last executing test programs: 1m50.653323441s ago: executing program 2 (id=690): openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000e00), 0x0, 0x0) prctl$PR_CAPBSET_READ(0x17, 0xcf) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000200)=0x8000, 0x12) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000800), 0x161200, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x7fffffffffffffff) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) ioctl$ASHMEM_SET_NAME(r2, 0x41007701, &(0x7f0000000000)='/dev/ashmem\x00') 1m50.591939382s ago: executing program 2 (id=691): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x80401, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x10d440, 0x0) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000440)={0x2, 0x0, 0x98, &(0x7f0000000380)={0x400, 0xffff, 0x10}}) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000057c0), 0x8001, 0x0) ioctl$PTP_SYS_OFFSET(r2, 0x43403d05, &(0x7f0000000000)={0xd}) ioctl$BLKRRPART(r0, 0x125f, 0x0) 1m50.591552771s ago: executing program 2 (id=692): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x27) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x22052, r1, 0x2000) 1m50.236547987s ago: executing program 2 (id=699): r0 = openat$ptp0(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, &(0x7f0000000040)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r4, 0x4188aea7, &(0x7f0000000100)=ANY=[@ANYBLOB="00a0"]) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc9a, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0xfffffffffffffce6}}, 0x10}], 0x0, 0x0, 0x0}) 1m50.120388909s ago: executing program 2 (id=704): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x0, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x2, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000080)={0x8}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) ioctl$FS_IOC_GETFSSYSFSPATH(r2, 0x80811501, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x30, r0, 0x64f0000) 1m50.104728249s ago: executing program 2 (id=705): r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000040)=@x86={0x3, 0x8, 0x0, 0x0, 0x2, 0x2, 0xe, 0xfe, 0xfc, 0x12, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8000000000002}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000f00)={'binder0\x00'}) 1m35.022228381s ago: executing program 32 (id=705): r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000040)=@x86={0x3, 0x8, 0x0, 0x0, 0x2, 0x2, 0xe, 0xfe, 0xfc, 0x12, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8000000000002}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000f00)={'binder0\x00'}) 17.360554493s ago: executing program 4 (id=2381): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x1, 0x18}}, &(0x7f0000000140)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 17.238933035s ago: executing program 4 (id=2382): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x7, 0xfff9, 0x7}) ioctl$KVM_CREATE_VCPU(r0, 0x40087707, 0x2) 17.153389276s ago: executing program 4 (id=2384): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0xca800, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1}) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r4, 0x2000000, 0x100010, r3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x0, &(0x7f00000001c0)={@flat=@weak_binder={0x77622a85, 0x18a, 0x3}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000040)=""/10, 0xa, 0x0, 0x4}}, 0x0}, 0x10}], 0x5e, 0x0, &(0x7f0000000280)="27340dbe79e8af432ff4fa2360c88df5a04d8e7eeb14f8d0fab09d900a6bb5bc0f07887e054cb7693ae1fb57bdf9173c6f2dd3f6284401f0a87fa2166027d3eda04b0809ab53399e60c5169690bcaa67b7123d2729933e63d78255ba0d07"}) 16.942251699s ago: executing program 4 (id=2386): ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0x1, 0xffffffffffffffff, 'id1\x00'}) close(r0) ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000080)) syz_clone(0x80101000, &(0x7f00000000c0)="171fc9c4e1e8ec3bb29d8ec6ec9a7bdde6dff7047770cffa14db528bd72b9b46e9d97d999a99c298dc1351853584463dbb11c9c5f64e6c1c1b9f4ad0a996c1dc4a7a2549c92e6525fc9eadd811a732ea8f91e7c28643f0079ab425f030b7955d6fed47f062ba382fd53b056256cc33e561297369f6d95b9957af3456f10e45", 0x7f, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="b7f1a1adf386a3c9e80dd7b29a7d1fff518a0db571c57d2e56872d8920310bbf3778ea7a572d01b3df3183c685af6483ceffe113d597affbce8364a3273c33c381e5191a7be0543c27dc7bafcef9f045d39411823c5e6774a8c967de0796fa28011976f1bd9cc5d82e3d7ef7a4ef8452d0ce9f5dbd8a2482949e50a3885d17283c85a14c9e1adc04a7c0421e6b51d67f2e20dc013c7d5e6eead5b8b5933a6867659dad5cf73bf5c82a09225c125134a949bb1c642f9b6180ed411748057eb39d1158955387371e9da64983ac7c09def7d7886263b82a1d8d7977d430d18d80b11abf5251") syz_clone(0x10000000, &(0x7f00000002c0)="f97a4a12a501642be61b9e9fb40cd8e37d2400bcc26ca05fd7a9df098a9918c27338542f672b1e769c7b82cdead17049bf5379b2dc9b2c9d2879dc95868c09fa85b420b7a4ff068e5dd665043eb0eba8caa83cb71536c866ce2ed2ca7b4adae67252f38f0a53982257e120febf2b10236e3d8882a55f05a4576f7cfb315f7b9ae9e8f2df93fdb19fa8792838b09f69f5ae655f2612f56d168e7f9e99774dabfd824f11b88773d432f41f828bb81707c5a70f91b70bfd76bbbe71e559013e", 0xbe, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)="129e0593b3f611f97f21d1377e8e8a393d9f0f0ba35c6c73b0b09399c956dae6d912be2a228172c89bcb45cdc0e0c3c3150147f10a28f455ba0fc891f822eaba672def409c9ca7f9bd2f24c23b58bc132725f78799af2c5959b17dd1ce31ea401b5b0c3c4af698852a84afe2e2f0d95d51cd15032f1ecf66125ed293f78daf5b1466018c5c54bed74b82ce7c6cb5bee4f6f3aa625c5b91bcc62eb21ae28225429466498db9751412ced96b2e92d71300e616ae1d81302e93ba7bde2b62ae7cf2f948228e5c2b85f99c2c3c1fb213d462490d94b1") r1 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000500)=0x9) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000540)={0x1, 0xf, {0x57, 0x1000, 0x4, {0x3, 0x3}, {0x35ca}, @ramp={0x2, 0x4, {0x9, 0x9, 0xb7, 0x8}}}, {0x57, 0xbb, 0x5, {0xb}, {0x73d, 0x5}, @const={0x4000, {0x4, 0x9, 0x7ff, 0x2e4}}}}) ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f00000005c0)) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) r3 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x482300, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000640)={{0x0, 0xff, 0x3df, 0x1, 0x8, 0xffffffffffff7ee2, 0x3, 0x2, 0xc7fc, 0x6, 0x7, 0x1, 0x691a, 0xffffffffffffff8f, 0x10000}, 0x18, [0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r4, 0xc0709411, &(0x7f0000000700)={{r6, 0x175, 0x0, 0x1, 0x6, 0xd165, 0x4, 0x7, 0x1, 0xb, 0x800000, 0x0, 0x5, 0x1, 0x5}, 0x10, [0x0, 0x0]}) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000780)) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x6) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, 0x0) ioctl$NS_GET_USERNS(r3, 0xb701, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000007c0)={0x10004, 0x1, 0x10000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) openat$ppp(0xffffffffffffff9c, &(0x7f0000000800), 0x22800, 0x0) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000840)="4223feb32e3570eaea6ca8f77a470adc8459bb76414e879d4cbe6b1daa25b8c396b241f0d4b47cc795cf61109062e6e211badc71731341a61d315ae7a6d990ee488aa8c42f29c0b6d4f3a8cfc2259d4189426e27a0989eb129a78fcd6f0b18fc924996f8c723853dadcb004f2f8a7e287a84e46f6c81f04b85ecae477e69e491963e4a5080efe79003b30bfe0445422efb9e1349d4ac1be5a18731266c75df22ea52a0746dcd4414f6a771435659533cea7df9f3cd4bea302b480a", 0xbb) ioctl$TUNSETLINK(r0, 0x400454cd, 0x310) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000900)={0x4, 0x0, [{0xae8, 0x0, 0x8}, {0xa80, 0x0, 0x6f}, {0x403, 0x0, 0x8}, {0x25e, 0x0, 0x4}]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000980)="e10d96d9e8cd7748b8b0e130ee76d79493ada276da71f919714c496907c683f61084deb1c00caad651570be5fa27698d4ff1c1aa734e97", 0x37) 16.851857481s ago: executing program 4 (id=2387): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$TUNGETDEVNETNS(r0, 0xff05, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x3b, 0x0, 0x3}]}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f47"]) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_BOOT_CPU_ID(r4, 0xae78, &(0x7f0000000180)=0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) r6 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$tcp_mem(r6, 0x0, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats']) 16.719694743s ago: executing program 4 (id=2389): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0xc9, 0x0, 0xc}) syz_clone3(&(0x7f0000000340)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d564b0000000001000000000000d0"]) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) (async) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) (async) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) (async) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0xc9, 0x0, 0xc}) (async) syz_clone3(&(0x7f0000000340)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) (async) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d564b0000000001000000000000d0"]) (async) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) (async) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) (async) 1.96519288s ago: executing program 1 (id=2534): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000040)) 1.753173863s ago: executing program 1 (id=2538): mount$binderfs(0x0, &(0x7f0000000580)='./binderfs\x00', 0x0, 0x4008024, &(0x7f0000000040)={[{@stats}]}) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.sched_load_balance\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000000)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) 1.459830897s ago: executing program 0 (id=2539): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) write$FUSE_LSEEK(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCEXCL(r4, 0x540c) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$PTP_PIN_GETFUNC2(r5, 0xc4c03d12, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x5) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009002"]) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000098}]}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000001300)=""/92, 0x80a0000}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x6, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap$binder(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x1, 0x11, r7, 0x0) 1.459410557s ago: executing program 33 (id=2389): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0xc9, 0x0, 0xc}) syz_clone3(&(0x7f0000000340)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d564b0000000001000000000000d0"]) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) (async) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) (async) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) (async) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0xc9, 0x0, 0xc}) (async) syz_clone3(&(0x7f0000000340)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) (async) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d564b0000000001000000000000d0"]) (async) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) (async) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) (async) 1.421399018s ago: executing program 1 (id=2541): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000180)={0x2020}, 0x2020) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x19) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae09, &(0x7f0000000000)) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x4d0, 0x0, 0x8000000000000001}]}) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0) write$vga_arbiter(r6, &(0x7f0000001580)=ANY=[@ANYBLOB='target PCI:0:0:0.', @ANYRESHEX], 0x13) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[]) 1.379519168s ago: executing program 3 (id=2542): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f00000001c0)={0x5, &(0x7f0000000180)=[{0x8, 0x8, 0xac, 0xab2}, {0x1, 0x5, 0xf9, 0x3}, {0x8c, 0x61, 0x2, 0x10000}, {0x7, 0x10, 0x2, 0x2}, {0x6, 0xf7, 0x9, 0x2}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x400000000002) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x40000107}, {0x20b, 0x0, 0x7}]}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000dc0)='./cgroup/syz0\x00', 0x200002, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x14, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x5, 0x8000000000000, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x6], 0x1, 0x3c4210}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r6, 0xc008ae05, &(0x7f0000000000)=""/35) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) (async) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f00000001c0)={0x5, &(0x7f0000000180)=[{0x8, 0x8, 0xac, 0xab2}, {0x1, 0x5, 0xf9, 0x3}, {0x8c, 0x61, 0x2, 0x10000}, {0x7, 0x10, 0x2, 0x2}, {0x6, 0xf7, 0x9, 0x2}]}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x400000000002) (async) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x40000107}, {0x20b, 0x0, 0x7}]}) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000dc0)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x14, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x5, 0x8000000000000, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x6], 0x1, 0x3c4210}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) (async) ioctl$KVM_GET_SUPPORTED_CPUID(r6, 0xc008ae05, &(0x7f0000000000)=""/35) (async) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async) 1.107995063s ago: executing program 0 (id=2543): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x400000b0}]}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001']) 1.096203813s ago: executing program 3 (id=2544): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x0, 0x0) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x20, 0x0, &(0x7f0000000140)=[@acquire_done={0x40106309, 0x3}, @free_buffer={0x40086303, r1}], 0xac, 0x0, &(0x7f0000000200)="2d7c1a9f2db1fa288149488467ed36b831781d7456592e3c1b4e3246a3a459002b717485892db4814a6c084a660a3867d49d884a6f4837417b95a4791eecfdb3436375126d82070dcc7c2c36bf48dc67a6c503eac6b0fbbe4312540e4bf8d4cd20c27e86dcba7e3dc2716dc4f73835f19a9049872603f420c5afebb762507e3170bd883bff6098bf1bf70789e2c3682f1d00007494cc32bdd4028798b7d45ba8813e648a7f085b157762dd9a"}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x3, 0x3, 0x3ff, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x10000000, 0x99, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0xfffffffe, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x8, 0x0, 0x3, 0x0, 0x6, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0xffffffff, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa0000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x2, 0x0, 0x2000079, 0x0, 0x0, 0x0, 0x10000, 0x40000, 0x8, 0xc0000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0xffffffff, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x44, 0x4000400, 0x0, 0x0, 0xfffffffd], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x3, 0x0, 0x0, 0x0, 0x100000]}, 0x45c) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r2, 0x5501) write$uinput_user_dev(r2, &(0x7f0000000500)={'syz1\x00', {0x800, 0xfff9, 0x4, 0x4}, 0x42, [0x5903, 0x7, 0x7, 0x2, 0x5, 0x7ff, 0xe3e0, 0x6, 0x3, 0xb1f, 0xce55, 0x6, 0xe, 0x1, 0x3, 0x9, 0x0, 0x10af9c90, 0x6, 0x3, 0x8, 0x8, 0x8, 0x4, 0x0, 0x0, 0x0, 0x608a, 0x9, 0x1, 0x1, 0x5, 0x401, 0x2, 0x1, 0xa1, 0xfffffffa, 0x5, 0x5, 0x1000, 0x7f, 0x5, 0x1, 0xffffffff, 0x200, 0x0, 0x0, 0xf, 0x0, 0x4d8, 0x5, 0x8, 0x1, 0x3, 0x292, 0xfffeffff, 0x1baf, 0x2, 0x5, 0x1ff, 0x6, 0x2f, 0x6, 0x2], [0x3, 0x7, 0x3, 0x1, 0x2, 0xffff58d8, 0x9, 0x80, 0x1, 0x4d14, 0x2, 0x0, 0x8, 0x7, 0xe32b, 0x9, 0xce28, 0x407f, 0x2, 0x6, 0x6, 0x5, 0x2, 0xed, 0xb, 0x80000001, 0x6, 0x3000, 0x9, 0x2, 0x2, 0x4, 0x8000, 0x2, 0xbc, 0x1, 0x4, 0x97b0, 0x9, 0xc, 0x3, 0x2, 0x5, 0x7, 0x0, 0x9, 0x6, 0x5d, 0x5, 0x10000, 0x4, 0x3, 0x0, 0x3ff, 0x401, 0xfe5, 0x4, 0x9b8, 0x3, 0x2, 0x9, 0x42a7, 0x800, 0x9], [0x7, 0xfffff801, 0x7, 0xfff, 0x2, 0xdb, 0x0, 0x6, 0x7, 0x100, 0x9, 0x9, 0x101, 0x4c, 0x6, 0x5, 0xfff, 0x3, 0x7, 0x0, 0xf, 0x0, 0xfffffffa, 0x7, 0x4, 0x5, 0x10001, 0x5, 0x2, 0xe3a1, 0x6, 0x5, 0x6, 0xb1cc, 0x9, 0x2, 0x6, 0xc, 0x8, 0x0, 0x9, 0x6, 0xfffffffd, 0xa60d, 0x7, 0x1, 0x6, 0x7fff, 0x8, 0x0, 0x6, 0x9, 0x2, 0xa421, 0x9, 0x10, 0x7, 0x0, 0x95b2, 0x1, 0x195, 0x7fff, 0x5, 0x7b8c], [0x0, 0x788e, 0xfffffffb, 0x9, 0x5, 0x4, 0x9, 0x2, 0x1000, 0xf2, 0x8ec, 0xec, 0x43df1e02, 0x0, 0x4c6, 0x4, 0x7, 0x5, 0x3, 0x2, 0x51, 0x1, 0x6, 0x4, 0x4, 0x2f5, 0xf, 0x0, 0x2, 0x6, 0x28, 0x6, 0x1, 0x81, 0x1, 0x1, 0x5, 0x1, 0x0, 0x6, 0x3, 0xdd16, 0x1, 0x0, 0x10000, 0xfffffff7, 0x4, 0x4, 0xc, 0x1, 0xffffff83, 0xe, 0x7, 0x80000000, 0x6, 0xf, 0x200008, 0x7, 0x5, 0x80, 0x7, 0x0, 0x200, 0xb8e]}, 0x45c) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @fda={0x66646185, 0x2, 0x2, 0x4}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0}) 946.778575ms ago: executing program 0 (id=2545): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3d) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x8d, 0x0, 0x390}]}) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCGNPMODE(r4, 0x4008744b, &(0x7f0000000140)={0x29}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB='max=00000000000000000000001', @ANYRESHEX=r0, @ANYRESOCT=r2, @ANYRES16=r0, @ANYRES64=r3, @ANYRES8=r0, @ANYRES8=r4, @ANYRES32=r4]) 755.697068ms ago: executing program 3 (id=2546): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) (async) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000057c0), 