10a02, 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c2) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x200) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x140, 0x50) (async) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mkdirat(r2, &(0x7f00000001c0)='./file0/file0\x00', 0x100) (async, rerun: 32) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (rerun: 32) ioctl$BLKOPENZONE(r3, 0x40101286, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)={0x8, 0x0, [{0xa7a, 0x0, 0x83}, {0x9af, 0x0, 0x9}, {0xacd, 0x0, 0x5}, {0xab0, 0x0, 0x7}, {0x9a9, 0x0, 0xfff}, {0x1db, 0x0, 0x100000000}, {0x31e, 0x0, 0x4}, {0x3a6, 0x0, 0x9}]}) (async) r6 = openat$cgroup_ro(r2, &(0x7f0000000240)='pids.events\x00', 0x0, 0x0) read(r6, &(0x7f0000000280)=""/12, 0xc) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$TUNGETDEVNETNS(r7, 0xff03, 0x0) (rerun: 64) ioctl$TUNGETDEVNETNS(r4, 0xff01, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x29) (async, rerun: 64) close_range(r1, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) 106.898918ms ago: executing program 4 (id=1501): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1dd, 0x0, 0x390}]}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) (async) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x6, 0xc, 0x7, 0x7, 0x6, 0x7b, 0x7, 0x9, 0x7, 0xbe, 0x1, 0x8, 0x9, 0x97, 0x9, 0x5}}) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x0, 0xfe, 0x0, 0x8}}) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2000000002) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x2ff, 0x0, 0xb5b1}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 433.66µs ago: executing program 0 (id=1535): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000140)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 0s ago: executing program 1 (id=1478): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x10a02, 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c2) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x200) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x140, 0x50) (async) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mkdirat(r2, &(0x7f00000001c0)='./file0/file0\x00', 0x100) (async, rerun: 32) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (rerun: 32) ioctl$BLKOPENZONE(r3, 0x40101286, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)={0x8, 0x0, [{0xa7a, 0x0, 0x83}, {0x9af, 0x0, 0x9}, {0xacd, 0x0, 0x5}, {0xab0, 0x0, 0x7}, {0x9a9, 0x0, 0xfff}, {0x1db, 0x0, 0x100000000}, {0x31e, 0x0, 0x4}, {0x3a6, 0x0, 0x9}]}) (async) r6 = openat$cgroup_ro(r2, &(0x7f0000000240)='pids.events\x00', 0x0, 0x0) read(r6, &(0x7f0000000280)=""/12, 0xc) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) (async) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) ioctl$TUNGETDEVNETNS(r7, 0xff03, 0x0) (rerun: 64) ioctl$TUNGETDEVNETNS(r4, 0xff01, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x29) (async, rerun: 64) close_range(r1, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) kernel console output (not intermixed with test programs): inux: policydb magic number 0x732e6f69 does not match expected magic number 0xf97cff8c [ 28.253627][ T314] SELinux: failed to load policy [ 28.260941][ T328] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 28.432724][ T335] SELinux: failed to load policy [ 28.729047][ T370] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.739262][ T374] input: syz0 as /devices/virtual/input/input4 [ 28.765632][ T374] binder: Unknown parameter '0177777777777777777777701777777777777777777777' [ 28.924215][ T386] input: syz0 as /devices/virtual/input/input5 [ 29.054188][ T397] rust_binder: got new transaction with bad transaction stack [ 29.054212][ T397] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:30 [ 29.075127][ T411] rust_binder: Write failure EINVAL in pid:8 [ 29.148562][ T422] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.159999][ T422] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.297322][ T440] vhost-439: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=syz3,mems_allowed=0 [ 29.320508][ T440] CPU: 1 UID: 0 PID: 440 Comm: vhost-439 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 29.320531][ T440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 29.320538][ T440] Call Trace: [ 29.320543][ T440] [ 29.320548][ T440] __dump_stack+0x21/0x30 [ 29.320567][ T440] dump_stack_lvl+0x10c/0x190 [ 29.320583][ T440] ? __cfi_dump_stack_lvl+0x10/0x10 [ 29.320599][ T440] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 29.320619][ T440] dump_stack+0x19/0x20 [ 29.320634][ T440] warn_alloc+0x1bc/0x2a0 [ 29.320649][ T440] ? kasan_save_track+0x3e/0x80 [ 29.320668][ T440] ? __cfi_warn_alloc+0x10/0x10 [ 29.320682][ T440] ? __get_vm_area_node+0x1dc/0x3a0 [ 29.320697][ T440] ? kcov_remote_start+0x20a/0x3c0 [ 29.320713][ T440] __vmalloc_node_range_noprof+0x68e/0x1420 [ 29.320731][ T440] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 29.320757][ T440] ? kcov_remote_start+0x20a/0x3c0 [ 29.320772][ T440] vmalloc_noprof+0xfd/0x1d0 [ 29.320785][ T440] ? kcov_remote_start+0x20a/0x3c0 [ 29.320799][ T440] ? __kasan_check_write+0x18/0x20 [ 29.320814][ T440] ? _raw_spin_lock+0x8c/0x120 [ 29.320830][ T440] ? __cfi_vmalloc_noprof+0x10/0x10 [ 29.320849][ T440] kcov_remote_start+0x20a/0x3c0 [ 29.320867][ T440] vhost_run_work_list+0xf6/0x190 [ 29.320889][ T440] ? __cfi_vhost_run_work_list+0x10/0x10 [ 29.320911][ T440] vhost_task_fn+0x23e/0x3b0 [ 29.320936][ T440] ? __cfi_vhost_task_fn+0x10/0x10 [ 29.320959][ T440] ? __kasan_check_write+0x18/0x20 [ 29.320978][ T440] ? recalc_sigpending+0x16d/0x1d0 [ 29.321001][ T440] ? _raw_spin_unlock_irq+0x45/0x70 [ 29.321022][ T440] ? calculate_sigpending+0x81/0x90 [ 29.321046][ T440] ? __cfi_vhost_task_fn+0x10/0x10 [ 29.321068][ T440] ret_from_fork+0x64/0xa0 [ 29.321088][ T440] ? __cfi_vhost_task_fn+0x10/0x10 [ 29.321110][ T440] ret_from_fork_asm+0x1a/0x30 [ 29.321132][ T440] RIP: 0033:0x0 [ 29.321146][ T440] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 29.321155][ T440] RSP: 002b:0000000000000000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.321174][ T440] RAX: 0000000000000000 RBX: 00007fe4073b5fa0 RCX: 00007fe40718e929 [ 29.321188][ T440] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000003 [ 29.321199][ T440] RBP: 00007fe407210b39 R08: 0000000000000000 R09: 0000000000000000 [ 29.321211][ T440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 29.321222][ T440] R13: 0000000000000000 R14: 00007fe4073b5fa0 R15: 00007fff4d640a18 [ 29.321238][ T440] [ 29.321245][ T440] Mem-Info: [ 29.573305][ T440] active_anon:4664 inactive_anon:0 isolated_anon:0 [ 29.573305][ T440] active_file:5774 inactive_file:2170 isolated_file:0 [ 29.573305][ T440] unevictable:0 dirty:1267 writeback:0 [ 29.573305][ T440] slab_reclaimable:4051 slab_unreclaimable:69940 [ 29.573305][ T440] mapped:23807 shmem:165 pagetables:746 [ 29.573305][ T440] sec_pagetables:0 bounce:0 [ 29.573305][ T440] kernel_misc_reclaimable:0 [ 29.573305][ T440] free:1556407 free_pcp:1873 free_cma:0 [ 29.618715][ T440] Node 0 active_anon:18636kB inactive_anon:0kB active_file:23096kB inactive_file:8680kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:95228kB dirty:5068kB writeback:0kB shmem:660kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4072kB pagetables:2984kB sec_pagetables:0kB all_unreclaimable? no [ 29.653629][ T440] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2966004kB mlocked:0kB bounce:0kB free_pcp:5792kB local_pcp:64kB free_cma:0kB [ 29.684838][ T440] lowmem_reserve[]: 0 3921 3921 [ 29.696741][ T440] Normal free:3260748kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18536kB inactive_anon:0kB active_file:23196kB inactive_file:8680kB unevictable:0kB writepending:5068kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:5608kB local_pcp:1468kB free_cma:0kB [ 29.729024][ T440] lowmem_reserve[]: 0 0 0 [ 29.734562][ T440] DMA32: 5*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 3*128kB (M) 4*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB [ 29.747411][ T451] binder: Bad value for 'stats' [ 29.752923][ T440] Normal: 0*4kB 2*8kB (UE) 17*16kB (UME) 122*32kB (UM) 102*64kB (UME) 62*128kB (UME) 39*256kB (UME) 12*512kB (UME) 9*1024kB (M) 6*2048kB (UME) 783*4096kB (M) = 3263456kB [ 29.772772][ T440] 8187 total pagecache pages [ 29.777680][ T440] 0 pages in swap cache [ 29.781905][ T440] Free swap = 124996kB [ 29.786065][ T440] Total swap = 124996kB [ 29.790390][ T440] 2097051 pages RAM [ 29.794223][ T440] 0 pages HighMem/MovableOnly [ 29.798945][ T440] 351520 pages reserved [ 29.803196][ T440] 0 pages cma reserved [ 29.808206][ T440] Memory allocations: [ 29.812246][ T440] 0 B 0 init/main.c:1370 func:do_initcalls [ 29.819498][ T440] 0 B 0 init/do_mounts.c:186 func:mount_root_generic [ 29.827634][ T440] 0 B 0 init/do_mounts.c:158 func:do_mount_root [ 29.835297][ T440] 0 B 0 init/do_mounts.c:352 func:mount_nodev_root [ 29.843237][ T440] 0 B 0 init/do_mounts_rd.c:241 func:rd_load_image [ 29.852376][ T440] 0 B 0 init/do_mounts_rd.c:72 func:identify_ramdisk_image [ 29.861247][ T440] 0 B 0 init/initramfs.c:507 func:unpack_to_rootfs [ 29.869154][ T440] 0 B 0 init/initramfs.c:508 func:unpack_to_rootfs [ 29.877090][ T440] 0 B 0 init/initramfs.c:509 func:unpack_to_rootfs [ 29.885335][ T440] 0 B 0 init/initramfs.c:101 func:find_link [ 29.943585][ T458] rust_binder: Error while translating object. [ 29.943617][ T458] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 29.949908][ T458] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:48 [ 30.013651][ T466] SELinux: failed to load policy [ 30.036353][ T466] rust_binder: Error in use_page_slow: ESRCH [ 30.036378][ T466] rust_binder: use_range failure ESRCH [ 30.044601][ T466] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false [ 30.047454][ T469] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:50 [ 30.051232][ T466] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 30.067574][ T466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:22 [ 30.088952][ T466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:22 [ 30.145082][ T475] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 30.277732][ T485] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 30.277747][ T485] rust_binder: Read failure Err(EFAULT) in pid:45 [ 30.494625][ T36] kauditd_printk_skb: 116 callbacks suppressed [ 30.494646][ T36] audit: type=1400 audit(1750409987.040:190): avc: denied { remount } for pid=502 comm="syz.3.64" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 30.723219][ T515] rust_binder: Failed copying remainder into alloc: EFAULT [ 30.723241][ T515] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 30.730624][ T515] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 30.738872][ T515] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:58 [ 30.762275][ T36] audit: type=1400 audit(1750409987.310:191): avc: denied { validate_trans } for pid=516 comm="syz.1.69" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 30.822036][ T524] rust_binder: Write failure EINVAL in pid:27 [ 30.927994][ T36] audit: type=1400 audit(1750409987.470:192): avc: denied { read write } for pid=542 comm="syz.0.79" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 30.934118][ T550] binder: Bad value for 'defcontext' [ 30.952397][ T36] audit: type=1400 audit(1750409987.470:193): avc: denied { open } for pid=542 comm="syz.0.79" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 30.988715][ T552] binder: Unknown parameter '' [ 31.007693][ T558] SELinux: security_context_str_to_sid () failed with errno=-22 [ 31.009904][ T557] input: syz0 as /devices/virtual/input/input7 [ 31.092746][ T36] audit: type=1400 audit(1750409987.640:194): avc: denied { map } for pid=565 comm="syz.2.85" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 31.143929][ T36] audit: type=1400 audit(1750409987.690:195): avc: denied { read } for pid=567 comm="syz.0.86" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 31.168267][ T36] audit: type=1400 audit(1750409987.690:196): avc: denied { open } for pid=567 comm="syz.0.86" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 31.224126][ T36] audit: type=1400 audit(1750409987.770:197): avc: denied { block_suspend } for pid=573 comm="syz.2.88" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 31.251626][ T571] input: syz0 as /devices/virtual/input/input9 [ 31.308873][ T578] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:96 [ 31.321047][ T580] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:96 [ 31.488312][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.497802][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.504517][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.511958][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.517409][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.524161][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.531054][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.540684][ T36] audit: type=1400 audit(1750409988.080:198): avc: denied { read } for pid=597 comm="syz.2.94" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 31.570668][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.570690][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577116][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577133][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577146][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577160][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577173][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577186][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577199][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577213][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577226][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577239][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577253][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577266][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577279][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577292][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.577306][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.604836][ T36] audit: type=1400 audit(1750409988.090:199): avc: denied { open } for pid=597 comm="syz.2.94" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 31.618606][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.655664][ T603] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 31.661548][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.668021][ T603] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:61 [ 31.674469][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.705424][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.712022][ T600] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.721294][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.736729][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.764286][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.769004][ T594] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.808052][ T614] rust_binder: Error in use_page_slow: ESRCH [ 31.808066][ T614] rust_binder: use_range failure ESRCH [ 31.808130][ T607] SELinux: policydb magic number 0x69622f2e does not match expected magic number 0xf97cff8c [ 31.823938][ T607] SELinux: failed to load policy [ 31.838178][ T614] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 31.838201][ T614] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 31.855966][ T614] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:49 [ 31.871850][ T607] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:107 [ 31.942958][ T623] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 31.952201][ T623] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 31.959950][ T623] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 31.961978][ T626] rust_binder: Error while translating object. [ 31.979523][ T626] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 31.986055][ T626] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:67 [ 31.997681][ T626] rust_binder: Write failure EINVAL in pid:67 [ 32.121264][ T637] rust_binder: Got transaction with invalid offset. [ 32.127436][ T637] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.134568][ T637] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:87 [ 32.157574][ T641] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:59 [ 32.409413][ T661] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.563927][ T663] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:94 [ 32.590990][ T663] rust_binder: Error in use_page_slow: ESRCH [ 32.591015][ T663] rust_binder: use_range failure ESRCH [ 32.597025][ T663] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 32.603438][ T661] rust_binder: Failed to allocate buffer. len:120, is_oneway:false [ 32.607137][ T663] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 32.619497][ T663] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:94 [ 32.691649][ T670] SELinux: security_context_str_to_sid () failed with errno=-22 [ 32.764162][ T673] rust_binder: Write failure EINVAL in pid:72 [ 32.785835][ T675] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 32.802326][ T675] rust_binder: Write failure EINVAL in pid:75 [ 32.922087][ T694] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 32.928216][ T694] rust_binder: Read failure Err(EFAULT) in pid:80 [ 32.959188][ T699] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:77 [ 32.993341][ T705] binder: Bad value for 'max' [ 33.008885][ T705] binder: Bad value for 'max' [ 33.059468][ T710] random: crng reseeded on system resumption [ 33.184363][ T721] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 33.193617][ T721] rust_binder: Write failure EFAULT in pid:95 [ 33.215550][ T724] input: syz1 as /devices/virtual/input/input12 [ 33.272700][ T734] rust_binder: Error while translating object. [ 33.272730][ T734] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 33.280169][ T734] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:101 [ 33.323476][ T734] rust_binder: Write failure EINVAL in pid:101 [ 33.357982][ T748] input: syz0 as /devices/virtual/input/input13 [ 33.384621][ T747] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:103 [ 33.497279][ T760] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 33.514773][ T764] binder: Unknown parameter 'context' [ 33.559058][ T767] tap0: tun_chr_ioctl cmd 1074812118 [ 33.623226][ T779] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 33.638074][ T779] SELinux: failed to load policy [ 33.647730][ T780] SELinux: policydb version 549794320 does not match my version range 15-33 [ 33.671002][ T780] SELinux: failed to load policy [ 33.703076][ T787] rust_binder: Write failure EINVAL in pid:118 [ 33.764431][ T795] binder: Unknown parameter 'secTl' [ 33.798074][ T787] rust_binder: Write failure EINVAL in pid:118 [ 33.803438][ T800] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.810371][ T800] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 33.817108][ T800] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 33.838146][ T802] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 33.845929][ T802] rust_binder: Error while translating object. [ 33.854712][ T802] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.862248][ T802] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:126 [ 34.110922][ T825] kvm_intel: kvm [823]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3 [ 34.120999][ T824] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:148 [ 34.218618][ T835] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:124 [ 34.228815][ T836] rust_binder: Error while translating object. [ 34.238509][ T836] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.245064][ T836] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:124 [ 34.281320][ T841] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 34.290530][ T841] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:128 [ 34.321249][ T845] rust_binder: Write failure EFAULT in pid:157 [ 34.354540][ T850] binder: Bad value for 'max' [ 34.389112][ T854] rust_binder: Write failure EFAULT in pid:112 [ 34.485286][ T867] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 34.491642][ T867] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:122 [ 34.501554][ T868] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.543914][ T880] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.617168][ T887] ======================================================= [ 34.617168][ T887] WARNING: The mand mount option has been deprecated and [ 34.617168][ T887] and is ignored by this kernel. Remove the mand [ 34.617168][ T887] option from the mount to silence this warning. [ 34.617168][ T887] ======================================================= [ 34.691544][ T891] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 34.700482][ T891] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 34.708513][ T891] kvm: requested 175162 ns i8254 timer period limited to 200000 ns [ 34.716713][ T891] kvm: requested 171809 ns i8254 timer period limited to 200000 ns [ 34.802524][ T903] block device autoloading is deprecated and will be removed. [ 34.810153][ T903] syz.2.189: attempt to access beyond end of device [ 34.810153][ T903] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 34.839717][ T906] rust_binder: Error in use_page_slow: ESRCH [ 34.839739][ T906] rust_binder: use_range failure ESRCH [ 34.845787][ T906] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 34.851475][ T906] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 34.859570][ T906] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:147 [ 34.885519][ T908] kvm: kvm [907]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x882 [ 34.904973][ T908] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 35.265860][ T945] kvm_intel: kvm [944]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 35.319929][ T955] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 35.327120][ T955] rust_binder: Write failure EINVAL in pid:164 [ 35.344215][ T957] rust_binder: Error in use_page_slow: ESRCH [ 35.344230][ T957] rust_binder: use_range failure ESRCH [ 35.350381][ T957] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 35.355865][ T957] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 35.363893][ T957] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:166 [ 35.386207][ T959] SELinux: security_context_str_to_sid () failed with errno=-22 [ 35.438349][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.438379][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.445486][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.453930][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.461363][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.468052][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.475611][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.482286][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.489075][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.495809][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.502515][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.508983][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.515591][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.543106][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.551898][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.552802][ T972] SELinux: policydb table sizes (0,0) do not match mine (6,7) [ 35.558581][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.565178][ T974] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 35.572548][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.579646][ T972] SELinux: failed to load policy [ 35.587131][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.593478][ T974] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 35.598475][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.604923][ T974] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:144 [ 35.614375][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.631566][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.638055][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.644795][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.651357][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.657910][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.664607][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.675762][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.682422][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.688878][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.717166][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.724131][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.730861][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.737559][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.744087][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.750574][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.756975][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.763454][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.769884][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.776327][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.784703][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.791241][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.797715][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.804285][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.810757][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.823866][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.838981][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.841192][ T988] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152 [ 35.846260][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.861274][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.869907][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.876441][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.882989][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.901054][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.907536][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.914112][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.918828][ T990] rust_binder: Error while translating object. [ 35.920601][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.933326][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.939827][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.943122][ T994] input: syz0 as /devices/virtual/input/input17 [ 35.946331][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.956039][ T990] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.959110][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.965930][ T990] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:182 [ 35.975693][ T36] kauditd_printk_skb: 25 callbacks suppressed [ 35.975708][ T36] audit: type=1400 audit(1750409992.520:225): avc: denied { read } for pid=94 comm="acpid" name="event3" dev="devtmpfs" ino=448 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.996347][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.997113][ T36] audit: type=1400 audit(1750409992.520:226): avc: denied { open } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=448 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 36.030127][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.050081][ T36] audit: type=1400 audit(1750409992.520:227): avc: denied { ioctl } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=448 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 36.081248][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.081271][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.096212][ T961] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.104533][ T36] audit: type=1400 audit(1750409992.650:228): avc: denied { read open } for pid=1000 comm="syz.2.218" path="net:[4026532515]" dev="nsfs" ino=4026532515 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 36.136066][ T36] audit: type=1400 audit(1750409992.650:229): avc: denied { ioctl } for pid=1000 comm="syz.2.218" path="net:[4026532515]" dev="nsfs" ino=4026532515 ioctlcmd=0xb709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 36.163230][ T1004] random: crng reseeded on system resumption [ 36.179713][ T36] audit: type=1400 audit(1750409992.710:230): avc: denied { write } for pid=1002 comm="syz.1.219" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 36.216274][ T1008] rust_binder: Write failure EFAULT in pid:150 [ 36.226536][ T1010] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152 [ 36.244919][ T1010] rust_binder: Read failure Err(EFAULT) in pid:152 [ 36.265706][ T36] audit: type=1400 audit(1750409992.800:231): avc: denied { append } for pid=1013 comm="syz.2.223" name="hwrng" dev="devtmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 36.317668][ T306] hid-generic C98F:0003:0000.0001: unknown main item tag 0x0 [ 36.321364][ T36] audit: type=1326 audit(1750409992.860:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1011 comm="syz.0.222" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f430f58e929 code=0x0 [ 36.325452][ T306] hid-generic C98F:0003:0000.0001: unknown main item tag 0x0 [ 36.369430][ T306] hid-generic C98F:0003:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 36.381732][ T1029] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1531215282 (3062430564 ns) > initial count (1473793136 ns). Using initial count to start timer. [ 36.411828][ T1024] kvm: Disabled LAPIC found during irq injection [ 36.418707][ T1024] rust_binder: Read failure Err(EFAULT) in pid:203 [ 36.470165][ T1036] rust_binder: Write failure EINVAL in pid:167 [ 36.607090][ T1048] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:211 [ 36.610376][ T1050] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.627885][ T1050] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 36.640910][ T1044] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 36.648891][ T1044] rust_binder: Error in use_page_slow: EBUSY [ 36.659391][ T1044] rust_binder: use_range failure EBUSY [ 36.665441][ T1044] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 36.670961][ T1044] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 36.678596][ T1044] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 36.687991][ T1044] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:171 [ 36.749940][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.758238][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.772346][ T1065] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.772632][ T1068] binder: Unknown parameter '/dev/kvm' [ 36.778925][ T1065] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.807506][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.823795][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.830559][ T1065] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.837088][ T1065] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.843943][ T1064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.897330][ T1075] rust_binder: Error while translating object. [ 36.905589][ T1075] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 36.914263][ T1075] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:179 [ 36.935498][ T36] audit: type=1400 audit(1750409993.480:233): avc: denied { map } for pid=1074 comm="syz.3.244" path="/dev/urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 36.968066][ T36] audit: type=1400 audit(1750409993.480:234): avc: denied { execute } for pid=1074 comm="syz.3.244" path="/dev/urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 37.024374][ T1083] random: crng reseeded on system resumption [ 37.084694][ T1085] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 37.092155][ T1085] rust_binder: Write failure EINVAL in pid:177 [ 37.128908][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 37.141536][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 37.312195][ T1107] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:182 [ 37.312644][ T1107] rust_binder: Write failure EINVAL in pid:182 [ 37.325914][ T1110] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 134217728 [ 37.341773][ T1111] binder: Bad value for 'defcontext' [ 37.357178][ T1110] rust_binder: Write failure EINVAL in pid:187 [ 37.438105][ T1121] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:189 [ 37.447117][ T1120] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 0 [ 37.463675][ T1120] rust_binder: Write failure EINVAL in pid:200 [ 37.757851][ T1132] binder: Unknown parameter 'processor : 0 [ 37.757851][ T1132] vendor_id : GenuineIntel [ 37.757851][ T1132] cpu family : 6 [ 37.757851][ T1132] model : 7/dev/snd/timer' [ 37.998621][ T1142] kvm: kvm [1141]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000008d) [ 38.229475][ T1154] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:192 [ 38.229509][ T1154] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 38.247274][ T1154] rust_binder: Read failure Err(EFAULT) in pid:192 [ 38.276718][ T1153] input: syz0 as /devices/virtual/input/input21 [ 38.298238][ T1159] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 38.335544][ T1161] input: syz1 as /devices/virtual/input/input23 [ 38.438884][ T1168] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 38.463826][ T1167] SELinux: failed to load policy [ 38.489739][ T1177] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 38.489769][ T1177] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:199 [ 38.831415][ T1199] rust_binder: Write failure EFAULT in pid:231 [ 38.911491][ T1212] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:215 [ 39.097392][ T1227] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 39.123720][ T1227] rust_binder: Write failure EINVAL in pid:220 [ 39.168494][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.169700][ T52] Bluetooth: hci0: command 0x1003 tx timeout [ 39.179650][ T1092] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 39.196791][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.216951][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.226175][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.233808][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.247110][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.255314][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.263677][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.271113][ T1241] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:222 [ 39.271383][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.288194][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.297258][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.305199][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.312875][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.321597][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.329029][ T1099] hid-generic 009C:0008:0003.0002: unknown main item tag 0x0 [ 39.329219][ T1236] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:247 [ 39.337430][ T1099] hid-generic 009C:0008:0003.0002: hidraw0: HID v0.05 Device [syz1] on syz0 [ 39.398641][ T1247] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 39.416193][ T1251] fido_id[1251]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 39.435924][ T1250] binder: Bad value for 'stats' [ 39.445135][ T1247] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 39.455444][ T1247] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 39.518186][ T1259] rust_binder: Write failure EINVAL in pid:223 [ 39.669811][ T1267] input: syz0 as /devices/virtual/input/input25 [ 39.883098][ T1294] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 39.898517][ T1296] binder: Bad value for 'stats' [ 40.179182][ T304] Bluetooth: hci0: Frame reassembly failed (-90) [ 40.983043][ T36] kauditd_printk_skb: 430 callbacks suppressed [ 40.983060][ T36] audit: type=1400 audit(1750409997.530:665): avc: denied { read } for pid=1542 comm="syz.0.397" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 41.046040][ T36] audit: type=1400 audit(1750409997.560:666): avc: denied { read } for pid=1542 comm="syz.0.397" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=0 [ 41.069273][ T36] audit: type=1400 audit(1750409997.560:667): avc: denied { read } for pid=1542 comm="syz.0.397" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=0 [ 41.092454][ T36] audit: type=1400 audit(1750409997.560:668): avc: denied { read } for pid=1542 comm="syz.0.397" name="binder0" dev="binder" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 41.115141][ T36] audit: type=1400 audit(1750409997.560:669): avc: denied { read write } for pid=1542 comm="syz.0.397" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=0 [ 41.144511][ T36] audit: type=1400 audit(1750409997.560:670): avc: denied { read } for pid=1542 comm="syz.0.397" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 41.168070][ T36] audit: type=1400 audit(1750409997.560:671): avc: denied { read } for pid=1542 comm="syz.0.397" name="binder0" dev="binder" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 41.196169][ T36] audit: type=1400 audit(1750409997.560:672): avc: denied { read } for pid=1542 comm="syz.0.397" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 41.218713][ T36] audit: type=1400 audit(1750409997.570:673): avc: denied { read write } for pid=291 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 41.243174][ T36] audit: type=1400 audit(1750409997.570:674): avc: denied { read write } for pid=289 comm="syz-executor" name="loop0" dev="devtmpfs" ino=445 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 41.713633][ T13] Bluetooth: hci1: Frame reassembly failed (-84) [ 41.720180][ T13] Bluetooth: hci1: Frame reassembly failed (-84) [ 42.209677][ T1092] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 42.209677][ T1647] Bluetooth: hci0: command 0x1003 tx timeout [ 43.178133][ T1794] block device autoloading is deprecated and will be removed. [ 43.316787][ T1825] tun0: tun_chr_ioctl cmd 1074025675 [ 43.317835][ T1827] serio: Serial port ttynull [ 43.322207][ T1825] tun0: persist enabled [ 43.729664][ T1092] Bluetooth: hci1: command 0x1003 tx timeout [ 43.729664][ T52] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 46.185690][ T36] kauditd_printk_skb: 1353 callbacks suppressed [ 46.185708][ T36] audit: type=1400 audit(1750410002.730:2028): avc: denied { read write } for pid=291 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 46.216470][ T36] audit: type=1400 audit(1750410002.740:2029): avc: denied { read } for pid=2299 comm="syz.3.678" name="binder0" dev="binder" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 46.239749][ T36] audit: type=1400 audit(1750410002.740:2030): avc: denied { read } for pid=2299 comm="syz.3.678" name="binder0" dev="binder" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 46.262981][ T36] audit: type=1400 audit(1750410002.740:2031): avc: denied { read } for pid=2299 comm="syz.3.678" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 46.286004][ T36] audit: type=1400 audit(1750410002.740:2032): avc: denied { read write } for pid=291 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 46.310075][ T36] audit: type=1400 audit(1750410002.750:2033): avc: denied { read } for pid=2301 comm="syz.3.679" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 46.320341][ T291] audit: audit_backlog=65 > audit_backlog_limit=64 [ 46.332611][ T36] audit: type=1400 audit(1750410002.750:2034): avc: denied { read write } for pid=291 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 46.339213][ T291] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 46.363234][ T36] audit: type=1400 audit(1750410002.760:2035): avc: denied { read } for pid=2303 comm="syz.3.680" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=0 [ 47.981817][ T2571] syz.0.774: attempt to access beyond end of device [ 47.981817][ T2571] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 48.345020][ T2611] binder: Unknown parameter '184467440737095516150xffffffffffffffff+A1ZP@' [ 48.397321][ T2616] SELinux: security_context_str_to_sid (000000000000000000030x0000000000000003) failed with errno=-22 [ 48.426560][ T2618] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 48.426578][ T2618] rust_binder: Read failure Err(EFAULT) in pid:440 [ 48.520650][ T2631] rust_binder: Error while translating object. [ 48.527530][ T2631] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 48.543183][ T2631] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:443 [ 48.569043][ T2639] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 48.578315][ T2639] rust_binder: Error while translating object. [ 48.589089][ T2639] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 48.595619][ T2639] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:445 [ 48.605830][ T2639] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.745505][ T2656] binder: Unknown parameter '' [ 48.871292][ T2664] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 48.871316][ T2664] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 48.879496][ T2664] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:752 [ 48.937575][ T2666] rust_binder: Write failure EFAULT in pid:459 [ 48.958386][ T2669] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 49.083224][ T2683] binder: Unknown parameter 'non' [ 49.105764][ T2687] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.105794][ T2687] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.196336][ T2693] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:469 [ 49.257660][ T2699] rust_binder: Write failure EINVAL in pid:469 [ 49.381479][ T2708] binder: Unknown parameter 'fscontext?}' [ 49.394204][ T2708] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 49.394218][ T2708] rust_binder: Error while translating object. [ 49.405357][ T2708] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 49.411621][ T2708] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:768 [ 49.537920][ T2721] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.571134][ T2727] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 49.767491][ T2740] input: syz1 as /devices/virtual/input/input27 [ 49.780406][ T2740] binder: Unknown parameter 'processor : 0 [ 49.780406][ T2740] vendor_id : GenuineIntel [ 49.780406][ T2740] cpu family : 6 [ 49.780406][ T2740] model : 79 [ 49.780406][ T2740] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 49.780406][ T2740] stepping : 0 [ 49.780406][ T2740] microcode : 0xffffffff [ 49.780406][ T2740] cpu MHz : 2199.998 [ 49.780406][ T2740] cache size : 56320 KB [ 49.780406][ T2740] physical id : 0 [ 49.780406][ T2740] siblings : 2 [ 49.780406][ T2740] core id : 0 [ 49.780406][ T2740] cpu cores : 1 [ 49.780406][ T2740] apicid : 0 [ 49.780406][ T2740] initial apicid : 0 [ 49.780406][ T2740] fpu : yes [ 49.780406][ T2740] fpu_exception : yes [ 49.780406][ T2740] cpuid level : 13 [ 49.780406][ T2740] wp : yes [ 49.780406][ T2740] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 49.780406][ T2740] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 49.860108][ T2749] binder: Unknown parameter 'nXI' [ 50.010061][ T2756] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:608 [ 50.343604][ T2778] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:478 [ 50.353354][ T2778] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:478 [ 50.410355][ T2785] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:586 [ 50.568355][ T2809] binder: Unknown parameter 'UI' [ 50.637402][ T2813] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.657608][ T2812] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4096 (8192 ns) > initial count (1020 ns). Using initial count to start timer. [ 50.662501][ T2813] rust_binder: Error in use_page_slow: ESRCH [ 50.676393][ T2814] rust_binder: Error in use_page_slow: ESRCH [ 50.689934][ T2812] kvm: Disabled LAPIC found during irq injection [ 50.695448][ T2813] rust_binder: use_range failure ESRCH [ 50.700465][ T2814] rust_binder: use_range failure ESRCH [ 50.702656][ T2813] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 50.714451][ T2815] rust_binder: Error in use_page_slow: ESRCH [ 50.722484][ T2813] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 50.728646][ T2815] rust_binder: use_range failure ESRCH [ 50.738973][ T2813] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:490 [ 50.744661][ T2814] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 50.754056][ T2815] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 50.772662][ T2814] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 50.782367][ T2815] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 50.792937][ T2814] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:490 [ 50.802796][ T2815] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:490 [ 50.867841][ T2819] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 50.963893][ T2825] binder: Unknown parameter 's:' [ 50.988433][ T2825] can0: slcan on ttyS3. [ 51.042156][ T2825] can0 (unregistered): slcan off ttyS3. [ 51.071027][ T2828] can0: slcan on ttyS3. [ 51.173191][ T2824] can0 (unregistered): slcan off ttyS3. [ 51.218662][ T36] kauditd_printk_skb: 782 callbacks suppressed [ 51.218679][ T36] audit: type=1400 audit(1750410007.760:2805): avc: denied { remove_name } for pid=2849 comm="rm" name="resolv.conf.can0.link" dev="tmpfs" ino=2848 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 51.270519][ T36] audit: type=1400 audit(1750410007.790:2806): avc: denied { unlink } for pid=2849 comm="rm" name="resolv.conf.can0.link" dev="tmpfs" ino=2848 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 51.407666][ T36] audit: type=1400 audit(1750410007.950:2807): avc: denied { write } for pid=2873 comm="syz.0.869" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 51.459695][ T36] audit: type=1400 audit(1750410007.980:2808): avc: denied { open } for pid=2873 comm="syz.0.869" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 51.492674][ T36] audit: type=1326 audit(1750410008.040:2809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2888 comm="syz.2.871" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2354b8e929 code=0x0 [ 51.577939][ T2894] input: syz1 as /devices/virtual/input/input33 [ 51.588410][ T2894] input: syz0 as /devices/virtual/input/input34 [ 51.638835][ T2896] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 51.708006][ T2910] SELinux: failed to load policy [ 51.709680][ T36] audit: type=1400 audit(1750410008.250:2810): avc: denied { load_policy } for pid=2909 comm="syz.0.876" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 51.717612][ T2910] binder: Unknown parameter 'coyBLV"i5ntext' [ 51.719508][ T36] audit: type=1400 audit(1750410008.260:2811): avc: denied { read append } for pid=2909 comm="syz.0.876" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 51.932270][ T2915] rust_binder: Write failure EINVAL in pid:790 [ 51.932291][ T2916] rust_binder: Write failure EINVAL in pid:790 [ 51.942028][ T2916] rust_binder: Write failure EINVAL in pid:790 [ 51.948427][ T2916] rust_binder: Read failure Err(EAGAIN) in pid:790 [ 52.023129][ T36] audit: type=1400 audit(1750410008.570:2812): avc: denied { read } for pid=2919 comm="syz.3.880" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 52.055148][ T36] audit: type=1400 audit(1750410008.570:2813): avc: denied { open } for pid=2919 comm="syz.3.880" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 52.079301][ T2922] input: syz1 as /devices/virtual/input/input36 [ 52.080759][ T36] audit: type=1400 audit(1750410008.570:2814): avc: denied { ioctl } for pid=2919 comm="syz.3.880" path="/dev/loop-control" dev="devtmpfs" ino=48 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 52.347293][ T2930] rust_binder: Write failure EINVAL in pid:798 [ 52.409012][ T2940] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:634 [ 52.415665][ T2940] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 52.426489][ T2940] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:634 [ 52.444587][ T2940] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 52.454293][ T2940] rust_binder: Read failure Err(EFAULT) in pid:634 [ 52.548998][ T290] cgroup: fork rejected by pids controller in /syz2 [ 52.600289][ T2953] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 52.600315][ T2953] rust_binder: Read failure Err(EFAULT) in pid:803 [ 52.639538][ T2957] input: syz0 as /devices/virtual/input/input38 [ 52.663481][ T304] bridge_slave_1: left allmulticast mode [ 52.669835][ T304] bridge_slave_1: left promiscuous mode [ 52.675583][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.692237][ T304] bridge_slave_0: left allmulticast mode [ 52.698357][ T304] bridge_slave_0: left promiscuous mode [ 52.704536][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.799728][ T2955] rust_binder: Write failure EFAULT in pid:640 [ 52.829714][ T304] veth1_macvtap: left promiscuous mode [ 52.841831][ T304] veth0_vlan: left promiscuous mode [ 52.977236][ T2972] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:812 [ 52.985779][ T2968] rust_binder: Error while translating object. [ 52.998923][ T2968] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 53.006120][ T2968] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:534 [ 53.030149][ T2965] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.057624][ T2965] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.065083][ T2965] bridge_slave_0: entered allmulticast mode [ 53.071384][ T2965] bridge_slave_0: entered promiscuous mode [ 53.077937][ T2965] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.085030][ T2965] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.092158][ T2965] bridge_slave_1: entered allmulticast mode [ 53.098274][ T2965] bridge_slave_1: entered promiscuous mode [ 53.157913][ T2965] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.165113][ T2965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.172394][ T2965] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.179494][ T2965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.198073][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.205368][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.214453][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.221536][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.243699][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.250804][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.270021][ T2994] block device autoloading is deprecated and will be removed. [ 53.277638][ T2994] syz.0.905: attempt to access beyond end of device [ 53.277638][ T2994] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 53.288501][ T2965] veth0_vlan: entered promiscuous mode [ 53.291912][ T2996] syz.0.905: attempt to access beyond end of device [ 53.291912][ T2996] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 53.302529][ T2965] veth1_macvtap: entered promiscuous mode [ 53.316928][ T2995] rust_binder: Write failure EINVAL in pid:537 [ 53.317061][ T2997] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.373802][ T3005] rust_binder: Error while translating object. [ 53.388135][ T3005] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 53.394909][ T3003] SELinux: failed to load policy [ 53.398213][ T3005] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:650 [ 53.407029][ T3003] rust_binder: Error in use_page_slow: ESRCH [ 53.421873][ T3003] rust_binder: use_range failure ESRCH [ 53.430466][ T3003] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 53.436202][ T3003] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 53.444218][ T3003] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:542 [ 53.506071][ T306] hid (null): invalid report_count 40513 [ 53.516148][ T3015] SELinux: security_context_str_to_sid () failed with errno=-22 [ 53.532209][ T306] hid-generic 001C:0008:0000.0003: invalid report_count 40513 [ 53.549901][ T306] hid-generic 001C:0008:0000.0003: item 0 2 1 9 parsing failed [ 53.560735][ T306] hid-generic 001C:0008:0000.0003: probe with driver hid-generic failed with error -22 [ 53.563077][ T3018] SELinux: security_context_str_to_sid () failed with errno=-22 [ 53.728035][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.737488][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.746874][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.756389][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.768136][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.777632][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.787621][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.796987][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.806249][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.815697][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.825703][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.835054][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.844594][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.853953][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.863368][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.872717][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.882043][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.893542][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.903516][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.913157][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.922670][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.932126][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.941547][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.950754][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.959964][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.969093][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.978435][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.987688][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 53.996915][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.006065][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.015238][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.024423][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.033718][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.043386][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.052895][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.062376][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.071654][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.080864][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.090265][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.103370][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.112833][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.122253][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.131973][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.135807][ T3039] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:839 [ 54.141417][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.162683][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.172366][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.176906][ T3042] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:546 [ 54.181799][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.200609][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.210291][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.219765][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.229167][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.238849][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.250015][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.259264][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.268739][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.278278][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.302053][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.311481][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.327381][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.337340][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.346864][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.356522][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.366012][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.376074][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.387202][ T3027] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 54.418335][ T3060] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:555 [ 54.418372][ T3060] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 54.431119][ T3060] rust_binder: Read failure Err(EFAULT) in pid:555 [ 54.432805][ T3063] syz.3.926: attempt to access beyond end of device [ 54.432805][ T3063] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 54.465520][ T3063] rust_binder: Error while translating object. [ 54.465554][ T3063] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 54.471982][ T3063] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:851 [ 54.567547][ T3074] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:16 [ 54.638275][ T3087] rust_binder: Write failure EFAULT in pid:859 [ 54.669283][ T3094] rust_binder: Write failure EINVAL in pid:861 [ 54.699066][ T3096] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 54.744850][ T3102] rust_binder: Write failure EINVAL in pid:563 [ 54.766767][ T3104] input: syz1 as /devices/virtual/input/input39 [ 54.781200][ T3104] binder: Unknown parameter 'yz1' [ 55.124410][ T3122] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 55.387155][ T3143] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 55.387182][ T3143] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 55.394344][ T3143] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 55.540771][ T3155] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 55.547368][ T3155] rust_binder: Error in use_page_slow: EBUSY [ 55.557879][ T3155] rust_binder: use_range failure EBUSY [ 55.563896][ T3155] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 55.569407][ T3155] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 55.577315][ T3155] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 55.586694][ T3155] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:669 [ 55.612597][ T3161] rust_binder: Error while translating object. [ 55.621111][ T3161] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 55.627296][ T3161] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:672 [ 55.742565][ T3170] rust_binder: Error while translating object. [ 55.760591][ T3170] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 55.772960][ T3170] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:676 [ 55.859461][ T3180] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:683 [ 55.882038][ T3180] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:683 [ 55.947715][ T3183] binder: Bad value for 'max' [ 56.079470][ T3190] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 56.083450][ T3193] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:56 [ 56.100613][ T3193] rust_binder: Read failure Err(EFAULT) in pid:56 [ 56.142600][ T3195] input: syz1 as /devices/virtual/input/input42 [ 56.197825][ T3198] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 56.197852][ T3198] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 56.207598][ T3198] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:885 [ 56.211325][ T3195] binder: Unknown parameter '00000000000000000000000 initial count (25964891200 ns). Using initial count to start timer. [ 65.989386][ T3752] rust_binder: Write failure EFAULT in pid:685 [ 66.104171][ T3760] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 66.110453][ T3760] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 66.119166][ T3760] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1043 [ 66.136684][ T36] audit: type=1400 audit(1750410022.680:2857): avc: denied { write } for pid=3761 comm="syz.1.1136" name="hwrng" dev="devtmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 66.214520][ T3762] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 66.222063][ T3762] rust_binder: Write failure EINVAL in pid:689 [ 66.234376][ T3774] binder: Unknown parameter 'defcontext01777777777777777777777' [ 66.331234][ T3787] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 66.331270][ T3787] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1056 [ 66.373509][ T3792] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1058 [ 66.435212][ T3794] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 66.444689][ T3794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1058 [ 66.445671][ T3796] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.463545][ T3796] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.470086][ T3796] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.734501][ T3810] rust_binder: Write failure EINVAL in pid:1064 [ 67.303239][ T36] audit: type=1400 audit(1750410023.850:2858): avc: denied { block_suspend } for pid=3818 comm="syz.0.1155" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 67.305437][ T3820] rust_binder: Error in use_page_slow: ESRCH [ 67.344015][ T3819] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:250 [ 67.351066][ T3820] rust_binder: use_range failure ESRCH [ 67.356052][ T3820] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 67.364545][ T3820] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 67.373455][ T3820] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:812 [ 67.584481][ T3829] binder: Bad value for 'max' [ 67.740819][ T36] audit: type=1400 audit(1750410024.290:2859): avc: denied { append } for pid=3833 comm="syz.3.1160" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 67.829553][ T3836] SELinux: failed to load policy [ 67.853398][ T3838] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 144, limit: 144, size: 64) [ 67.853422][ T3838] rust_binder: Error while translating object. [ 67.859108][ T36] audit: type=1400 audit(1750410024.400:2860): avc: denied { ioctl } for pid=3837 comm="syz.2.1162" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 67.869855][ T3840] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:706 [ 67.900394][ T3838] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 67.910917][ T3838] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:257 [ 67.961184][ T3847] input: syz0 as /devices/virtual/input/input46 [ 68.006011][ T3855] binder: Unknown parameter '/dev/ashmem' [ 68.038899][ T3860] rust_binder: Error while translating object. [ 68.038943][ T3860] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 68.044998][ T3861] syz.2.1166: attempt to access beyond end of device [ 68.044998][ T3861] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 68.062081][ T3860] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:714 [ 68.101347][ T3864] input: syz0 as /devices/virtual/input/input47 [ 68.140161][ T3868] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 68.140554][ T3868] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 68.149099][ T3868] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 68.156091][ T3868] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 68.162597][ T3868] rust_binder: Read failure Err(EFAULT) in pid:265 [ 68.171939][ T3868] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:265 [ 68.236831][ T3874] input: syz1 as /devices/virtual/input/input48 [ 68.302234][ T3874] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 68.319453][ T3874] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 68.329724][ T3874] input: syz0 as /devices/virtual/input/input49 [ 68.358779][ T3885] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 68.397870][ T3888] binder: Unknown parameter 'nXI' [ 68.487805][ T3891] random: crng reseeded on system resumption [ 68.583292][ T3903] binder: Bad value for 'max' [ 68.626564][ T3913] SELinux: policydb magic number 0xf965ff8c does not match expected magic number 0xf97cff8c [ 68.629664][ T3911] input: syz1 as /devices/virtual/input/input51 [ 68.637000][ T3913] SELinux: failed to load policy [ 68.662069][ T3911] rust_binder: Write failure EFAULT in pid:1087 [ 68.847303][ T3939] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 68.861801][ T3939] rust_binder: Write failure EINVAL in pid:1098 [ 68.942532][ T3943] binder: Bad value for 'max' [ 68.953718][ T3943] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 68.953737][ T3943] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 68.961493][ T3943] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 68.969431][ T3943] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 68.979738][ T3943] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 168, size: 202) [ 68.986324][ T3943] rust_binder: Error while translating object. [ 68.996986][ T3943] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 69.003272][ T3943] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1102 [ 69.021625][ T3952] syz.3.1200: attempt to access beyond end of device [ 69.021625][ T3952] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 69.053979][ T3957] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 69.054312][ T3957] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 69.160601][ T3966] binder: Unknown parameter 'appraise_type' [ 69.212349][ T3970] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 69.212373][ T3970] rust_binder: Read failure Err(EFAULT) in pid:299 [ 69.262728][ T3975] rust_binder: Write failure EINVAL in pid:734 [ 69.271090][ T3974] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 69.277299][ T3974] rust_binder: Read failure Err(EFAULT) in pid:734 [ 69.308508][ T3977] rust_binder: Write failure EINVAL in pid:738 [ 69.315397][ T3977] rust_binder: Write failure EINVAL in pid:738 [ 69.321915][ T3977] rust_binder: Read failure Err(EAGAIN) in pid:738 [ 69.454222][ T3983] SELinux: syz.0.1211 (3983) set checkreqprot to 1. This is no longer supported. [ 69.456912][ T36] audit: type=1400 audit(1750410026.000:2861): avc: denied { setcheckreqprot } for pid=3982 comm="syz.0.1211" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 69.464341][ T3989] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:306 [ 69.500695][ T3989] rust_binder: Read failure Err(EFAULT) in pid:306 [ 69.579896][ T4003] binder: Unknown parameter 'coyBLV"i5ntext' [ 69.650517][ T36] audit: type=1326 audit(1750410026.200:2862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4004 comm="syz.3.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 69.687490][ T4005] rust_binder: Write failure EINVAL in pid:1121 [ 69.692211][ T36] audit: type=1326 audit(1750410026.220:2863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4004 comm="syz.3.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 69.717533][ T4009] input: syz1 as /devices/virtual/input/input53 [ 69.829129][ T4016] rust_binder: Write failure EFAULT in pid:835 [ 69.830933][ T4016] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:835 [ 70.138764][ T4052] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1131 [ 70.259888][ T4059] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1133 [ 70.413066][ T4064] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.668934][ T36] kauditd_printk_skb: 20 callbacks suppressed [ 70.668952][ T36] audit: type=1400 audit(1750410027.210:2884): avc: denied { setattr } for pid=2965 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 70.720850][ T4085] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.720921][ T4085] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.736262][ T4088] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.788408][ T4097] rust_binder: inc_ref_done called when no active inc_refs [ 70.968745][ T4106] binder: Binderfs stats mode cannot be changed during a remount [ 71.083741][ T4111] rust_binder: Error while translating object. [ 71.083770][ T4111] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 71.094348][ T4111] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:867 [ 71.354270][ T4125] serio: Serial port ttynull [ 71.405449][ T4131] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 71.405485][ T4131] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:877 [ 71.436924][ T4133] rust_binder: Error while translating object. [ 71.456520][ T4133] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 71.469653][ T4133] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:778 [ 71.502525][ T4139] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1161 [ 71.538400][ T4139] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 71.572665][ T4139] rust_binder: Read failure Err(EFAULT) in pid:1161 [ 71.839811][ T4156] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 71.874441][ T4161] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1169 [ 71.916140][ T4159] rust_binder: Write failure EINVAL in pid:793 [ 72.365319][ T4192] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 72.374946][ T4191] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 72.388112][ T4192] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 72.488197][ T4203] SELinux: failed to load policy [ 72.514006][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.529660][ T36] audit: type=1400 audit(1750410029.060:2885): avc: granted { setsecparam } for pid=4206 comm="syz.0.1279" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.548840][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.561667][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.569110][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.569131][ T36] audit: type=1400 audit(1750410029.060:2886): avc: denied { setattr } for pid=4206 comm="syz.0.1279" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 72.582203][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.607615][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.624424][ T4209] __vm_enough_memory: pid: 4209, comm: syz.1.1280, bytes: 281474976845824 not enough memory for the allocation [ 72.632340][ T36] audit: type=1400 audit(1750410029.060:2887): avc: granted { setsecparam } for pid=4206 comm="syz.0.1279" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.655308][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.655338][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.672152][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.679571][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.687339][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.693033][ T36] audit: type=1400 audit(1750410029.070:2888): avc: granted { setsecparam } for pid=4206 comm="syz.0.1279" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.695003][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.724784][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.733830][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.741409][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.748951][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.757083][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.764672][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.786865][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.794648][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.802432][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.812638][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.829787][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.837272][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.852718][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.860325][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.867736][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.875620][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.883606][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.891400][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.898809][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.909508][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.917260][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.917294][ T4214] rust_binder: Error while translating object. [ 72.924849][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.939655][ T4214] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 72.939690][ T4214] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1196 [ 72.961267][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.978729][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 72.994504][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.004664][ T4221] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 73.004697][ T4221] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1199 [ 73.014274][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.036933][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.059646][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.067061][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.075053][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.082997][ T4228] rust_binder: Write failure EFAULT in pid:1206 [ 73.083126][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.097796][ T4229] rust_binder: Write failure EFAULT in pid:1206 [ 73.098058][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.118243][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.126068][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.133918][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.149851][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.157428][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.168945][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.178358][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.187031][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.194629][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.202567][ T4232] binfmt_misc: register: failed to install interpreter file ./cgroup [ 73.208538][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.218286][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.225920][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.235863][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.238148][ T4232] binder: Unknown parameter '2oU{q1tl!RS;7Q7|mxȞjC9KXd( [ 73.238148][ T4232] I |2K|Īϳƻ' [ 73.243951][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.265602][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.282188][ T4235] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:817 [ 73.290132][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.306922][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.315241][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.322950][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.339648][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.347071][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.359544][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.369012][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.377764][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.385688][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.393650][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.401307][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.408813][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.423080][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.430617][ T4239] rust_binder: Error while translating object. [ 73.430647][ T4239] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 73.436826][ T4239] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1213 [ 73.446470][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.467203][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.479795][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.488750][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.497240][ T65] hid-generic 000A:0001:0007.0004: unknown main item tag 0x0 [ 73.498417][ T4237] binder: Bad value for 'max' [ 73.512273][ T65] hid-generic 000A:0001:0007.0004: hidraw0: HID v1.00 Device [syz0] on syz0 [ 73.586051][ T4246] fido_id[4246]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 73.590021][ T4248] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 73.637873][ T36] audit: type=1400 audit(1750410030.180:2889): avc: denied { compute_member } for pid=4251 comm="syz.1.1294" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 73.690313][ T4241] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 73.799074][ T4256] rust_binder: Failed to allocate buffer. len:168, is_oneway:false [ 73.843865][ T4259] rust_binder: Error while translating object. [ 73.851963][ T4259] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 73.858155][ T4259] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:894 [ 74.026460][ T4263] rust_binder: Write failure EFAULT in pid:896 [ 74.092472][ T4268] input: syz0 as /devices/virtual/input/input55 [ 74.166003][ T36] audit: type=1400 audit(1750410030.710:2890): avc: denied { write } for pid=4271 comm="syz.1.1302" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 74.203297][ T36] audit: type=1400 audit(1750410030.740:2891): avc: denied { remove_name } for pid=4271 comm="syz.1.1302" name="binder0" dev="binder" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 74.249804][ T4261] rust_binder: Read failure Err(EFAULT) in pid:1219 [ 74.262003][ T36] audit: type=1400 audit(1750410030.740:2892): avc: denied { unlink } for pid=4271 comm="syz.1.1302" name="binder0" dev="binder" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 74.482588][ T4282] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:837 [ 74.711793][ T4298] SELinux: failed to load policy [ 74.730539][ T4298] rust_binder: Error while translating object. [ 74.730583][ T4298] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 74.736834][ T4298] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:901 [ 74.868757][ T4304] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 74.891259][ T4304] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1230 [ 75.161075][ T4319] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:909 [ 75.189710][ T4319] rust_binder: Write failure EINVAL in pid:909 [ 75.239745][ T4335] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 75.279700][ T4335] SELinux: failed to load policy [ 75.305830][ T4335] rust_binder: BC_FREEZE_NOTIFICATION_DONE 00000000400c630f not found [ 75.314831][ T4340] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 75.314991][ T4339] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:913 [ 75.321501][ T4335] rust_binder: Write failure EINVAL in pid:1237 [ 75.376885][ T4342] rust_binder: Write failure EINVAL in pid:916 [ 75.420328][ T4342] rust_binder: Error while translating object. [ 75.433979][ T4344] rust_binder: Write failure EFAULT in pid:1239 [ 75.440237][ T4342] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 75.461336][ T4342] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:916 [ 75.514228][ T4350] random: crng reseeded on system resumption [ 75.558080][ T4354] binder: Bad value for 'defcontext' [ 75.637023][ T4356] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 75.665502][ T4356] binder: Bad value for 'defcontext' [ 75.858009][ T4369] random: crng reseeded on system resumption [ 75.915100][ T4374] can0: slcan on ttyS3. [ 75.999636][ T36] audit: type=1400 audit(1750410032.540:2893): avc: granted { setsecparam } for pid=4385 comm="syz.1.1339" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 76.044559][ T36] audit: type=1400 audit(1750410032.570:2894): avc: denied { unmount } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 76.112067][ T4373] can0 (unregistered): slcan off ttyS3. [ 76.198982][ T4406] binder: Bad value for 'max' [ 76.209429][ T36] audit: type=1400 audit(1750410032.750:2895): avc: denied { map } for pid=4405 comm="syz.1.1344" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.267059][ T4410] binder: Binderfs stats mode cannot be changed during a remount [ 76.315172][ T4416] binder: Bad value for 'defcontext' [ 76.326409][ T4413] kvm: kvm [4412]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x1 [ 76.339293][ T4419] rust_binder: Write failure EINVAL in pid:1252 [ 76.480723][ T4433] SELinux: policydb magic number 0x1 does not match expected magic number 0xf97cff8c [ 76.505919][ T4433] SELinux: failed to load policy [ 76.517588][ T4433] rust_binder: Write failure EINVAL in pid:938 [ 76.663135][ T4439] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:896 [ 76.826170][ T4444] SELinux: policydb magic number 0x4c7cff8c does not match expected magic number 0xf97cff8c [ 76.848945][ T4444] SELinux: failed to load policy [ 77.015972][ T4459] rust_binder: Got transaction with invalid offset. [ 77.016022][ T4459] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 77.024468][ T4459] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1263 [ 77.094351][ T4467] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 77.107222][ T4470] binder: Bad value for 'stats' [ 77.118806][ T4467] rust_binder: Write failure EINVAL in pid:946 [ 77.118985][ T4467] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:946 [ 77.125494][ T36] audit: type=1400 audit(1750410033.660:2896): avc: denied { execute } for pid=4466 comm="syz.0.1365" path="/dev/binderfs/binder0" dev="binder" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 77.159470][ T4471] binder: Bad value for 'stats' [ 77.177667][ T4475] PM: Enabling pm_trace changes system date and time during resume. [ 77.177667][ T4475] PM: Correct system