last executing test programs: 36.151405744s ago: executing program 2 (id=335): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) (async) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$BLKRRPART(r0, 0x125f, 0x0) 36.101931885s ago: executing program 2 (id=338): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000000200004000000000f8ffffffffffffff54733d47c0dbb0ffeb44f121cec0ea16590364ed591d5636eed367936ae16fca6207661a840f7f498b8521a73b4e3acc93e729a1c24d0db03b45875d8341368e61ea91df579325f83ea9bd95cc53441b8a1055de9907bd9b565d7ddbebce6feddbcc020d50f3796e9000338d64118f904379f67600b9f041c165e685c38cdacacf4482842e48136ccc8111a085bcee060897ac6336ec1f92352fe090de2fc5b5796474b6765928c7c18967a31b76e5cb118d78ca291b1c92f58abd848079c0cc06706c3db8bfbc45026bef3265961d34246a0a499db6ba73276c935014d1f82bc4834846bb00"/269]) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) (async) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_END_FF_UPLOAD(r3, 0x405c5503, &(0x7f0000000800)={0x0, 0x0, {0x0, 0x0, 0x0, {}, {}, @ramp}, {0x0, 0x0, 0x0, {}, {}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = ioctl$TUNGETDEVNETNS(r4, 0x54e3, 0x0) ioctl$NS_GET_USERNS(r5, 0x8004b708, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x20400, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) (async) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008f04"]) r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20ab02, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r9, 0x45809000) syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 36.027435846s ago: executing program 2 (id=340): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xe05, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda65083404bd7ab227f68e18cd87541bf069bde649a0b9ef1346a748d794685339973d6b59dcbe74a3caf48f4628eedfcd6900c56746f017f0845fea8c95ac7b2a4ff90940f98a163afc082ef6de72f5fddf056e5fe2d42a173f7fd5f6100933a38fad6"}) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x6) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 36.022522586s ago: executing program 2 (id=343): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000000)=@x86={0x7, 0x8a, 0xf, 0x0, 0x6, 0xa5, 0x10, 0x0, 0xd, 0xff, 0x7, 0x40, 0x0, 0x3, 0x7, 0x1, 0x1, 0x3, 0x80, '\x00', 0x2, 0x8}) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$selinux_load(r1, &(0x7f0000000080)={0xf97cff8c, 0x8, 'SE Linux', "d0180f79d69914bc194e4596d26d609e94f386fb87e1d331c7cf9de5982977bcdf1a331f264f3a74b98e5809ec04a60ec551a9979fcfcd5aa69c2760eb6c94dc8e97288019f973c9eec4b9966d711f2b049ce7af2eba8f0fe8089c12e4097cf7dc08964a0078f2803f7812fbf65fe3e1d841bc84863d5eaa725a9facfbc6f0dd4ca313ec47035292d62d0915796a8f75ba871d42ccbadbea4d39f418289fc1dcd8390479d6e42bca0d2edadd1010db8010a2f969effaab61eb7d75067e4f21085fe543b6fbded45fd9c51d8a8c970a"}, 0xdf) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000002, 0x40010, r0, 0xf1222000) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x3, 0x1, 0xf000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_CAP_PMU_CAPABILITY(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xd4, 0x0, 0xfffffffffffff3a0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x214800, 0x0) prctl$PR_SET_KEEPCAPS(0x8, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r3, 0x4018aee3, &(0x7f00000002c0)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000280)=0x14}) ioctl$KVM_SMI(r0, 0xaeb7) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_SET_DEBUGREGS(r4, 0x4080aea2, &(0x7f0000000340)={[0xb3329000, 0xdddd1000, 0x1, 0xeeee8000], 0x2000000000000000, 0x0, 0x2}) ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000580)={0x0, 0x875, &(0x7f00000003c0)="64462d5ddd4e666cdcc82d5da374046785fcd3897fc72d0c06b597bbcfb9e82b9b0cdaaea48ab12e99e3d3e9fdcdc9c11e73930f22674421235d71c4c7216e0ef19365f819de412ee0b2e5c1e16746c5131a5876927319655f42d3efdaf7009cfce7371e7a0a24415709fe401ab5e582824a769899df1f72525b87a6c2be6737c19e31b1a6e419a608fae51ca633a835e730ecfd8d7611ac5fcc595d9a1a8db4af19fb76fc7cbe1ba9a6c617ab2381e3548134e92e1171a8ee12f1e070983866e0ea03b5", &(0x7f00000004c0)="d7f8dec61caf2fbeee2bd0b92ea853460cff56171000430b097a6bcee190047c498ffe36c07f92056e7e19b1fa04f235f789eab515d85488ff59a304a8fac0a9d85184e256d8f50c8b234828069e9ad2eda93a739fb74321ff2d75da202d92b4750f58486de8d8cf62952a819435c2cd7de875cd2123f1e6f260df506b4926e11a054e287ff2a2fe7e1ecc14759b124830298b13d03e566dc5153423b75bd62a144433a1adb5f7828c3307bd42be11b7a376973405f4b2", 0xc4, 0xb7}) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$incfs(r4, &(0x7f00000005c0)='.log\x00', 0x101000, 0x100) ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f0000000600)={0x8080000, 0x8000}) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000640)={0x4, 0x0, [{0xbc6, 0x0, 0x4}, {0xbd3, 0x0, 0xc47}, {0x8b4, 0x0, 0x3}, {0x1be1, 0x0, 0x1}]}) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x3000)=nil, 0x3000, &(0x7f00000006c0)='#\\.