0x8001, 0x0) ioctl$PTP_SYS_OFFSET(r2, 0x43403d05, &(0x7f0000000000)={0x20000009}) (async) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_RESVSP(r3, 0x40305829, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xf001}) (async) close_range(r0, 0xffffffffffffffff, 0x2) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r4, 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r4, 0xc2a4a000) 755.194528ms ago: executing program 3 (id=2547): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x9) write$uinput_user_dev(r1, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x2, 0x1, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x7db, 0x4, 0xfffffc01, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x7ff, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x7, 0x7fff, 0x4000000, 0x7, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xf, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xb, 0x5, 0x6, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x6, 0x800, 0x2, 0x8a, 0x6, 0x1, 0x6], [0xffffffd2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x0, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x4, 0x7, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x9, 0x0, 0x5, 0x4, 0x7, 0x8, 0x40, 0xc10, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x7, 0x4, 0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x11e, 0xa4, 0x4, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x68], [0x3, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x401, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0x6, 0xa, 0x6, 0x4, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x3fc, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0xff, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x2, 0xb, 0x0, 0xffff, 0x7, 0x6, 0x2, 0x81, 0x8, 0x2, 0x7, 0x100, 0x8, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x407, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x80000000, 0x5, 0x3, 0x200, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17ce, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x5, 0x11b, 0x996, 0x50, 0x8c1, 0x0, 0x5, 0x4, 0xf, 0x100, 0x10000400, 0x9, 0x7fff, 0x3, 0xfffffffb, 0xc, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000000b00)={'syz0\x00', {0x9, 0x1, 0x101, 0x8}, 0x22, [0x80, 0x6, 0x56, 0x80000001, 0x1922, 0x2, 0x67a8, 0x9, 0x0, 0x2, 0x9, 0x8, 0x5e5, 0x800, 0x2, 0x9, 0x3ff, 0x20, 0xddf, 0x1, 0x1ff, 0xfffffff8, 0x1, 0x5, 0x5, 0x23, 0x5, 0xffff, 0xffff8000, 0xfffffffd, 0x3, 0x6, 0xfffffff9, 0x1, 0x4, 0x7, 0x2, 0x401, 0x94, 0x9, 0x4, 0x8, 0x3, 0x9, 0x10001, 0x3, 0x5, 0x401, 0x10001, 0x7ff, 0x40, 0xd, 0x1000, 0x5, 0x1, 0x101, 0x4, 0x80000001, 0x8, 0x8e, 0x6, 0x5, 0x3bf9, 0x91], [0xbd5, 0x9, 0x7f, 0x0, 0xfffffffc, 0x4, 0x6, 0x10001, 0x3, 0x80000001, 0x6, 0xfffffff9, 0x8, 0xe, 0xc, 0x4, 0x28f5, 0xc, 0x5, 0x38a5, 0xdaec, 0xd4, 0x0, 0x8, 0x3ff, 0x1, 0x8, 0x1, 0x200, 0x7fff, 0xfffffff9, 0x0, 0x1, 0x2f, 0x3b53, 0x8001, 0xeee, 0x9, 0x7b, 0x943, 0x8, 0xd, 0x29e, 0x9, 0x9, 0x10001, 0x3a, 0x4, 0x0, 0xf137, 0x4, 0x9, 0x9, 0x7f, 0x5, 0x9, 0x800, 0x1350, 0x35a29e2d, 0x0, 0x82b, 0x3, 0x1, 0x2], [0x0, 0x8, 0x400, 0x1, 0x9, 0x800, 0x8, 0x10001, 0x9, 0x9, 0xfffff98d, 0x7, 0x75e2f897, 0x4, 0x6, 0x9, 0x5, 0x8001, 0x5, 0x918a, 0xdfc2, 0xffffffff, 0x5, 0xd, 0xb, 0x4, 0x10000, 0x7, 0x8, 0x2, 0x2, 0x0, 0x1, 0x5, 0xa73f, 0x6, 0x7, 0x1, 0x2, 0xffffffff, 0x9, 0x200, 0x77, 0x401, 0x0, 0x0, 0x1ff, 0x9, 0xd, 0x9, 0x52, 0x3, 0x8, 0x7, 0x80, 0xffffffff, 0x4, 0x8, 0x7, 0x7, 0x5, 0x9, 0x0, 0x1ff], [0x8, 0xfff, 0xe73, 0x1, 0x3, 0x127, 0x0, 0x8, 0x1ff, 0x7f, 0x6, 0x6, 0x7, 0x9ca, 0x9, 0x2, 0x4, 0x4, 0x8, 0xb8d, 0xbf6, 0x6, 0x5, 0x9, 0xfffffffe, 0x2, 0x2, 0x2, 0xff, 0x1, 0xcf, 0x3ff, 0x4, 0x3, 0x2, 0x369, 0x6, 0x1, 0x5, 0x1, 0xffffff3b, 0x8, 0x2, 0x8, 0xb, 0x1, 0x1, 0x0, 0x2, 0x5, 0x8, 0x7, 0x2, 0x1, 0x4, 0x7, 0x7f, 0xa4447459, 0x8, 0xf, 0x9, 0x8000c, 0x10, 0xc]}, 0x45c) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x54, 0x0, &(0x7f0000000300)=[@increfs, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) 721.818449ms ago: executing program 1 (id=2548): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) 616.59439ms ago: executing program 3 (id=2549): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) (async) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000040)={0x3, 0x975, &(0x7f00000002c0)="3af9a7f7db2de3695db4118acb3b6094459021e8b02f7ee8b100a33fd48f190a7ac5cfa90f21d86f1342623c8c7c250decf6a0243cd450be91d67aa4378454b9e0b6178d47dc029fe731d76fb386eeb2cae4d6a620cbbbc48dc0cc0cd1918c38c196c9cca6f2b409a32210e5dac8cf933e6833d9081895be4a3fc54cc61ec40e9d56", &(0x7f0000000380)="6ceb11fa2b47522deffa047fbedeba457301ff9060ed4f662810dab842069a4113326a8e7366e3199004b55d686e5d5cf5621dad5604fd90cd72d687c951664c5e5050c844efb0955abcb05c25e01a3eaccabf226d2f9ed70309d01235", 0x82, 0x5d}) (async) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) ioctl$BLKSECTGET(r5, 0x1267, &(0x7f0000000140)) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f0000000000)='$}&/*\x00') mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f00000001c0)={@fda={0x66646185, 0xfffffffffffffffd, 0x2, 0x36}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @flat=@binder={0x73622a85, 0x1100, 0x1}}, &(0x7f0000000280)={0x0, 0x20, 0x48}}, 0x10}], 0x0, 0x0, 0x0}) 519.877992ms ago: executing program 0 (id=2550): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2, 0x2, 0xeeee8000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000280)=0x10000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xc, 0x0, &(0x7f0000000340)=[@free_buffer={0x40086303, r3}], 0x0, 0x0, 0x0}) 470.251553ms ago: executing program 1 (id=2551): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x98, 0x0, &(0x7f0000000300)=[@increfs, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000040)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x101, 0x1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000100)={0x0, 0x18, 0x30}}}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@fd, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/163, 0xa3, 0x2, 0x3a}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x400}], 0x4, 0x0, 0x0}) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0xaee29000) 312.939025ms ago: executing program 3 (id=2552): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x3000) 120.439818ms ago: executing program 0 (id=2553): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001200), 0x802, 0x0) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001480)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$cgroup_int(r1, &(0x7f0000001500)=0xffffffffffffffff, 0x12) ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, 0x0) mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="6d61783d30303030303030303030303030303030303030303030302c0083a7060dcce2e7490e2c428b8b5330fa15e9c900eab6696f74876debc3034544626dfb0a0be1198bd5e05e10d357b6f4d6c938c27d77b2fcb4b1d92dd2a2855d4891de77219a2dfd3300c22aec66b6a50b050d33f5cf1dc462994c2bdba33f8549c4e95f4bdaec8b15fe4230203c85aedf0c94b8e608a23e118887de297fcdc13e20a9da18257f38f29b5431143473c97df77372f220510b9b9b4dd36fcf330653cec8a479de7b85e9aa436b97b1406ea2ca89d9917eab66ca8dddbb89aa7cea17e447ef21a6a5582f1f949bbf9440b59e194a00"/256]) 13.555279ms ago: executing program 0 (id=2554): r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000b80), 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r1, 0xf504, 0x0) prctl$PR_MCE_KILL(0x35, 0x0, 0x8) r2 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r2, 0x82307201, &(0x7f0000000c00)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) ioctl$TUNGETVNETLE(r2, 0x800454dd, &(0x7f0000000200)) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x190e}, @flat=@binder={0x73622a85, 0x1}, @fda={0x66646185, 0x7, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffffffffff9) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap(&(0x7f0000ff6000/0x1000)=nil, 0x1000, 0x0, 0x11, r5, 0x8527d000) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000001c0), 0x442000, 0x0) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f0000000000)='/dev/ashmem\x00') 0s ago: executing program 1 (id=2555): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x4, 0x0, &(0x7f00000002c0)="8a3e4b14"}) kernel console output (not intermixed with test programs): idge_slave_0: entered promiscuous mode [ 107.100555][ T304] veth1_macvtap: left promiscuous mode [ 107.107027][ T304] veth0_vlan: left promiscuous mode [ 107.146732][ T5318] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.154095][ T5318] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.161753][ T5318] bridge_slave_1: entered allmulticast mode [ 107.168617][ T5318] bridge_slave_1: entered promiscuous mode [ 107.236182][ T305] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.243647][ T305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.254128][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.261195][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.294577][ T5318] veth0_vlan: entered promiscuous mode [ 107.306696][ T5318] veth1_macvtap: entered promiscuous mode [ 107.409332][ T36] audit: type=1400 audit(1750363315.570:482): avc: denied { write } for pid=5329 comm="syz.0.1598" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 107.431469][ T36] audit: type=1400 audit(1750363315.570:483): avc: denied { remove_name } for pid=5329 comm="syz.0.1598" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 107.455237][ T36] audit: type=1400 audit(1750363315.570:484): avc: denied { unlink } for pid=5329 comm="syz.0.1598" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 107.490319][ T5333] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 107.500151][ T5333] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1147 [ 107.535574][ T36] audit: type=1400 audit(1750363315.700:485): avc: denied { execute } for pid=5335 comm="syz.4.1605" path="/dev/binderfs/binder0" dev="binder" ino=73 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 107.576669][ T5341] rust_binder: Error while translating object. [ 107.576712][ T5341] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 107.583227][ T5341] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:61 [ 107.633314][ T5347] rust_binder: Write failure EFAULT in pid:63 [ 107.856396][ T36] audit: type=1326 audit(1750363316.020:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5360 comm="syz.4.1613" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f775dd8e929 code=0x0 [ 108.235480][ T5377] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.242914][ T5377] rust_binder: Failed to allocate buffer. len:18446744073709551608, is_oneway:false [ 108.249563][ T5377] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 108.259335][ T5377] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1160 [ 108.417523][ T5383] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:126 [ 108.454781][ T5386] rust_binder: Write failure EFAULT in pid:1164 [ 108.468948][ T5386] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1164 [ 108.498570][ T5390] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 108.508140][ T5390] rust_binder: Error while translating object. [ 108.519128][ T5390] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 108.520599][ T304] bridge_slave_1: left allmulticast mode [ 108.525726][ T5390] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:131 [ 108.537766][ T304] bridge_slave_1: left promiscuous mode [ 108.553561][ T5390] binder: Unknown parameter 'coµ ;em_' [ 108.556504][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.571699][ T304] bridge_slave_0: left allmulticast mode [ 108.577770][ T304] bridge_slave_0: left promiscuous mode [ 108.584859][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.614550][ T36] audit: type=1326 audit(1750363316.780:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5395 comm="syz.3.1629" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f83c7d8e929 code=0x0 [ 108.671244][ T5402] binder: Unknown parameter 'hash' [ 108.710484][ T5379] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.717778][ T5379] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.726613][ T5379] bridge_slave_0: entered allmulticast mode [ 108.733477][ T5379] bridge_slave_0: entered promiscuous mode [ 108.740435][ T5379] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.748743][ T5379] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.757661][ T5379] bridge_slave_1: entered allmulticast mode [ 108.765977][ T5379] bridge_slave_1: entered promiscuous mode [ 108.771578][ T5409] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.773291][ T5409] rust_binder: Write failure EINVAL in pid:1173 [ 108.788532][ T304] veth1_macvtap: left promiscuous mode [ 108.795201][ T304] veth0_vlan: left promiscuous mode [ 108.878491][ T5411] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.880411][ T5411] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 108.894451][ T5411] rust_binder: Write failure EINVAL in pid:1175 [ 108.912729][ T5418] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.926875][ T5418] rust_binder: Failed to allocate buffer. len:18446744073709551608, is_oneway:false [ 108.935928][ T5418] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 108.946617][ T5418] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1178 [ 109.024730][ T5379] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.041178][ T5379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.048765][ T5379] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.056145][ T5379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.078227][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.086289][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.097090][ T3209] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.104468][ T3209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.115015][ T3209] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.122233][ T3209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.152410][ T5424] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 109.162089][ T5379] veth0_vlan: entered promiscuous mode [ 109.178543][ T5379] veth1_macvtap: entered promiscuous mode [ 109.242143][ T36] audit: type=1326 audit(1750363317.410:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5433 comm="syz.0.1621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 109.267504][ T36] audit: type=1326 audit(1750363317.410:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5433 comm="syz.0.1621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 109.292997][ T36] audit: type=1326 audit(1750363317.430:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5433 comm="syz.0.1621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 109.319284][ T36] audit: type=1326 audit(1750363317.430:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5433 comm="syz.0.1621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 109.319294][ T5434] rust_binder: Error while translating object. [ 109.346423][ T5434] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 109.353582][ T5434] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:2 [ 109.365717][ T5435] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 109.552292][ T5457] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 109.558967][ T5457] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 109.567785][ T5457] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:13 [ 109.587539][ T5457] tun0: tun_chr_ioctl cmd 1074025675 [ 109.611362][ T5457] tun0: persist disabled [ 109.640955][ T5461] rust_binder: Write failure EINVAL in pid:1189 [ 109.645192][ T5463] rust_binder: Write failure EINVAL in pid:1189 [ 109.669810][ T5466] rust_binder: Write failure EFAULT in pid:145 [ 109.690575][ T5469] SELinux: ebitmap: truncated map [ 109.702352][ T5469] SELinux: failed to load policy [ 109.768235][ T5480] FAULT_INJECTION: forcing a failure. [ 109.768235][ T5480] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 109.782787][ T5480] CPU: 0 UID: 0 PID: 5480 Comm: syz.0.1655 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 109.782818][ T5480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.782828][ T5480] Call Trace: [ 109.782833][ T5480] [ 109.782839][ T5480] __dump_stack+0x21/0x30 [ 109.782864][ T5480] dump_stack_lvl+0x10c/0x190 [ 109.782882][ T5480] ? __cfi_dump_stack_lvl+0x10/0x10 [ 109.782899][ T5480] dump_stack+0x19/0x20 [ 109.782915][ T5480] should_fail_ex+0x3d9/0x530 [ 109.782932][ T5480] should_fail+0xf/0x20 [ 109.782946][ T5480] should_fail_usercopy+0x1e/0x30 [ 109.782962][ T5480] _copy_to_user+0x24/0xa0 [ 109.782982][ T5480] simple_read_from_buffer+0xed/0x160 [ 109.783005][ T5480] proc_fail_nth_read+0x19e/0x210 [ 109.783020][ T5480] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 109.783033][ T5480] ? __cfi_slab_free_after_rcu_debug+0x10/0x10 [ 109.783054][ T5480] ? bpf_lsm_file_permission+0xd/0x20 [ 109.783070][ T5480] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 109.783084][ T5480] vfs_read+0x278/0xb60 [ 109.783101][ T5480] ? __cfi_vfs_read+0x10/0x10 [ 109.783117][ T5480] ? __kasan_check_write+0x18/0x20 [ 109.783133][ T5480] ? mutex_lock+0x92/0x1c0 [ 109.783147][ T5480] ? __cfi_mutex_lock+0x10/0x10 [ 109.783160][ T5480] ? __fget_files+0x2c5/0x340 [ 109.783180][ T5480] ksys_read+0x141/0x250 [ 109.783196][ T5480] ? __cfi_ksys_read+0x10/0x10 [ 109.783213][ T5480] ? __kasan_check_read+0x15/0x20 [ 109.783228][ T5480] __x64_sys_read+0x7f/0x90 [ 109.783245][ T5480] x64_sys_call+0x2638/0x2ee0 [ 109.783263][ T5480] do_syscall_64+0x58/0xf0 [ 109.783281][ T5480] ? clear_bhb_loop+0x35/0x90 [ 109.783301][ T5480] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 109.783322][ T5480] RIP: 0033:0x7fcb2918d33c [ 109.783335][ T5480] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 109.783348][ T5480] RSP: 002b:00007fcb2a09a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.783366][ T5480] RAX: ffffffffffffffda RBX: 00007fcb293b5fa0 RCX: 00007fcb2918d33c [ 109.783378][ T5480] RDX: 000000000000000f RSI: 00007fcb2a09a0a0 RDI: 0000000000000004 [ 109.783388][ T5480] RBP: 00007fcb2a09a090 R08: 0000000000000000 R09: 0000000000000000 [ 109.783397][ T5480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.783406][ T5480] R13: 0000000000000000 R14: 00007fcb293b5fa0 R15: 00007ffe6d3d3608 [ 109.783419][ T5480] [ 110.092724][ T5490] rust_binder: Write failure EFAULT in pid:96 [ 110.092974][ T5490] rust_binder: Write failure EFAULT in pid:96 [ 110.114653][ T64] hid-generic 0005:00E2:0008.0003: unexpected long global item [ 110.115212][ T5492] binder: Unknown parameter 'fowner>00000000000000000000' [ 110.121071][ T64] hid-generic 0005:00E2:0008.0003: probe with driver hid-generic failed with error -22 [ 110.221783][ T5501] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.229936][ T5501] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 110.233176][ T5503] binder: Bad value for 'max' [ 110.237059][ T5501] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:101 [ 110.532225][ T5530] rust_binder: Write failure EFAULT in pid:111 [ 110.644320][ T5540] rust_binder: Error while translating object. [ 110.650552][ T5540] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 110.658081][ T5540] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:161 [ 110.705635][ T5544] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 110.811397][ T5557] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1211 [ 110.854920][ T5563] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 110.864468][ T5563] rust_binder: Error while translating object. [ 110.878102][ T5563] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 110.885111][ T5563] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:166 [ 111.048830][ T5573] kvm: Disabled LAPIC found during irq injection [ 111.316387][ T5592] rust_binder: Write failure EINVAL in pid:34 [ 111.744320][ T5604] kvm: kvm [5603]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0xa1a9 [ 111.932604][ T5609] rust_binder: Error in use_page_slow: ESRCH [ 111.932627][ T5609] rust_binder: use_range failure ESRCH [ 111.939177][ T5609] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 111.944914][ T5609] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 111.952976][ T5609] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1217 [ 111.965704][ T5612] rust_binder: Write failure EFAULT in pid:176 [ 111.988320][ T5616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1219 [ 112.083519][ T5620] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 112.100622][ T5620] rust_binder: Error in use_page_slow: ESRCH [ 112.100621][ T5619] rust_binder: Error in use_page_slow: ESRCH [ 112.100638][ T5620] rust_binder: use_range failure ESRCH [ 112.100652][ T5620] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 112.108033][ T5619] rust_binder: use_range failure ESRCH [ 112.114104][ T5620] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 112.119981][ T5619] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 112.127941][ T5620] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1222 [ 112.133724][ T5619] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 112.151337][ T5620] rust_binder: Write failure EINVAL in pid:1222 [ 112.162325][ T5619] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1222 [ 112.249625][ T5632] binder: Bad value for 'defcontext' [ 112.261316][ T5637] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 112.274541][ T5640] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 112.284126][ T3209] Bluetooth: hci0: Frame reassembly failed (-84) [ 112.330244][ T5643] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 112.414752][ T5651] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 112.559023][ T36] kauditd_printk_skb: 22 callbacks suppressed [ 112.559044][ T36] audit: type=1326 audit(1750363320.720:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.591901][ T36] audit: type=1326 audit(1750363320.720:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.615777][ T36] audit: type=1326 audit(1750363320.760:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.642624][ T5656] binder: Unknown parameter 'contextmemory_spread_slab' [ 112.646087][ T5658] binder: Unknown parameter 'contextmemory_spread_slab' [ 112.652783][ T36] audit: type=1326 audit(1750363320.760:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.694725][ T36] audit: type=1326 audit(1750363320.760:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.726125][ T36] audit: type=1326 audit(1750363320.760:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.755406][ T36] audit: type=1326 audit(1750363320.760:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.787246][ T5667] rust_binder: Write failure EFAULT in pid:153 [ 112.810028][ T36] audit: type=1326 audit(1750363320.760:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.843196][ T36] audit: type=1326 audit(1750363320.760:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.867136][ T36] audit: type=1326 audit(1750363320.760:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb2918e929 code=0x7ffc0000 [ 112.901340][ T5677] rust_binder: Write failure EINVAL in pid:198 [ 112.902629][ T5675] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 112.908895][ T5675] rust_binder: Error in use_page_slow: EBUSY [ 112.919677][ T5675] rust_binder: use_range failure EBUSY [ 112.926246][ T5675] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 112.931742][ T5675] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 112.939741][ T5675] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 112.949532][ T5675] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:198 [ 112.979658][ T5674] input: syz1 as /devices/virtual/input/input90 [ 112.986117][ T5681] SELinux: policydb version 950913088 does not match my version range 15-33 [ 112.995980][ T5674] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 113.012711][ T5674] rust_binder: Write failure EINVAL in pid:1228 [ 113.016436][ T5681] SELinux: failed to load policy [ 113.017695][ T5662] rust_binder: Write failure EINVAL in pid:62 [ 113.155482][ T5692] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 113.162084][ T5697] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1233 [ 113.215063][ T5700] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 113.408310][ T5720] rust_binder: Write failure EINVAL in pid:74 [ 113.616992][ T5749] rust_binder: Write failure EINVAL in pid:101 [ 113.755316][ T5766] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 113.768651][ T5766] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 113.785175][ T5766] SELinux: failed to load policy [ 113.791054][ T5766] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 113.800845][ T5766] SELinux: failed to load policy [ 113.807018][ T5766] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 113.920930][ T5778] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:211 [ 114.282120][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 114.288553][ T873] Bluetooth: hci0: command 0x1003 tx timeout [ 114.653230][ T5825] binder: Binderfs stats mode cannot be changed during a remount [ 114.746919][ T5832] binder: Unknown parameter 'context' [ 114.912295][ T5840] input: syz0 as /devices/virtual/input/input92 [ 115.147240][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 115.276169][ T5851] binder: Unknown parameter 'l' [ 115.406695][ T5860] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.506765][ T5866] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:142 [ 115.520906][ T5864] SELinux: security policydb version 17 (MLS) not backwards compatible [ 115.551026][ T5864] SELinux: failed to load policy [ 115.566152][ T5870] rust_binder: Write failure EINVAL in pid:146 [ 115.741739][ T5873] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 115.758944][ T5873] rust_binder: Write failure EINVAL in pid:1273 [ 115.776127][ T5876] binder: Unknown parameter 'smackfsfloor' [ 116.029206][ T5892] rust_binder: Error in use_page_slow: ESRCH [ 116.029233][ T5892] rust_binder: use_range failure ESRCH [ 116.035956][ T5892] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 116.041438][ T5892] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 116.050035][ T5892] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:245 [ 116.144023][ T5895] rust_binder: Write failure EFAULT in pid:155 [ 116.154292][ T5896] rust_binder: Write failure EFAULT in pid:155 [ 116.170804][ T5899] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 116.462295][ T5915] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:167 [ 116.476144][ T5915] input: syz0 as /devices/virtual/input/input95 [ 116.552413][ T5925] binder: Unknown parameter 'defcontext01777777777777777777777' [ 116.682835][ T5932] rust_binder: Error in use_page_slow: ESRCH [ 116.682855][ T5932] rust_binder: use_range failure ESRCH [ 116.688943][ T5932] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 116.694916][ T5932] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 116.703375][ T5932] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:172 [ 116.724409][ T5946] ptm ptm4: ldisc open failed (-12), clearing slot 4 [ 116.886584][ T5956] rust_binder: Write failure EFAULT in pid:178 [ 117.160898][ T5979] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 117.167276][ T823] Bluetooth: hci0: command 0x1003 tx timeout [ 117.167277][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 117.167318][ T5979] rust_binder: Error while translating object. [ 117.188414][ T5979] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 117.194954][ T5979] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:184 [ 117.204787][ T5981] binder: Unknown parameter 'fscontext?}' [ 117.206770][ T5983] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:303 [ 117.223019][ T5979] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 117.242561][ T5979] rust_binder: Error while translating object. [ 117.249122][ T5979] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 117.255715][ T5979] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:184 [ 117.275789][ T5986] rust_binder: Error while translating object. [ 117.285351][ T5986] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 117.291569][ T5986] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:186 [ 117.383654][ T5999] tap0: tun_chr_ioctl cmd 1074025677 [ 117.398510][ T5999] tap0: linktype set to 776 [ 117.409148][ T5999] rust_binder: Write failure EINVAL in pid:191 [ 117.467422][ T6001] binder: Unknown parameter 'S³Èts' [ 117.481129][ T6001] input: syz0 as /devices/virtual/input/input98 [ 117.489728][ T6001] binder: Bad value for 'max' [ 117.670558][ T36] kauditd_printk_skb: 60 callbacks suppressed [ 117.670578][ T36] audit: type=1400 audit(1750363325.830:584): avc: denied { setcurrent } for pid=6015 comm="syz.3.1818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 117.881997][ T873] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 117.957392][ T6038] input: syz1 as /devices/virtual/input/input99 [ 118.024096][ T6044] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 118.024133][ T6044] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:202 [ 118.052116][ T6047] input: syz1 as /devices/virtual/input/input100 [ 118.105739][ T36] audit: type=1400 audit(1750363326.260:585): avc: denied { setattr } for pid=6049 comm="syz.3.1829" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 118.224498][ T6054] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 118.224563][ T6055] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 118.235094][ T6058] input: syz1 as /devices/virtual/input/input101 [ 118.281164][ T6059] rust_binder: Write failure EINVAL in pid:320 [ 118.662326][ T6075] rust_binder: inc_ref_done called when no active inc_refs [ 118.672684][ T6076] rust_binder: inc_ref_done called when no active inc_refs [ 118.725934][ T6082] SELinux: failed to load policy [ 118.759668][ T6078] binder: Bad value for 'max' [ 118.929557][ T6096] SELinux: failed to load policy [ 118.948928][ T6098] SELinux: syz.3.1845 (6098) set checkreqprot to 1. This is no longer supported. [ 119.029973][ T6109] rust_binder: Error while translating object. [ 119.029995][ T6109] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 119.036333][ T6109] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:208 [ 119.143868][ T6117] binder: Bad value for 'stats' [ 119.251568][ T6134] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 119.264074][ T36] audit: type=1400 audit(1750363327.430:586): avc: denied { setattr } for pid=6131 comm="syz.3.1856" path="/dev/binderfs/binder0" dev="binder" ino=37 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 119.282260][ T6133] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 255) [ 119.291472][ T6133] rust_binder: Error while translating object. [ 119.292403][ T6134] rust_binder: Error while translating object. [ 119.302482][ T6133] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 119.311086][ T6134] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 119.315518][ T6133] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:345 [ 119.335577][ T6134] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:210 [ 119.388529][ T6143] rust_binder: Write failure EINVAL in pid:214 [ 119.438636][ T6145] rust_binder: Write failure EINVAL in pid:243 [ 119.478079][ T6148] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:348 [ 119.494645][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 119.503943][ T6150] rust_binder: Error while translating object. [ 119.511283][ T6150] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 119.531178][ T6150] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:217 [ 119.691668][ T6168] rust_binder: Error while translating object. [ 119.701269][ T6168] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 119.709993][ T6168] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:251 [ 120.001447][ T6175] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 255) [ 120.010616][ T6175] rust_binder: Error while translating object. [ 120.021286][ T6175] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 120.027597][ T6175] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1319 [ 120.050789][ T6178] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 120.060785][ T6178] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 120.067930][ T6178] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 120.088708][ T6186] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:260 [ 120.095383][ T6186] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 120.105818][ T6186] rust_binder: Read failure Err(EFAULT) in pid:260 [ 120.175171][ T6192] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 120.278192][ T6194] kvm: kvm [6193]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0xdd000001 [ 120.288597][ T6194] binder: Unknown parameter 'sec©^àe™label' [ 120.469969][ T6203] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:358 [ 120.565363][ T6218] binder: Unknown parameter 'dont_hash' [ 120.757055][ T6233] rust_binder: Write failure EFAULT in pid:277 [ 121.067327][ T6248] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:375 [ 121.174044][ T6251] rust_binder: Write failure EINVAL in pid:288 [ 121.232620][ T6255] rust_binder: Got transaction with invalid offset. [ 121.239131][ T6255] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 121.246107][ T6255] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:292 [ 121.280814][ T6259] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 121.298675][ T6259] rust_binder: Write failure EINVAL in pid:378 [ 121.384270][ T6268] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 121.442495][ T6268] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 121.561954][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 121.569262][ T873] Bluetooth: hci0: command 0x1003 tx timeout [ 121.657999][ T6306] rust_binder: Write failure EINVAL in pid:400 [ 121.659174][ T6307] rust_binder: Write failure EINVAL in pid:309 [ 121.950744][ T6341] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:322 [ 122.030646][ T6345] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 122.056098][ T6350] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 122.081935][ T6350] rust_binder: Read failure Err(EFAULT) in pid:1347 [ 122.113119][ T6356] SELinux: security_context_str_to_sid (system_) failed with errno=-22 [ 122.129287][ T6350] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 122.139117][ T6350] rust_binder: Write failure EINVAL in pid:1347 [ 