time has to be restored manually after resume. [ 77.280786][ T4482] rust_binder: Write failure EFAULT in pid:1274 [ 77.319675][ T4485] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 77.326058][ T4485] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1276 [ 77.412505][ T4491] rust_binder: Write failure EFAULT in pid:955 [ 77.505199][ T4502] rust_binder: Write failure EINVAL in pid:959 [ 77.521944][ T4503] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1278 [ 77.528671][ T4503] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1278 [ 77.691478][ T4508] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:963 [ 77.703800][ T4508] rust_binder: Read failure Err(EFAULT) in pid:963 [ 77.819448][ T4517] input: syz1 as /devices/virtual/input/input58 [ 77.896959][ T36] audit: type=1400 audit(1750410034.440:2897): avc: denied { setattr } for pid=4522 comm="syz.1.1386" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 78.053250][ T4531] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 112, size: 10) [ 78.053274][ T4531] rust_binder: Error while translating object. [ 78.064098][ T4531] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 78.075793][ T4531] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:970 [ 78.226263][ T4543] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 27) [ 78.235498][ T4543] rust_binder: Error while translating object. [ 78.246082][ T4543] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 78.252308][ T4543] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:977 [ 78.362043][ T4547] kvm: kvm [4546]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x200000000400 [ 78.407350][ T36] audit: type=1326 audit(1750410034.950:2898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4549 comm="syz.1.1394" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa97578e929 code=0x0 [ 78.447584][ T4554] rust_binder: Error while translating object. [ 78.447612][ T4554] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 78.454118][ T4554] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:979 [ 78.669494][ T4566] rust_binder: Write failure EINVAL in pid:1288 [ 78.754417][ T4575] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 78.837176][ T4576] rust_binder: Error in use_page_slow: ESRCH [ 78.837201][ T4576] rust_binder: use_range failure ESRCH [ 78.843666][ T4576] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 78.849262][ T4576] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 78.857414][ T4576] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:994 [ 78.867051][ T4577] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:994 [ 78.876366][ T4576] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:994 [ 79.167331][ T36] audit: type=1400 audit(1750410035.710:2899): avc: granted { setsecparam } for pid=4587 comm="syz.0.1404" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 79.577513][ T4609] rust_binder: Write failure EFAULT in pid:1293 [ 79.739915][ T4628] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 79.750458][ T4634] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 79.765098][ T4634] rust_binder: Write failure EINVAL in pid:1300 [ 79.790099][ T4631] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 80.402660][ T4676] rust_binder: Write failure EFAULT in pid:1324 [ 80.439867][ T4686] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1327 [ 80.632117][ T4696] binder: Unknown parameter 'coyBLV"i5ntext' [ 80.683774][ T4707] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 80.695663][ T4709] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 80.716592][ T4711] binder: Bad value for 'max' [ 80.735054][ T4711] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 80.735088][ T4711] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1341 [ 80.765443][ T4716] __vm_enough_memory: pid: 4716, comm: syz.3.1446, bytes: 281474976845824 not enough memory for the allocation [ 80.813809][ T36] audit: type=1400 audit(1750410037.360:2900): avc: denied { execute } for pid=4718 comm="syz.1.1447" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 81.072794][ T4748] input: syz1 as /devices/virtual/input/input62 [ 81.472675][ T4764] binder: Binderfs stats mode cannot be changed during a remount [ 81.491487][ T36] audit: type=1400 audit(1750410038.030:2901): avc: granted { setsecparam } for pid=4762 comm="syz.3.1462" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 81.513324][ T4766] binder: Binderfs stats mode cannot be changed during a remount [ 81.532524][ T4769] binder: Bad value for 'stats' [ 81.571396][ T4773] binder: Bad value for 'stats' [ 81.587663][ T4775] binder: Unknown parameter 'fscontext?}' [ 81.617996][ T36] audit: type=1326 audit(1750410038.160:2902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4777 comm="syz.0.1468" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f430f58e929 code=0x0 [ 81.668540][ T4781] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1372 [ 81.670794][ T4781] rust_binder: Read failure Err(EFAULT) in pid:1372 [ 81.723119][ T4786] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1376 [ 81.781114][ T4787] rust_binder: Write failure EINVAL in pid:1376 [ 81.994989][ T4791] rust_binder: Write failure EFAULT in pid:1004 [ 82.156008][ T4796] binder: Bad value for 'max' [ 82.173973][ T4798] binder: Bad value for 'max' [ 82.178806][ T36] audit: type=1400 audit(1750410038.720:2903): avc: denied { mounton } for pid=4795 comm="syz.1.1474" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 82.426800][ T288] cgroup: fork rejected by pids controller in /syz1 [ 82.493667][ T13] bridge_slave_1: left allmulticast mode [ 82.504817][ T13] bridge_slave_1: left promiscuous mode [ 82.516073][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.532333][ T13] bridge_slave_0: left allmulticast mode [ 82.543944][ T13] bridge_slave_0: left promiscuous mode [ 82.571648][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.674022][ T4821] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 82.674059][ T4821] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1379 [ 82.717399][ T13] veth1_macvtap: left promiscuous mode [ 82.732280][ T13] veth0_vlan: left promiscuous mode [ 83.023098][ T36] audit: type=1326 audit(1750410039.570:2904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4831 comm="syz.0.1483" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f430f58e929 code=0x0 [ 83.371368][ T4839] binder: Unknown parameter 'fscontext?}u/syz0' [ 83.888860][ T4852] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 83.888890][ T4852] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 83.923319][ T4852] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1093 [ 86.413980][ T4904] rust_binder: Write failure EINVAL in pid:1411 [ 86.451972][ T4904] rust_binder: Write failure EINVAL in pid:1411 [ 86.531143][ T4911] SELinux: security_context_str_to_sid () failed with errno=-22 [ 86.755525][ T2614] bridge_slave_1: left allmulticast mode [ 86.777314][ T2614] bridge_slave_1: left promiscuous mode [ 86.789249][ T2614] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.810465][ T2614] bridge_slave_0: left allmulticast mode [ 86.816236][ T2614] bridge_slave_0: left promiscuous mode [ 86.829892][ T2614] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.851830][ T36] audit: type=1400 audit(1750410043.400:2905): avc: denied { remount } for pid=4928 comm="syz.0.1507" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 86.871690][ T4929] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1121 [ 86.879483][ T36] audit: type=1326 audit(1750410043.420:2906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 86.912455][ T36] audit: type=1326 audit(1750410043.420:2907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 86.936364][ T36] audit: type=1326 audit(1750410043.420:2908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 86.960231][ T36] audit: type=1326 audit(1750410043.420:2909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fe4071c11e5 code=0x7ffc0000 [ 86.984009][ T36] audit: type=1326 audit(1750410043.420:2910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 87.008315][ T36] audit: type=1326 audit(1750410043.420:2911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 87.032929][ T36] audit: type=1326 audit(1750410043.420:2912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 87.057627][ T36] audit: type=1326 audit(1750410043.420:2913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 87.081120][ T36] audit: type=1326 audit(1750410043.420:2914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.3.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe40718e929 code=0x7ffc0000 [ 87.181217][ T2614] veth1_macvtap: left promiscuous mode [ 87.186794][ T2614] veth0_vlan: left promiscuous mode [ 87.290367][ T4946] binder: Unknown parameter '0x000000000000000300000000000000000000003' [ 87.421206][ T4956] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1429 [ 87.421862][ T4956] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1429 [ 87.460620][ T4958] rust_binder: Write failure EFAULT in pid:1136 [ 87.519803][ T4962] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 87.583952][ T4962] rust_binder: Error in use_page_slow: ESRCH [ 87.583976][ T4962] rust_binder: use_range failure ESRCH [ 87.590107][ T4962] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 87.595621][ T4962] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 87.603713][ T4962] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1138 [ 87.862312][ T4974] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 88.249219][ T4991] rust_binder: Write failure EINVAL in pid:1435 [ 88.258319][ T4991] rust_binder: Write failure EINVAL in pid:1435 [ 88.348614][ T4995] SELinux: security_context_str_to_sid () failed with errno=-22 [ 88.447330][ T4999] rust_binder: Write failure EFAULT in pid:1437 [ 88.737433][ T5019] rust_binder: Error while translating object. [ 88.743926][ T5019] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 88.753413][ T5019] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1160 [ 88.946994][ T5031] rust_binder: Error while translating object. [ 88.956356][ T5031] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 88.962865][ T5031] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1442 [ 88.972774][ T5032] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 89.340975][ T5052] binder: Bad value for 'max' SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: tun: ioctl(TUNSETIFF) failed (errno 22: Invalid argument) loop exited with status 67 SYZFAIL: repeatedly failed to execute the program proc=1 req=1478 state=3 status=67 (errno 32: Broken pipe) [ 89.791229][ T2614] bridge_slave_1: left allmulticast mode [ 89.796998][ T2614] bridge_slave_1: left promiscuous mode [ 89.802621][ T2614] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.810048][ T2614] bridge_slave_0: left allmulticast mode [ 89.815685][ T2614] bridge_slave_0: left promiscuous mode [ 89.821496][ T2614] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.981712][ T2614] veth1_macvtap: left promiscuous mode [ 89.987204][ T2614] veth0_vlan: left promiscuous mode [ 90.271337][ T2614] bridge_slave_1: left allmulticast mode [ 90.276996][ T2614] bridge_slave_1: left promiscuous mode [ 90.282630][ T2614] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.290214][ T2614] bridge_slave_0: left allmulticast mode [ 90.295850][ T2614] bridge_slave_0: left promiscuous mode [ 90.301499][ T2614] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.391484][ T2614] veth1_macvtap: left promiscuous mode [ 90.396975][ T2614] veth0_vlan: left promiscuous mode