}}\x00') r7 = openat(r4, &(0x7f0000000700)='./file0\x00', 0x8080, 0x4) r8 = openat$cgroup_ro(r7, &(0x7f0000000740)='rdma.current\x00', 0x0, 0x0) mkdirat$cgroup(r8, &(0x7f0000000780)='syz0\x00', 0x1ff) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000007c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r9, &(0x7f0000000800)='rdma.current\x00', 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x0, 0x200000f, 0x10, r6, 0x0) 36.004875886s ago: executing program 2 (id=345): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) read$FUSE(r2, &(0x7f0000000c80)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, &(0x7f0000000080)={0x8}) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)={0xb8, 0x0, r3, [{{0x2000000000000002, 0x3, 0xffffffffffff7fff, 0x1, 0x3ff, 0xa0, {0x6, 0x3, 0x6, 0x7, 0x8, 0x8000000000000000, 0xc9, 0xffffffff, 0xbe, 0x6000, 0x8, r4, r5, 0x6}}, {0x3, 0xfffffffffffdffff, 0xd, 0x4, 'cgroup.procs\x00'}}]}, 0xb8) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f00000008c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x1) syz_clone(0x44200400, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000003c0)={@fda={0x66646185, 0x1, 0x2, 0x14}, @flat=@handle={0x73682a85, 0x0, 0x3}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x20, 0x38}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)}) 35.914826168s ago: executing program 2 (id=347): unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x0) mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) 20.877284615s ago: executing program 32 (id=347): unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x0) mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) 9.059321833s ago: executing program 0 (id=761): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xc, 0x0, &(0x7f0000000040)=[@dead_binder_done], 0x15, 0x0, &(0x7f0000000080)="9a78d57b8f03b4b3a2978a71384f2463f036992b41"}) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) 9.058713523s ago: executing program 1 (id=762): mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={[{}]}) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) (async) r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x110, r0, 0x3fbea000) 9.058277303s ago: executing program 3 (id=763): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xbf) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000000000004503"]) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000280)={0x1, 0x0, [{0x40000003, 0x0, 0x5}]}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 7.475508907s ago: executing program 0 (id=764): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/cpu_byteorder', 0x0, 0x0) read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2020) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000070000040"]) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x1, 0x0}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x18, 0x0, &(0x7f0000000180)=[@decrefs, @clear_death], 0x0, 0x0, 0x0}) 7.472230316s ago: executing program 1 (id=765): openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000002000c) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 7.471482967s ago: executing program 3 (id=766): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x9) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x7f) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}) 5.760030123s ago: executing program 0 (id=767): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68802, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r8 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$INCFS_IOC_PERMIT_FILL(r8, 0x40046721, &(0x7f0000000240)={r1}) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) r10 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r11, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x7, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x9, 0x10}, {0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8f}, {0xeeef0000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0x4fff, 0xf7f53000, 0x9, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xd}, {0x0, 0x0, 0xe, 0xfe, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6}, {0x0, 0x0, 0x0, 0xfc, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x8080000, 0x50, 0xa, 0xf801, 0x0, [0x0, 0x0, 0x1]}) ioctl$KVM_TRANSLATE(r11, 0xc018ae85, &(0x7f00000000c0)) ioctl$BLKRRPART(r0, 0x125f, 0x0) 5.688929044s ago: executing program 1 (id=768): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x101242, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/kheaders.tar.xz', 0x101000, 0x82) read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wake_lock', 0x141a82, 0x13) write(r4, &(0x7f0000001600)="d93f", 0x2) read$FUSE(r4, &(0x7f0000001640)={0x2020}, 0x2082) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f00000000c0)={[{0x6, 0x3, 0xf1, 0x0, 0x3, 0x9, 0x52, 0x6, 0xc, 0x4, 0x5, 0xfb, 0x4}, {0x4, 0x8001, 0x0, 0xb, 0xff, 0x0, 0x81, 0xe, 0xe, 0x2f, 0x0, 0x0, 0x7}, {0x5, 0x0, 0x7, 0x10, 0xd6, 0x6, 0x4, 0x7f, 0x4, 0xfa, 0x81, 0x7, 0x7f}], 0xffff1093}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r8, 0xae9a) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0x3, 0x100000000, 0x0, 0xfffffffffffffff8, 0x100000, 0x0, 0x202004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe, 0x2000000000], 0x0, 0x4000}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='-])[\x1e!%&:$.