122.285112][ T6368] kvm: vcpu 508: requested lapic timer restore with starting count register 0x390=1531215282 (3062430564 ns) > initial count (1473793136 ns). Using initial count to start timer. [ 122.424975][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 0 [ 122.461368][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.461412][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.497835][ T6393] rust_binder: Write failure EINVAL in pid:1359 [ 122.528423][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.552655][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.612123][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.612178][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.672475][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.672526][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.701949][ T6399] rust_binder: Write failure EFAULT in pid:1365 [ 122.714801][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.721722][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.737665][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.737711][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.769153][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.769206][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.803359][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.803888][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.839278][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.839335][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.891938][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.892046][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.927334][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.927393][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.943518][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.943577][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 122.958588][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 122.958631][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.000457][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.000507][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.016600][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.016728][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.046890][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.046940][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.057536][ T6416] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.074200][ T6416] rust_binder: Error while translating object. [ 123.082763][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.087103][ T6416] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 123.089519][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.103272][ T6416] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:434 [ 123.105529][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.131999][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.140861][ T6421] rust_binder: Write failure EINVAL in pid:436 [ 123.151911][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.158911][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.172520][ T6424] rust_binder: Error while translating object. [ 123.174197][ T6424] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 123.179109][ T6425] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.181429][ T6424] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1372 [ 123.189968][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.214563][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.231442][ T6425] input: syz1 as /devices/virtual/input/input108 [ 123.244519][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.244569][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.264690][ T6425] rust_binder: Write failure EINVAL in pid:438 [ 123.265189][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.271410][ T6384] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 123.282729][ T6435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:335 [ 123.288871][ T6384] rust_binder: Write failure EINVAL in pid:245 [ 123.361072][ T36] audit: type=1326 audit(1750363331.520:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6448 comm="" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f775dd8e929 code=0x0 [ 123.425118][ T36] audit: type=1400 audit(1750363331.590:588): avc: denied { compute_member } for pid=6455 comm="syz.0.1965" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 123.474823][ T6458] rust_binder: Error while translating object. [ 123.474922][ T6458] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 123.475220][ T6459] rust_binder: Error while translating object. [ 123.481298][ T6458] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1384 [ 123.491156][ T6459] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 123.506108][ T6459] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1384 [ 123.533182][ T6462] input: syz0 as /devices/virtual/input/input110 [ 123.559187][ T6462] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 123.559215][ T6462] rust_binder: Error while translating object. [ 123.570204][ T6462] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 123.576532][ T6462] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:443 [ 123.580069][ T6465] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.603167][ T6465] rust_binder: Write failure EINVAL in pid:1387 [ 123.609966][ T6465] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.617438][ T6467] binder: Bad value for 'stats' [ 123.745691][ T6480] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 123.778776][ T6488] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.794686][ T6488] rust_binder: Write failure EINVAL in pid:448 [ 123.830962][ T6495] input: syz1 as /devices/virtual/input/input112 [ 123.862631][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.862661][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.869587][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.876213][ T6497] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.883289][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.889757][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.896314][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.902927][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.909591][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.916733][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.922624][ T6503] rust_binder: Error while translating object. [ 123.923668][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.929956][ T6503] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 123.936494][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.942830][ T6503] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:268 [ 123.952530][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.970388][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.977026][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.984471][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.991171][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 123.998736][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.005249][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.014251][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.021240][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.029621][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.036503][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.043057][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.049591][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.056126][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.062678][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.069666][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.076331][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.082994][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.089613][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.096231][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.103297][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.109789][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.116450][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.123593][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.130265][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.137072][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.145308][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.151300][ T6505] can0: slcan on ttyS3. [ 124.156912][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.163164][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.174736][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.188563][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.207800][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.214756][ T6505] can0 (unregistered): slcan off ttyS3. [ 124.221765][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.234750][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.241337][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.261906][ T6527] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 124.265607][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.289426][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.297952][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.312346][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.319065][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.326244][ T6525] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 124.332077][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.351084][ T6526] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.352077][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.364470][ T6526] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 124.367298][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.372977][ T6526] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1409 [ 124.402193][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.418327][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.425013][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.445794][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.455904][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.466750][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.478626][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.488050][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.525731][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.533632][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.550229][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.569215][ T6567] rust_binder: Error while translating object. [ 124.576027][ T6567] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 124.576173][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.585450][ T6567] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:356 [ 124.601636][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.631050][ T6493] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.637887][ T6496] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.768890][ T6581] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.776836][ T6582] SELinux: security_context_str_to_sid () failed with errno=-22 [ 124.814470][ T6586] rust_binder: Error while translating object. [ 124.814520][ T6586] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 124.820879][ T6586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:285 [ 124.857856][ T6594] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 124.911968][ T6594] rust_binder: Write failure EINVAL in pid:287 [ 124.960352][ T6603] rust_binder: Error in use_page_slow: ESRCH [ 124.960385][ T6603] rust_binder: use_range failure ESRCH [ 124.970065][ T6603] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 124.982024][ T6603] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 124.987660][ T6601] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 125.010097][ T6603] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:290 [ 125.093624][ T6619] rust_binder: Write failure EINVAL in pid:368 [ 125.272716][ T6631] rust_binder: Error while translating object. [ 125.281214][ T6635] cgroup: fork rejected by pids controller in [ 125.287570][ T6631] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 125.297653][ T6631] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:373 [ 125.307251][ T6635] /syz1 [ 125.327464][ T6637] rust_binder: Write failure EFAULT in pid:474 [ 125.331011][ T6632] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:474 [ 125.391148][ T6641] rust_binder: Read failure Err(EAGAIN) in pid:479 [ 125.645813][ T6648] rust_binder: Error while translating object. [ 125.652561][ T6648] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 125.658888][ T6648] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:295 [ 125.734212][ T31] hid-generic C98F:0003:0000.0004: unknown main item tag 0x0 [ 125.752008][ T31] hid-generic C98F:0003:0000.0004: unknown main item tag 0x0 [ 125.768779][ T31] hid-generic C98F:0003:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 125.812808][ T6658] fido_id[6658]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 125.880258][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.888183][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.895781][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.905079][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.919952][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.928034][ T3209] bridge_slave_1: left allmulticast mode [ 125.934074][ T3209] bridge_slave_1: left promiscuous mode [ 125.939801][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.947371][ T3209] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.954858][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.965143][ T3209] bridge_slave_0: left allmulticast mode [ 125.970905][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 125.981907][ T3209] bridge_slave_0: left promiscuous mode [ 125.987678][ T3209] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.995152][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.006154][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.023973][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.041916][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.053878][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.056185][ T6673] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 126.061381][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.063439][ T6673] rust_binder: Error while translating object. [ 126.067941][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.075735][ T6673] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 126.082411][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.089312][ T6673] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:499 [ 126.098458][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.125195][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.135003][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.142849][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.151142][ T6677] input: syz1 as /devices/virtual/input/input114 [ 126.158185][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.165900][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.178038][ T3209] veth1_macvtap: left promiscuous mode [ 126.183530][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.184067][ T3209] veth0_vlan: left promiscuous mode [ 126.191101][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.211498][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.219014][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.226533][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.234296][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.241765][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.249655][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.257272][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.276465][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.284727][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.292676][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.300095][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.307949][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.315658][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.323185][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.330709][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.338179][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.345760][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.353376][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.354354][ T6671] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.360814][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.360841][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.382991][ T6671] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.390179][ T6671] bridge_slave_0: entered allmulticast mode [ 126.396173][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.398778][ T6671] bridge_slave_0: entered promiscuous mode [ 126.403850][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.411373][ T6671] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.417297][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.424434][ T6671] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.431784][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.439212][ T6671] bridge_slave_1: entered allmulticast mode [ 126.446533][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.455356][ T6671] bridge_slave_1: entered promiscuous mode [ 126.461222][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.475739][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.483516][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.490954][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.498642][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.506544][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.520952][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.527195][ T6689] rust_binder: Write failure EFAULT in pid:508 [ 126.529413][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.549659][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.555505][ T6694] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 126.560134][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.563500][ T6693] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 126.571919][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.588777][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.592341][ T6698] binder: Unknown parameter 's¬ƒAšE…åe׊9Êð¹—9Ô­' [ 126.596426][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.610836][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.619019][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.627145][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.635217][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.650926][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.658637][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.666297][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.674059][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.681575][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.689319][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.705098][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.712751][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.720167][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.727746][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.735928][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.743763][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.747871][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.751184][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.758329][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.760910][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.766526][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.773081][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.780825][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.803001][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.808274][ T6671] veth0_vlan: entered promiscuous mode [ 126.816071][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.826240][ T6671] veth1_macvtap: entered promiscuous mode [ 126.832271][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.839720][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.850086][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.858460][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.866124][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.874658][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.882615][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.890782][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.898359][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.909144][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.916629][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.924098][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.931482][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.939552][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.946993][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.948107][ T36] audit: type=1400 audit(1750363335.120:589): avc: denied { ioctl } for pid=6709 comm="syz.4.2034" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 126.954790][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.986669][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 126.987259][ T36] audit: type=1400 audit(1750363335.150:590): avc: denied { read write } for pid=6671 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 127.001956][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.018865][ T36] audit: type=1400 audit(1750363335.150:591): avc: denied { open } for pid=6671 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 127.049420][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.050868][ T36] audit: type=1400 audit(1750363335.150:592): avc: denied { ioctl } for pid=6671 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 127.071980][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.092374][ T36] audit: type=1400 audit(1750363335.230:593): avc: denied { read write } for pid=6712 comm=2B219D7B3A7BFBC224 name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 127.096241][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.116637][ T36] audit: type=1400 audit(1750363335.230:594): avc: denied { open } for pid=6712 comm=2B219D7B3A7BFBC224 path="/dev/rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 127.148443][ T36] audit: type=1400 audit(1750363335.250:595): avc: denied { read } for pid=6712 comm="" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 127.150603][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.170445][ T36] audit: type=1400 audit(1750363335.250:596): avc: denied { open } for pid=6712 comm="" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 127.222838][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.238546][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.252845][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.268784][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.277665][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.285514][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.293202][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.300801][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.308580][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.316287][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.324159][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.332101][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.339685][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.347403][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.355032][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.370838][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.378840][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.387685][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.395347][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.402943][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.410427][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.418430][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.426073][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.433811][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.443258][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.458846][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.458991][ T6719] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 127.466542][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.480591][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.488138][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.495658][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.508352][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.515075][ T6724] rust_binder: Write failure EINVAL in pid:399 [ 127.515906][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.529944][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.537405][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.544819][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.552302][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.563357][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.570881][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.578392][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.585852][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.593442][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.601989][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.609604][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.618539][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.627244][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.635016][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.643079][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.657137][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.666503][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.674255][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.682767][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.695402][ T6728] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 127.697518][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.711645][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.719826][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.729333][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.736797][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.745031][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.763656][ T6738] binder: Unknown parameter 'tatØ…ùhX¸u©L 3O³–s' [ 127.770312][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.778107][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.785891][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.796136][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.805080][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.812918][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.820363][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.828100][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.835672][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.843209][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.850660][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.858108][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.865628][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.873465][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.881117][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.888647][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.896180][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.903942][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.911390][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.919107][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.926735][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.934690][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.942838][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.950277][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.957729][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.965231][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.972865][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.980359][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.987783][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 127.995773][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.003329][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.010909][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.018582][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.026037][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.033704][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.041145][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.045773][ T6756] rust_binder: Write failure EINVAL in pid:410 [ 128.048639][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.049879][ T6757] rust_binder: Write failure EINVAL in pid:410 [ 128.054880][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.074458][ T6759] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:413 [ 128.075986][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.088896][ T6761] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:415 [ 128.092939][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.093955][ T6762] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:415 [ 128.102405][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.127073][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.134541][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.142051][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.144909][ T6766] random: crng reseeded on system resumption [ 128.149484][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.149514][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.170804][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.178545][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.186042][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.193472][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.200846][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.208409][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.216233][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.223828][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.231413][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.238931][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.246356][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.254002][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.261397][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.268998][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.276564][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.284244][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.291745][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.299300][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.306735][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.314261][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.321701][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.329323][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.336977][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.344561][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.352045][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.359439][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.366942][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.374406][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.382110][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.389513][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.396953][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.404449][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.411987][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.419394][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.426936][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.434960][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.442793][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.450285][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.457810][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.465599][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.473045][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.480431][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.487865][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.495325][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.502784][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.510368][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.517799][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.525218][ T31] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 128.533681][ T31] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz1 [ 128.598602][ T6774] fido_id[6774]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 128.638362][ T6778] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 128.648842][ T6780] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 128.649105][ T6778] rust_binder: Write failure EINVAL in pid:310 [ 128.728341][ T36] kauditd_printk_skb: 25 callbacks suppressed [ 128.728362][ T36] audit: type=1400 audit(1750363336.890:622): avc: denied { read write } for pid=6786 comm="syz.3.2057" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 128.732852][ T6787] input: syz0 as /devices/virtual/input/input116 [ 128.734973][ T36] audit: type=1400 audit(1750363336.900:623): avc: denied { open } for pid=6786 comm="syz.3.2057" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 128.743680][ T6787] input: failed to attach handler leds to device input116, error: -6 [ 128.768249][ T36] audit: type=1400 audit(1750363336.900:624): avc: denied { ioctl } for pid=6786 comm="syz.3.2057" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 128.828593][ T36] audit: type=1400 audit(1750363336.940:625): avc: denied { read } for pid=94 comm="acpid" name="event3" dev="devtmpfs" ino=535 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 128.851230][ T36] audit: type=1400 audit(1750363336.940:626): avc: denied { open } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=535 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 128.880910][ T36] audit: type=1400 audit(1750363336.940:627): avc: denied { ioctl } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=535 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 129.028073][ T6807] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 129.028089][ T36] audit: type=1400 audit(1750363337.190:628): avc: denied { call } for pid=6806 comm="syz.4.2063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 129.028104][ T6807] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:442 [ 129.056846][ T36] audit: type=1400 audit(1750363337.210:629): avc: denied { transfer } for pid=6808 comm="syz.4.2064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 129.111494][ T36] audit: type=1400 audit(1750363337.270:630): avc: denied { append } for pid=6814 comm="syz.0.2067" name="pfkey" dev="proc" ino=4026532637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 129.134985][ T36] audit: type=1400 audit(1750363337.270:631): avc: denied { read write } for pid=6811 comm="syz.3.2066" name="fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 129.144604][ T6818] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 129.161250][ T6818] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:324 [ 129.186389][ T6823] rust_binder: Error while translating object. [ 129.195877][ T6823] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 129.204512][ T6823] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:13 [ 129.289964][ T6829] rust_binder: Read failure Err(EAGAIN) in pid:329 [ 129.330657][ T6831] binder: Bad value for 'stats' [ 129.350225][ T6826] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 129.429171][ T3209] Bluetooth: hci0: Frame reassembly failed (-84) [ 129.443592][ T3209] Bluetooth: hci0: Frame reassembly failed (-84) [ 129.490787][ T6848] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 129.547596][ T6857] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 129.561324][ T6857] rust_binder: Write failure EFAULT in pid:549 [ 129.592647][ T6862] binder: Bad value for 'defcontext' [ 129.606797][ T6862] binder: Bad value for 'defcontext' [ 129.612557][ T6862] binder: Bad value for 'defcontext' [ 129.618234][ T6862] binder: Bad value for 'defcontext' [ 129.625805][ T6862] binder: Bad value for 'defcontext' [ 129.631718][ T6862] binder: Bad value for 'defcontext' [ 129.637862][ T6862] binder: Bad value for 'defcontext' [ 129.644124][ T6862] binder: Bad value for 'defcontext' [ 129.649907][ T6862] binder: Bad value for 'defcontext' [ 129.658362][ T6862] binder: Bad value for 'defcontext' [ 129.666295][ T6862] binder: Bad value for 'defcontext' [ 129.673969][ T6862] binder: Bad value for 'defcontext' [ 129.679989][ T6862] binder: Bad value for 'defcontext' [ 129.688844][ T6862] binder: Bad value for 'defcontext' [ 129.692085][ T6864] SELinux: security_context_str_to_sid () failed with errno=-22 [ 129.694498][ T6862] binder: Bad value for 'defcontext' [ 129.710086][ T6862] binder: Bad value for 'defcontext' [ 129.715730][ T6862] binder: Bad value for 'defcontext' [ 129.721310][ T6862] binder: Bad value for 'defcontext' [ 129.728032][ T6862] binder: Bad value for 'defcontext' [ 129.733768][ T6862] binder: Bad value for 'defcontext' [ 129.739763][ T6862] binder: Bad value for 'defcontext' [ 129.747958][ T6862] binder: Bad value for 'defcontext' [ 129.753826][ T6862] binder: Bad value for 'defcontext' [ 129.759475][ T6862] binder: Bad value for 'defcontext' [ 129.765266][ T6862] binder: Bad value for 'defcontext' [ 129.770896][ T6862] binder: Bad value for 'defcontext' [ 129.776645][ T6862] binder: Bad value for 'defcontext' [ 129.790774][ T6862] binder: Bad value for 'defcontext' [ 129.796829][ T6862] binder: Bad value for 'defcontext' [ 129.804155][ T6862] binder: Bad value for 'defcontext' [ 129.809800][ T6862] binder: Bad value for 'defcontext' [ 129.815544][ T6862] binder: Bad value for 'defcontext' [ 129.821098][ T6862] binder: Bad value for 'defcontext' [ 129.858607][ T6866] random: crng reseeded on system resumption [ 130.059515][ T6885] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:36 [ 130.070418][ T6887] binder: Unknown parameter 'nXI' [ 130.094225][ T6889] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:453 [ 130.094510][ T6889] rust_binder: Write failure EINVAL in pid:453 [ 130.631955][ T6908] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 130.640165][ T6908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:560 [ 130.648498][ T6908] rust_binder: Error while translating object. [ 130.657951][ T6908] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 130.664511][ T6908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:560 [ 131.322340][ T6926] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 131.334599][ T6926] rust_binder: Read failure Err(EFAULT) in pid:563 [ 131.481897][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 131.486754][ T873] Bluetooth: hci0: command 0x1003 tx timeout [ 131.541604][ T6937] binder: Bad value for 'stats' [ 132.229026][ T6976] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 132.229053][ T6976] rust_binder: Error while translating object. [ 132.246670][ T6976] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 132.254298][ T6976] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:576 [ 132.370305][ T6982] rust_binder: Write failure EFAULT in pid:52 [ 132.372585][ T6983] rust_binder: Write failure EINVAL in pid:353 [ 132.394114][ T6983] rust_binder: Error while translating object. [ 132.400540][ T6983] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 132.425398][ T6983] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:353 [ 132.530152][ T6987] binder: Unknown parameter '' [ 132.682683][ T6996] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 132.682706][ T6996] rust_binder: Read failure Err(EFAULT) in pid:503 [ 132.715294][ T6996] rust_binder: Write failure EINVAL in pid:503 [ 132.738270][ T6996] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 132.752088][ T6996] rust_binder: Read failure Err(EFAULT) in pid:503 [ 132.829140][ T7011] input: syz1 as /devices/virtual/input/input122 [ 132.955238][ T7011] binder: Unknown parameter 'context' [ 132.976998][ T7018] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:63 [ 133.017011][ T7022] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 133.149628][ T7030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 133.182294][ T7030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 133.230620][ T7030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 133.242454][ T7030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 133.252764][ T7030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 133.456298][ T7054] __vm_enough_memory: pid: 7054, comm: syz.0.2140, bytes: 281474976845824 not enough memory for the allocation [ 133.533035][ T7055] Restarting kernel threads ... done. [ 133.740357][ T36] kauditd_printk_skb: 787 callbacks suppressed [ 133.740377][ T36] audit: type=1400 audit(1750363341.900:1419): avc: denied { read append } for pid=7073 comm="syz.4.2143" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 133.795358][ T36] audit: type=1400 audit(1750363341.900:1420): avc: denied { read append open } for pid=7073 comm="syz.4.2143" path="/dev/rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 133.811203][ T7075] binder: Unknown parameter 'non' [ 133.830335][ T36] audit: type=1400 audit(1750363341.920:1421): avc: denied { read } for pid=7073 comm="syz.4.2143" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 133.881398][ T36] audit: type=1400 audit(1750363341.920:1422): avc: denied { read open } for pid=7073 comm="syz.4.2143" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 133.927435][ T36] audit: type=1400 audit(1750363341.920:1423): avc: denied { ioctl } for pid=7073 comm="syz.4.2143" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 133.955950][ T36] audit: type=1400 audit(1750363341.920:1424): avc: denied { read write } for pid=7073 comm="syz.4.2143" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 133.992140][ T36] audit: type=1400 audit(1750363341.920:1425): avc: denied { read write open } for pid=7073 comm="syz.4.2143" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 134.035919][ T36] audit: type=1400 audit(1750363341.940:1426): avc: denied { write } for pid=7073 comm="syz.4.2143" name="pfkey" dev="proc" ino=4026532464 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 134.062753][ T7080] random: crng reseeded on system resumption [ 134.091468][ T36] audit: type=1400 audit(1750363341.940:1427): avc: denied { write } for pid=7073 comm="syz.4.2143" name="pfkey" dev="proc" ino=4026532464 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 134.184705][ T36] audit: type=1400 audit(1750363341.940:1428): avc: denied { read write } for pid=7073 comm="syz.4.2143" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 134.340820][ T7098] rust_binder: Write failure EFAULT in pid:618 [ 134.341638][ T7096] rust_binder: Write failure EFAULT in pid:618 [ 134.359068][ T7096] binder: Unknown parameter 'subj_type' [ 134.373505][ T7097] rust_binder: Error while translating object. [ 134.373560][ T7097] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 134.388001][ T7097] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:382 [ 134.513161][ T7100] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 134.544089][ T7100] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:72 [ 135.582434][ T7141] __vm_enough_memory: pid: 7141, comm: syz.1.2162, bytes: 281474976845824 not enough memory for the allocation [ 135.772052][ T7153] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:395 [ 135.834342][ T7157] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 135.852561][ T7157] rust_binder: Error while translating object. [ 135.876967][ T7157] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 135.884484][ T7157] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:397 [ 135.935893][ T7160] binder: Binderfs stats mode cannot be changed during a remount [ 136.253530][ T7168] rust_binder: Error while translating object. [ 136.253560][ T7168] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 136.259786][ T7168] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:404 [ 136.516830][ T7180] SELinux: ebitmap: truncated map [ 136.560789][ T7180] SELinux: failed to load policy [ 136.591083][ T7180] binder: Unknown parameter 'dont_hash' [ 136.613013][ T7185] rust_binder: Got transaction with invalid offset. [ 136.613061][ T7185] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 136.620152][ T7190] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 152, size: 254) [ 136.631348][ T7185] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:629 [ 136.641976][ T7190] rust_binder: Error while translating object. [ 136.658886][ T7190] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 136.672414][ T7190] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:408 [ 136.781575][ T7193] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3487165387 (223178584768 ns) > initial count (124211748800 ns). Using initial count to start timer. [ 137.063454][ T7207] rust_binder: Error while translating object. [ 137.063485][ T7207] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 137.080379][ T7207] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:417 [ 137.211403][ T7209] binder: Bad value for 'defcontext' [ 137.310850][ T7212] binder: Bad value for 'max' [ 137.329343][ T7213] input: syz1 as /devices/virtual/input/input124 [ 137.499028][ T7219] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 137.510621][ T7219] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 137.958813][ T7236] input: syz1 as /devices/virtual/input/input125 [ 137.963691][ T7237] random: crng reseeded on system resumption [ 138.222804][ T7237] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 138.222837][ T7237] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:426 [ 138.687659][ T7258] binder: Bad value for 'defcontext' [ 138.765420][ T36] kauditd_printk_skb: 870 callbacks suppressed [ 138.765439][ T36] audit: type=1400 audit(1750363346.930:2299): avc: denied { read } for pid=7262 comm="syz.1.2202" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 138.806460][ T7263] binder: Unknown parameter 'sel' [ 138.811591][ T36] audit: type=1400 audit(1750363346.960:2300): avc: denied { read open } for pid=7262 comm="syz.1.2202" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 138.848855][ T36] audit: type=1400 audit(1750363346.960:2301): avc: denied { ioctl } for pid=7262 comm="syz.1.2202" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 138.877801][ T36] audit: type=1400 audit(1750363346.970:2302): avc: denied { mounton } for pid=7262 comm="syz.1.2202" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 138.920587][ T36] audit: type=1400 audit(1750363347.030:2303): avc: denied { read write } for pid=4851 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 138.969422][ T7265] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 138.981934][ T36] audit: type=1400 audit(1750363347.030:2304): avc: denied { read write open } for pid=4851 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 139.051910][ T36] audit: type=1400 audit(1750363347.030:2305): avc: denied { ioctl } for pid=4851 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 139.066427][ T7265] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 139.121578][ T36] audit: type=1400 audit(1750363347.070:2306): avc: denied { read } for pid=7264 comm="syz.3.2203" name="binder0" dev="binder" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 139.158770][ T7265] binder: Bad value for 'stats' [ 139.191935][ T36] audit: type=1400 audit(1750363347.070:2307): avc: denied { read open } for pid=7264 comm="syz.3.2203" path="/dev/binderfs/binder0" dev="binder" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 139.221499][ T36] audit: type=1400 audit(1750363347.070:2308): avc: denied { ioctl } for pid=7264 comm="syz.3.2203" path="/dev/binderfs/binder0" dev="binder" ino=51 ioctlcmd=0x620c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 139.369442][ T7278] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 139.369471][ T7278] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 139.410318][ T7278] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:133 [ 139.472648][ T7283] rust_binder: Error while translating object. [ 139.503646][ T7283] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 139.509981][ T7283] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:653 [ 139.554609][ T7288] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 140.044353][ T7316] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 140.045321][ T7316] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 140.150928][ T7321] rust_binder: Error while translating object. [ 140.171976][ T7321] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 140.190645][ T7318] rust_binder: Write failure EINVAL in pid:667 [ 140.211962][ T7321] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:574 [ 140.332663][ T7327] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:576 [ 140.579257][ T7337] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 140.679346][ T7341] rust_binder: Error while translating object. [ 140.686342][ T7341] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 140.694132][ T7341] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:580 [ 140.797075][ T7346] rust_binder: Error while translating object. [ 140.822809][ T7346] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 140.830092][ T7346] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:582 [ 140.846741][ T7345] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:582 [ 140.873106][ T7351] SELinux: security_context_str_to_sid () failed with errno=-22 [ 140.873134][ T308] hid-generic 0006:04E8:0007.0006: item fetching failed at offset 1/201 [ 140.921538][ T308] hid-generic 0006:04E8:0007.0006: probe with driver hid-generic failed with error -22 [ 140.968828][ T7353] rust_binder: Write failure EINVAL in pid:443 [ 141.243095][ T7362] binder: Unknown parameter '' [ 141.243431][ T7364] kvm: user requested TSC rate below hardware speed [ 141.282815][ T7368] rust_binder: Write failure EFAULT in pid:149 [ 141.431216][ T7378] rust_binder: Write failure EINVAL in pid:682 [ 141.572926][ T7383] rust_binder: Write failure EINVAL in pid:454 [ 141.606231][ T7390] binder: Unknown parameter 'defcontext01777777777777777777777' [ 141.720024][ T7395] SELinux: policydb magic number 0x207cff8c does not match expected magic number 0xf97cff8c [ 141.737488][ T7395] SELinux: failed to load policy [ 141.747104][ T7394] rust_binder: Write failure EFAULT in pid:158 [ 141.748928][ T7395] rust_binder: Read failure Err(EAGAIN) in pid:457 [ 142.291144][ T7425] binder: Unknown parameter 'statw' [ 142.667737][ T7438] rust_binder: inc_ref_done called when no active inc_refs [ 142.796526][ T7444] rust_binder: Write failure EINVAL in pid:176 [ 142.907141][ T304] bridge_slave_1: left allmulticast mode [ 142.919481][ T304] bridge_slave_1: left promiscuous mode [ 142.950693][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.983465][ T304] bridge_slave_0: left allmulticast mode [ 142.989428][ T304] bridge_slave_0: left promiscuous mode [ 143.012645][ T7452] rust_binder: Write failure EINVAL in pid:178 [ 143.016035][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.016541][ T7454] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 143.294568][ T7459] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.331896][ T7459] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.351934][ T7459] bridge_slave_0: entered allmulticast mode [ 143.358556][ T7459] bridge_slave_0: entered promiscuous mode [ 143.385953][ T304] veth1_macvtap: left promiscuous mode [ 143.391734][ T304] veth0_vlan: left promiscuous mode [ 143.517739][ T7459] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.541936][ T7459] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.549150][ T7459] bridge_slave_1: entered allmulticast mode [ 143.572482][ T7459] bridge_slave_1: entered promiscuous mode [ 143.632949][ T7477] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 143.650899][ T7477] rust_binder: Error while translating object. [ 143.657991][ T7477] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 143.673275][ T7477] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:192 [ 143.783055][ T36] kauditd_printk_skb: 900 callbacks suppressed [ 143.783077][ T36] audit: type=1400 audit(1750363351.950:3209): avc: denied { read } for pid=7479 comm="syz.0.2269" name="binder1" dev="binder" ino=35 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 143.884349][ T7459] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.891554][ T7459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.898903][ T7459] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.905969][ T7459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.922483][ T36] audit: type=1400 audit(1750363351.950:3210): avc: denied { read open } for pid=7479 comm="syz.0.2269" path="/dev/binderfs/binder1" dev="binder" ino=35 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 143.979893][ T3209] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.988004][ T36] audit: type=1400 audit(1750363351.950:3211): avc: denied { read } for pid=7479 comm="syz.0.2269" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 143.991335][ T7489] binder: Bad value for 'stats' [ 144.011575][ T3209] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.061641][ T36] audit: type=1400 audit(1750363351.950:3212): avc: denied { read open } for pid=7479 comm="syz.0.2269" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 144.120616][ T7489] audit: audit_backlog=65 > audit_backlog_limit=64 [ 144.127634][ T7491] audit: audit_backlog=65 > audit_backlog_limit=64 [ 144.133438][ T36] audit: type=1400 audit(1750363351.960:3213): avc: denied { ioctl } for pid=7479 comm="syz.0.2269" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 144.148314][ T7491] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 144.171526][ T7489] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 144.175531][ T7459] audit: audit_backlog=65 > audit_backlog_limit=64 [ 144.200231][ T7491] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:606 [ 144.213681][ T3209] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.230023][ T3209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.248842][ T7495] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:489 [ 144.258027][ T7495] rust_binder: Read failure Err(EFAULT) in pid:489 [ 144.281302][ T3209] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.295172][ T3209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.304102][ T7495] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.445886][ T7502] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 144.494102][ T7459] veth0_vlan: entered promiscuous mode [ 144.548737][ T7512] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 144.603665][ T7459] veth1_macvtap: entered promiscuous mode [ 144.845345][ T7524] random: crng reseeded on system resumption [ 145.063781][ T7534] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 145.126704][ T7537] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:502 [ 145.266214][ T7541] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 145.279528][ T7541] rust_binder: Error while translating object. [ 145.286273][ T7541] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 145.292747][ T7541] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:218 [ 145.452424][ T7551] binder: Unknown parameter '00000000000000000000003' [ 145.663896][ T7561] binder: Unknown parameter '0xffffffffffffffff' [ 145.927381][ T7577] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:226 [ 145.982316][ T7581] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:632 [ 146.054116][ T7586] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 146.066998][ T7588] random: crng reseeded on system resumption [ 146.083565][ T7589] rust_binder: Write failure EINVAL in pid:507 [ 146.083788][ T7589] rust_binder: Write failure EINVAL in pid:507 [ 146.090382][ T7589] rust_binder: Write failure EINVAL in pid:507 [ 146.176944][ T7588] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:635 [ 146.237561][ T7600] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 146.264295][ T7600] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 146.285241][ T7600] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 146.312143][ T7600] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:517 [ 146.915719][ T7621] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 146.928452][ T7621] rust_binder: Error while translating object. [ 146.950296][ T7621] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 146.963087][ T7621] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:230 [ 146.973646][ T7634] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 147.142531][ T7644] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 147.151173][ T7644] rust_binder: Error while translating object. [ 147.164366][ T7644] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 147.178229][ T7644] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:535 [ 147.194734][ T7645] SELinux: failed to load policy [ 147.489011][ T7655] rust_binder: Write failure EINVAL in pid:235 [ 147.599051][ T7664] binder: Bad value for 'max' [ 147.632854][ T7664] binder: Bad value for 'max' [ 147.634521][ T7649] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 147.651661][ T7649] rust_binder: Error while translating object. [ 147.700625][ T7649] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 147.702521][ T7670] rust_binder: Write failure EINVAL in pid:239 [ 147.721628][ T7649] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:537 [ 147.769259][ T7666] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 147.792254][ T7670] rust_binder: Write failure EINVAL in pid:239 [ 147.792562][ T7670] rust_binder: Write failure EINVAL in pid:239 [ 147.831915][ T7666] rust_binder: Write failure EINVAL in pid:654 [ 148.358941][ T7694] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 148.469520][ T7696] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 148.510961][ T7699] rust_binder: Error while translating object. [ 148.511007][ T7699] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 148.539244][ T7699] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:45 [ 148.559727][ T7699] rust_binder: Write failure EFAULT in pid:45 [ 148.820949][ T36] kauditd_printk_skb: 971 callbacks suppressed [ 148.820971][ T36] audit: type=1400 audit(1750363356.980:4169): avc: denied { ioctl } for pid=7703 comm="syz.1.2336" path="/dev/ppp" dev="devtmpfs" ino=86 ioctlcmd=0x7440 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 148.893152][ T36] audit: type=1400 audit(1750363357.030:4170): avc: denied { read } for pid=7703 comm="syz.1.2336" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 148.919744][ T7704] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 148.931420][ T36] audit: type=1400 audit(1750363357.030:4171): avc: denied { read open } for pid=7703 comm="syz.1.2336" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 148.971895][ T36] audit: type=1400 audit(1750363357.030:4172): avc: denied { ioctl } for pid=7703 comm="syz.1.2336" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 149.011637][ T36] audit: type=1400 audit(1750363357.060:4173): avc: denied { read write } for pid=5379 comm="syz-executor" name="loop0" dev="devtmpfs" ino=478 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 149.044358][ T7709] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:548 [ 149.050730][ T7708] audit: audit_backlog=65 > audit_backlog_limit=64 [ 149.050762][ T7709] audit: audit_backlog=65 > audit_backlog_limit=64 [ 149.062007][ T36] audit: type=1400 audit(1750363357.060:4174): avc: denied { read write open } for pid=5379 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=478 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 149.111971][ T7708] audit: audit_lost=8 audit_rate_limit=0 audit_backlog_limit=64 [ 149.115893][ T7711] audit: audit_backlog=65 > audit_backlog_limit=64 [ 149.550873][ T7732] rust_binder: Error while translating object. [ 149.550918][ T7732] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 149.567364][ T7732] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:57 [ 149.809838][ T7744] input: syz0 as /devices/virtual/input/input129 [ 149.858132][ T7751] binder: Unknown parameter '00000000000000000003' [ 149.884960][ T7757] binder: Unknown parameter '00000000000000000003' [ 150.033224][ T7744] rust_binder: Write failure EFAULT in pid:668 [ 150.122813][ T7774] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:266 [ 150.153601][ T7773] rust_binder: Write failure EFAULT in pid:566 [ 150.314427][ T7783] binder: Bad value for 'stats' [ 150.585355][ T7799] rust_binder: Failed to allocate buffer. len:4208, is_oneway:true [ 150.590248][ T7800] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.837046][ T7806] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 150.843794][ T7806] rust_binder: Error while translating object. [ 150.854381][ T7806] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 150.860568][ T7806] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:681 [ 151.024097][ T7814] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 151.094512][ T7819] rust_binder: Write failure EFAULT in pid:274 [ 151.201569][ T45] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 151.222760][ T7824] input: syz1 as /devices/virtual/input/input131 [ 151.224606][ T7822] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 151.229222][ T45] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 151.232099][ T7822] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 151.238754][ T45] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 151.245971][ T7822] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 151.253062][ T7824] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 151.277113][ T7824] rust_binder: Write failure EINVAL in pid:277 [ 151.277122][ T45] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 151.277151][ T45] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 151.300060][ T45] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 151.451498][ T7826] fido_id[7826]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 151.460188][ T7831] Bluetooth: hci0: Frame reassembly failed (-84) [ 151.472014][ T304] Bluetooth: hci0: Frame reassembly failed (-90) [ 151.862385][ T7851] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 151.866590][ T7851] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 151.873217][ T7851] rust_binder: Error while translating object. [ 151.885015][ T7851] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 151.886832][ T7849] rust_binder: Error while translating object. [ 151.891406][ T7851] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:696 [ 151.901227][ T7849] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 151.919422][ T7849] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:93 [ 152.148793][ T7860] binder: Binderfs stats mode cannot be changed during a remount [ 152.387972][ T7865] binder: Bad value for 'stats' [ 152.633117][ T7873] rust_binder: Error while translating object. [ 152.633160][ T7873] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 152.654101][ T7874] rust_binder: Error while translating object. [ 152.671923][ T7873] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:581 [ 152.672392][ T7871] kvm: vcpu 5: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 152.706659][ T7874] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 152.706692][ T7874] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:581 [ 152.772314][ T7875] rust_binder: got new transaction with bad transaction stack [ 152.791434][ T7875] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:103 [ 152.851259][ T7885] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:591 [ 152.913348][ T7886] rust_binder: Write failure EINVAL in pid:591 [ 153.481900][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 153.481926][ T873] Bluetooth: hci0: command 0x1003 tx timeout [ 153.822744][ T36] kauditd_printk_skb: 2554 callbacks suppressed [ 153.822763][ T36] audit: type=1400 audit(1750363361.990:6700): avc: denied { setattr } for pid=5061 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 153.843782][ T7898] rust_binder: Write failure EFAULT in pid:109 [ 153.862358][ T36] audit: type=1400 audit(1750363361.990:6701): avc: denied { setattr } for pid=5061 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 153.924580][ T5061] audit: audit_backlog=65 > audit_backlog_limit=64 [ 153.931234][ T5061] audit: audit_lost=19 audit_rate_limit=0 audit_backlog_limit=64 [ 153.933343][ T7900] audit: audit_backlog=65 > audit_backlog_limit=64 [ 153.940300][ T5061] audit: backlog limit exceeded [ 153.955730][ T5061] audit: audit_backlog=65 > audit_backlog_limit=64 [ 153.962829][ T7900] audit: audit_lost=20 audit_rate_limit=0 audit_backlog_limit=64 [ 153.971751][ T7900] audit: backlog limit exceeded [ 153.971997][ T5061] audit: audit_lost=21 audit_rate_limit=0 audit_backlog_limit=64 [ 153.988084][ T7900] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 154.054953][ T7902] SELinux: security_context_str_to_sid () failed with errno=-22 [ 154.077870][ T7903] SELinux: security_context_str_to_sid () failed with errno=-22 [ 154.202557][ T7905] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:290 [ 154.202598][ T7905] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.222152][ T7905] rust_binder: Read failure Err(EFAULT) in pid:290 [ 154.246003][ T7909] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:290 [ 154.282445][ T7907] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:111 [ 154.406376][ T7911] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 136, size: 89) [ 154.415858][ T7911] rust_binder: Error while translating object. [ 154.429168][ T7911] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 154.436151][ T7911] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:600 [ 154.686851][ T7920] binder: Unknown parameter '/dev/ppp' [ 154.788481][ T7914] rust_binder: Read failure Err(EFAULT) in pid:602 [ 154.884022][ T7926] rust_binder: Error in use_page_slow: ESRCH [ 154.884045][ T7926] rust_binder: use_range failure ESRCH [ 154.890186][ T7926] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 154.896691][ T7926] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 154.906796][ T7926] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:122 [ 154.935397][ T7927] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 155.506854][ T7948] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 155.509130][ T7948] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:131 [ 155.523471][ T7959] rust_binder: Write failure EINVAL in pid:299 [ 155.813065][ T7968] binder: Unknown parameter '0x0000000000000009' [ 155.963842][ T7971] rust_binder: Write failure EINVAL in pid:303 [ 156.062839][ T7976] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 156.069480][ T7976] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 156.101917][ T7976] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:305 [ 156.225761][ T7980] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 156.348061][ T7987] binder: Unknown parameter 'dontš^&4(h' [ 156.384011][ T7989] rust_binder: Write failure EFAULT in pid:629 [ 156.391416][ T7989] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 156.398959][ T7990] SELinux: security_context_str_to_sid (system_uÝGй ‰:ÿß) failed with errno=-22 [ 156.407999][ T7989] rust_binder: Error while translating object. [ 156.427313][ T7989] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 156.444804][ T7989] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:629 [ 156.583172][ T7996] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:631 [ 156.624747][ T7995] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 157.043648][ T8008] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 157.049185][ T8008] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 255) [ 157.068503][ T8008] rust_binder: Error while translating object. [ 157.092589][ T8008] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 157.106488][ T8008] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:312 [ 157.333401][ T8013] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 157.410111][ T8016] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:315 [ 157.875063][ T8026] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 158.339393][ T8034] rust_binder: Write failure EFAULT in pid:320 [ 158.394510][ T8036] rust_binder: Write failure EINVAL in pid:155 [ 158.712640][ T8050] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 158.809313][ T8054] kvm: kvm [8049]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x8c283de03 [ 158.832971][ T36] kauditd_printk_skb: 3765 callbacks suppressed [ 158.832989][ T36] audit: type=1400 audit(1750363367.000:10466): avc: denied { setattr } for pid=5061 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 158.891788][ T5061] audit: audit_backlog=65 > audit_backlog_limit=64 [ 158.898706][ T36] audit: type=1400 audit(1750363367.000:10467): avc: denied { setattr } for pid=5061 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 158.919812][ T5061] audit: audit_lost=22 audit_rate_limit=0 audit_backlog_limit=64 [ 158.923549][ T36] audit: type=1400 audit(1750363367.000:10468): avc: denied { setattr } for pid=5061 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 158.932346][ T5061] audit: backlog limit exceeded [ 158.959992][ T5379] audit: audit_backlog=65 > audit_backlog_limit=64 [ 158.960604][ T5061] audit: audit_backlog=65 > audit_backlog_limit=64 [ 158.968914][ T5379] audit: audit_lost=23 audit_rate_limit=0 audit_backlog_limit=64 [ 158.973233][ T5061] audit: audit_lost=24 audit_rate_limit=0 audit_backlog_limit=64 [ 159.032342][ T8056] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:657 [ 159.085436][ T8060] rust_binder: Write failure EINVAL in pid:657 [ 159.853706][ T8074] input: syz0 as /devices/virtual/input/input133 [ 159.893186][ T8074] binder: Unknown parameter 'sta' [ 160.069099][ T8078] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 160.225813][ T8082] SELinux: failed to load policy [ 160.248612][ T8081] binder: Unknown parameter 'sUats' [ 160.307032][ T8085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:663 [ 160.593332][ T8098] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 161.206705][ T8113] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 161.207139][ T8113] rust_binder: Write failure EINVAL in pid:191 [ 161.407335][ T8126] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.427051][ T8126] rust_binder: Read failure Err(EFAULT) in pid:682 [ 161.506499][ T8130] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 161.556195][ T8130] rust_binder: Error while translating object. [ 161.573944][ T8130] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 161.580411][ T8130] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:340 [ 161.598084][ T8134] binder: Unknown parameter 'dojt_' [ 161.743975][ T8142] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 161.766630][ T8142] rust_binder: Write failure EINVAL in pid:342 [ 162.019646][ T8155] rust_binder: Write failure EFAULT in pid:346 [ 162.179416][ T8157] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 162.292615][ T8150] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 162.325737][ T8150] rust_binder: Error while translating object. [ 162.361312][ T8150] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 162.378774][ T8150] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:694 [ 162.614032][ T8175] kvm: kvm [8174]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xaf [ 162.867182][ T8179] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 163.017824][ T8181] rust_binder: Write failure EINVAL in pid:699 [ 163.017837][ T8182] rust_binder: Write failure EINVAL in pid:699 [ 163.232952][ T8186] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 163.271072][ T8186] rust_binder: Write failure EINVAL in pid:221 [ 163.590727][ T8203] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 163.621409][ T8203] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 163.842595][ T36] kauditd_printk_skb: 3561 callbacks suppressed [ 163.842617][ T36] audit: type=1400 audit(1750363372.010:14007): avc: denied { read } for pid=8214 comm="syz.0.2503" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 163.925244][ T36] audit: type=1400 audit(1750363372.010:14008): avc: denied { read open } for pid=8214 comm="syz.0.2503" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 163.939145][ T5061] audit: audit_backlog=65 > audit_backlog_limit=64 [ 163.956890][ T8215] audit: audit_backlog=65 > audit_backlog_limit=64 [ 163.965974][ T8215] audit: audit_lost=32 audit_rate_limit=0 audit_backlog_limit=64 [ 163.991925][ T8215] audit: backlog limit exceeded [ 163.992928][ T36] audit: type=1400 audit(1750363372.010:14009): avc: denied { setattr } for pid=5061 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 163.998055][ T8220] audit: audit_backlog=65 > audit_backlog_limit=64 [ 164.021273][ T7459] audit: audit_backlog=65 > audit_backlog_limit=64 [ 164.028847][ T5061] audit: audit_lost=33 audit_rate_limit=0 audit_backlog_limit=64 [ 164.172936][ T8220] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 164.508571][ T8234] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 164.642872][ T8234] random: crng reseeded on system resumption [ 165.099919][ T8246] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:721 [ 165.343833][ T8260] binder: Bad value for 'stats' [ 165.466134][ T8265] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.472973][ T8265] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 165.491928][ T8265] rust_binder: Error while translating object. [ 165.510442][ T8265] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 165.525143][ T8265] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:380 [ 165.601931][ T8267] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.674897][ T8267] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 165.733886][ T8271] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:382 [ 166.214035][ T8285] rust_binder: Error while translating object. [ 166.244387][ T8285] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 166.250621][ T8285] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:727 [ 166.463541][ T8295] rust_binder: Write failure EFAULT in pid:390 [ 166.540958][ T8298] rust_binder: Write failure EFAULT in pid:730 [ 167.045894][ T8305] binder: Unknown parameter 'nXI' [ 167.223134][ T8311] rust_binder: Error while translating object. [ 167.223164][ T8311] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 167.229524][ T8311] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:271 [ 167.545970][ T8327] binder: Binderfs stats mode cannot be changed during a remount [ 168.073008][ T8338] binder: Unknown parameter 'processor : 0 [ 168.073008][ T8338] vendor_id : GenuineIntel [ 168.073008][ T8338] cpu family : 6 [ 168.073008][ T8338] model : 79 [ 168.073008][ T8338] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 168.073008][ T8338] stepping : 0 [ 168.073008][ T8338] microcode : 0xffffffff [ 168.073008][ T8338] cpu MHz : 2199.998 [ 168.073008][ T8338] cache size : 56320 KB [ 168.073008][ T8338] physical id : 0 [ 168.073008][ T8338] siblings : 2 [ 168.073008][ T8338] core id : 0 [ 168.073008][ T8338] cpu cores : 1 [ 168.073008][ T8338] apicid : 0 [ 168.073008][ T8338] initial apicid : 0 [ 168.073008][ T8338] fpu : yes [ 168.073008][ T8338] fpu_exception : yes [ 168.073008][ T8338] cpuid level : 13 [ 168.073008][ T8338] wp : yes [ 168.073008][ T8338] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht sy/dev/kvm' [ 168.176576][ T3209] bridge_slave_1: left allmulticast mode [ 168.183392][ T3209] bridge_slave_1: left promiscuous mode [ 168.199847][ T3209] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.210240][ T8345] input: syz0 as /devices/virtual/input/input136 [ 168.225984][ T3209] bridge_slave_0: left allmulticast mode [ 168.241890][ T3209] bridge_slave_0: left promiscuous mode [ 168.247630][ T3209] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.413448][ T8348] binder: Bad value for 'max' [ 168.451939][ T8355] input: syz1 as /devices/virtual/input/input137 [ 168.476007][ T8355] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:293 [ 168.581637][ T3209] veth1_macvtap: left promiscuous mode [ 168.617483][ T3209] veth0_vlan: left promiscuous mode [ 168.661813][ T8365] rust_binder: Error while translating object. [ 168.661911][ T8365] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 168.668130][ T8365] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:295 [ 168.721770][ T8337] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.770888][ T8337] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.778198][ T8337] bridge_slave_0: entered allmulticast mode [ 168.788722][ T8337] bridge_slave_0: entered promiscuous mode [ 168.797363][ T8337] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.821904][ T8337] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.832025][ T8337] bridge_slave_1: entered allmulticast mode [ 168.849942][ T8337] bridge_slave_1: entered promiscuous mode [ 168.858413][ T36] kauditd_printk_skb: 2535 callbacks suppressed [ 168.858445][ T36] audit: type=1400 audit(1750363377.030:16540): avc: denied { read write } for pid=7459 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 168.900486][ T36] audit: type=1400 audit(1750363377.030:16541): avc: denied { read write open } for pid=7459 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 168.935325][ T8371] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 168.944643][ T8369] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:409 [ 168.944685][ T8369] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 168.951898][ T36] audit: type=1400 audit(1750363377.030:16542): avc: denied { ioctl } for pid=7459 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 169.015305][ T36] audit: type=1400 audit(1750363377.060:16543): avc: denied { read write } for pid=8370 comm="syz.3.2552" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 169.023373][ T8369] rust_binder: Read failure Err(EFAULT) in pid:409 [ 169.064216][ T36] audit: type=1400 audit(1750363377.060:16544): avc: denied { read open } for pid=8370 comm="syz.3.2552" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 169.121915][ T36] audit: type=1400 audit(1750363377.060:16545): avc: denied { read } for pid=8368 comm="syz.1.2551" name="binder1" dev="binder" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 169.178406][ T36] audit: type=1400 audit(1750363377.060:16546): avc: denied { read open } for pid=8368 comm="syz.1.2551" path="/dev/binderfs/binder1" dev="binder" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 169.212284][ T8378] rust_kernel: panicked at /syzkaller/managers/ci2-android-6-12-rust/kernel/rust/kernel/page_size_compat.rs:60:5: [ 169.212284][ T8378] attempt to add with overflow [ 169.218837][ T36] audit: type=1400 audit(1750363377.060:16547): avc: denied { read } for pid=8370 comm="syz.3.2552" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 169.271979][ T8378] ------------[ cut here ]------------ [ 169.277496][ T8378] kernel BUG at rust/helpers/bug.c:7! SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 169.301896][ T36] audit: type=1400 audit(1750363377.060:16548): avc: denied { read open } for pid=8370 comm="syz.3.2552" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 169.314940][ T8378] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 169.332426][ T8378] CPU: 1 UID: 0 PID: 8378 Comm: syz.0.2554 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 169.345996][ T8378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.356173][ T8378] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 169.361522][ T8378] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 40 ae e8 92 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 0a 6a a1 1e 90 90 90 90 90 90 90 90 90 [ 169.365001][ T8380] audit: audit_backlog=65 > audit_backlog_limit=64 [ 169.381253][ T8378] RSP: 0018:ffffc9000cb5f3f0 EFLAGS: 00010246 [ 169.381292][ T8378] RAX: 000000000000008c RBX: 1ffff9200196be80 RCX: 45d7a1c57b44ec00 [ 169.381308][ T8378] RDX: ffffc90001611000 RSI: 0000000000006426 RDI: 0000000000006427 [ 169.381323][ T8378] RBP: ffffc9000cb5f3f0 R08: ffffc9000cb5f0e7 R09: 1ffff9200196be1c [ 169.381339][ T8378] R10: dffffc0000000000 R11: fffff5200196be1d R12: 0000000000000000 [ 169.381353][ T8378] R13: dffffc0000000000 R14: ffffc9000cb5f420 R15: ffffc9000cb5f450 [ 169.381368][ T8378] FS: 00007fcb2a09a6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 169.381386][ T8378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.381400][ T8378] CR2: 0000001b2c71fffc CR3: 000000011d9f2000 CR4: 00000000003526b0 [ 169.381420][ T8378] DR0: fffffffffffffff8 DR1: 0000000000000006 DR2: 0200000000000000 [ 169.381434][ T8378] DR3: 0000000000000005 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.381447][ T8378] Call Trace: [ 169.381454][ T8378] [ 169.381462][ T8378] _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160 [ 169.381498][ T8378] ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10 [ 169.381524][ T8378] ? kernel_text_address+0xa9/0xe0 [ 169.502213][ T8378] ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10 [ 169.515785][ T8378] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 169.521945][ T8378] ? arch_stack_walk+0x10b/0x170 [ 169.526890][ T8378] _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90 [ 169.534179][ T8378] ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10 [ 169.542082][ T8378] _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0xb2/0xc0 [ 169.551974][ T8378] ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0x10/0x10 [ 169.562734][ T8378] _RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0xe44/0xfb0 [ 169.575091][ T8378] ? mas_wr_store_type+0x8eb/0x1ad0 [ 169.580290][ T8378] ? __cfi__RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0x10/0x10 [ 169.593240][ T8378] ? mas_preallocate+0x56e/0xc60 [ 169.598455][ T8378] ? __cfi_mas_preallocate+0x10/0x10 [ 169.603917][ T8378] ? kasan_save_alloc_info+0x40/0x50 [ 169.609294][ T8378] ? __asan_memset+0x39/0x50 [ 169.613921][ T8378] mmap_region+0x1371/0x1bd0 [ 169.618541][ T8378] ? __cfi_mmap_region+0x10/0x10 [ 169.623688][ T8378] ? __kasan_check_read+0x15/0x20 [ 169.628810][ T8378] ? arch_get_unmapped_area_topdown+0x232/0x8d0 [ 169.636017][ T8378] ? file_mmap_ok+0x147/0x1a0 [ 169.640780][ T8378] do_mmap+0xb6d/0x13c0 [ 169.644939][ T8378] ? __cfi_do_mmap+0x10/0x10 [ 169.649530][ T8378] ? down_write_killable+0xe9/0x2d0 [ 169.654903][ T8378] ? __cfi_down_write_killable+0x10/0x10 [ 169.660536][ T8378] vm_mmap_pgoff+0x38f/0x4e0 [ 169.665161][ T8378] ? __cfi_vm_mmap_pgoff+0x10/0x10 [ 169.670282][ T8378] ? __fget_files+0x2c5/0x340 [ 169.675138][ T8378] ksys_mmap_pgoff+0x166/0x1e0 [ 169.679988][ T8378] __x64_sys_mmap+0x121/0x140 [ 169.684668][ T8378] x64_sys_call+0x13bf/0x2ee0 [ 169.689528][ T8378] do_syscall_64+0x58/0xf0 [ 169.694043][ T8378] ? clear_bhb_loop+0x35/0x90 [ 169.698738][ T8378] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 169.704739][ T8378] RIP: 0033:0x7fcb2918e929 [ 169.709804][ T8378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.729651][ T8378] RSP: 002b:00007fcb2a09a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 169.738096][ T8378] RAX: ffffffffffffffda RBX: 00007fcb293b5fa0 RCX: 00007fcb2918e929 [ 169.746265][ T8378] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000701000 [ 169.754348][ T8378] RBP: 00007fcb29210b39 R08: 0000000000000005 R09: 0000000000000000 [ 169.762423][ T8378] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 169.770485][ T8378] R13: 0000000000000000 R14: 00007fcb293b5fa0 R15: 00007ffe6d3d3608 [ 169.778639][ T8378] [ 169.781673][ T8378] Modules linked in: [ 169.786092][ T8378] ---[ end trace 0000000000000000 ]--- [ 169.805651][ T8378] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 169.811324][ T8378] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 40 ae e8 92 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 0a 6a a1 1e 90 90 90 90 90 90 90 90 90 [ 169.822331][ T8380] rust_binder: Failed to register with vma: already registered [ 169.857382][ T8378] RSP: 0018:ffffc9000cb5f3f0 EFLAGS: 00010246 [ 169.872839][ T8378] RAX: 000000000000008c RBX: 1ffff9200196be80 RCX: 45d7a1c57b44ec00 [ 169.881031][ T8378] RDX: ffffc90001611000 RSI: 0000000000006426 RDI: 0000000000006427 [ 169.890957][ T8378] RBP: ffffc9000cb5f3f0 R08: ffffc9000cb5f0e7 R09: 1ffff9200196be1c [ 169.900114][ T8378] R10: dffffc0000000000 R11: fffff5200196be1d R12: 0000000000000000 [ 169.909189][ T8378] R13: dffffc0000000000 R14: ffffc9000cb5f420 R15: ffffc9000cb5f450 [ 169.918508][ T8378] FS: 00007fcb2a09a6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 169.929312][ T8378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.937082][ T8378] CR2: 00007f0067c5ff98 CR3: 000000011d9f2000 CR4: 00000000003526b0 [ 169.961621][ T8378] DR0: fffffffffffffff8 DR1: 0000000000000006 DR2: 0200000000000000 [ 169.970584][ T8378] DR3: 0000000000000005 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.992736][ T8378] Kernel panic - not syncing: Fatal exception [ 169.999296][ T8378] Kernel Offset: disabled [ 170.003746][ T8378] Rebooting in 86400 seconds..