\x00') 5.688013874s ago: executing program 3 (id=769): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0xb, 0x401, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe, 0x200, 0x2], 0x0, 0x200}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0x400000b3}]}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1}) ioctl$KVM_RUN(r6, 0xae80, 0x0) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@flag='rw'}]}) 3.93872808s ago: executing program 0 (id=770): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f0000000580)={{0x0, 0x0, 0x80}}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mount$binderfs(&(0x7f0000000180), &(0x7f0000000340)='./binderfs\x00', &(0x7f00000003c0), 0x90, &(0x7f0000000400)=ANY=[@ANYBLOB='stats=global,max=00000000000000000000004,max=00777777777777777777777,async,uid<', @ANYRESDEC=0x0, @ANYBLOB="2c736d61636ba2dd50776102736d7574653d2a2f2c00"]) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009d02"]) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x54, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x2, &(0x7f0000000240)=""/13, 0xffffffffffffffe1, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_KEYBIT(r6, 0x40045565, 0x2c8) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom1\x00', 0x800, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x101000, 0x0) ioctl$TUNGETFEATURES(r11, 0x5452, &(0x7f0000001740)) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000480)=ANY=[@ANYRES32=r11, @ANYRES16=r11]) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x7fff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1000}) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r12) r13 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r13, 0xc004743e, 0x110c23003f) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000004c0)={0x73622a85, 0x110b, 0x3}) 3.93800712s ago: executing program 1 (id=771): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10000003) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) (async) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 3.93019622s ago: executing program 3 (id=772): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000d40)={0x2020}, 0x2020) (async, rerun: 32) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (rerun: 32) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000000000000200004000000000060000000000000001000040"]) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000580)="55dd"}) 1.9833233s ago: executing program 0 (id=773): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3314) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xda6, 0x0, &(0x7f0000001340)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda6508340"}) r1 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write(r1, &(0x7f00000000c0)="93", 0x1) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f00000001c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) read$FUSE(r5, &(0x7f0000000440)={0x2020}, 0x2020) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000140)=[@decrefs={0x40046307, 0x2}, @enter_looper], 0x63, 0x0, &(0x7f0000000280)="985bcafe9d54cb3ab7b09e39148246b578d2f3d44ce7d48a2e65f5239ecd0a3dd5138d55044fa1d47c2cb6986af99e323c06aaa23a215d02a074f2353e800b821e4b621d92a0b2c72746a3c6aecb125d995497755c382245bb2c33d588b60e8c379322"}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200a82, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/custom1\x00', 0x2, 0x0) 1.982362749s ago: executing program 1 (id=774): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000030501c0000006000000010000000000fdb9b2919ab60f781fd51cc0b8d32aca01cd8ce6f53d2bd4c96e78c47e74480f58eb58e594dfd5065dfc8ce67d1a021fb09799217701000000c350d0f53dbbf4adfd52fe70f14f07552d4ae4312c748b1cb22e819a6b9c4fe10b557d48c656cc626536a58e21475250560c54140cc9ec2d2ec5d3d8bb19db93d8024c3d9381e8a2575c19be9ba7ca0da61f43cef527007b133786f2201982ba0c222b644a3af462d5e20d61c69e581ec58f607b0edaa4396d0ff86685b8ab5626ebfc3494d94932e6558f71564bda5e8ebae55cb7b631cf30a567bab306e9f589a30fb1db9dd7a0529342"]) (async) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000030501c0000006000000010000000000fdb9b2919ab60f781fd51cc0b8d32aca01cd8ce6f53d2bd4c96e78c47e74480f58eb58e594dfd5065dfc8ce67d1a021fb09799217701000000c350d0f53dbbf4adfd52fe70f14f07552d4ae4312c748b1cb22e819a6b9c4fe10b557d48c656cc626536a58e21475250560c54140cc9ec2d2ec5d3d8bb19db93d8024c3d9381e8a2575c19be9ba7ca0da61f43cef527007b133786f2201982ba0c222b644a3af462d5e20d61c69e581ec58f607b0edaa4396d0ff86685b8ab5626ebfc3494d94932e6558f71564bda5e8ebae55cb7b631cf30a567bab306e9f589a30fb1db9dd7a0529342"]) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$int_in(r3, 0x5421, 0x0) (async) ioctl$int_in(r3, 0x5421, 0x0) mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='mcx=00000000000L00000000000,\x00']) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0xc4000, 0x0) ioctl$PPPIOCSACTIVE(r4, 0x40107446, &(0x7f0000000180)={0x3, &(0x7f0000000280)=[{0x200, 0x6, 0x4, 0x40}, {0x2c, 0x1, 0xf, 0x8}, {0xb5, 0x5, 0x2, 0x9f}]}) r5 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000003c0), 0x1a000, 0x0) mkdirat(r5, &(0x7f0000000940)='./file0\x00', 0x15) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x161000, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001800), 0x0) (async) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001800), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r6, 0x80585414, &(0x7f0000000380)) r7 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCSCOMPRESS(r4, 0x4010744d) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) (async) r9 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) (async) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000ff"]) (async) ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000ff"]) ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff8f04"]) openat$cgroup_ro(r7, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc018620c, &(0x7f0000000240)={0xffffff4c, 0x2, 0x0, 0x0, 0x0, 0x0}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x13, r14, 0xb3d68000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) 1.981896869s ago: executing program 3 (id=775): prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000001, 0x800000000, 0x3e, 0x0, 0x0, 0x2004cc, 0x5, 0x0, 0x0, 0xfffffffdfffffffc, 0xfffffffffffffffc, 0x0, 0x9, 0x4000000000000004, 0x767], 0xeeef0000, 0xc0086}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BLKSSZGET(0xffffffffffffffff, 0x1268, &(0x7f0000000000)) 6.48961ms ago: executing program 0 (id=776): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3}, {0x61}, {}, {}, {0x6}]}) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='/dev/ashmem\x00') 5.77311ms ago: executing program 1 (id=777): r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000480)='./binderfs/binder-control\x00', 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000083}]}) (async) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x8010, r0, 0xc8cba000) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x32}, @fda={0x66646185, 0x3fffffffffffffff, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000540)={'binder1\x00'}) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000080)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000000)=0x4}) 0s ago: executing program 3 (id=778): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x20800, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x4, 0x6031, 0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x16) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000100)={0x7fff, 0x7f, 0xfffffffe, 0xd52, 0x9, "0a0000341c00"}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x7e) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000300)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000140)=ANY=[@ANYBLOB=','], 0x6a) mmap$binder(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.190' (ED25519) to the list of known hosts. [ 19.109685][ T36] audit: type=1400 audit(1750374255.430:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.111010][ T281] cgroup: Unknown subsys name 'net' [ 19.112942][ T36] audit: type=1400 audit(1750374255.430:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.116535][ T36] audit: type=1400 audit(1750374255.440:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.116674][ T281] cgroup: Unknown subsys name 'devices' [ 19.254567][ T281] cgroup: Unknown subsys name 'hugetlb' [ 19.260192][ T281] cgroup: Unknown subsys name 'rlimit' [ 19.410888][ T36] audit: type=1400 audit(1750374255.730:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.434143][ T36] audit: type=1400 audit(1750374255.730:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.459546][ T36] audit: type=1400 audit(1750374255.730:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.468068][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 19.495835][ T36] audit: type=1400 audit(1750374255.820:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.523342][ T36] audit: type=1400 audit(1750374255.820:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.525144][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 19.550149][ T36] audit: type=1400 audit(1750374255.850:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.584702][ T36] audit: type=1400 audit(1750374255.850:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.352755][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.359881][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.367143][ T288] bridge_slave_0: entered allmulticast mode [ 20.373693][ T288] bridge_slave_0: entered promiscuous mode [ 20.385958][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.393078][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.400358][ T288] bridge_slave_1: entered allmulticast mode [ 20.406598][ T288] bridge_slave_1: entered promiscuous mode [ 20.429076][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.436161][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.443244][ T290] bridge_slave_0: entered allmulticast mode [ 20.451367][ T290] bridge_slave_0: entered promiscuous mode [ 20.457840][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.464938][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.472135][ T290] bridge_slave_1: entered allmulticast mode [ 20.478301][ T290] bridge_slave_1: entered promiscuous mode [ 20.500149][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.507211][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.514336][ T291] bridge_slave_0: entered allmulticast mode [ 20.520482][ T291] bridge_slave_0: entered promiscuous mode [ 20.537542][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.544768][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.551923][ T291] bridge_slave_1: entered allmulticast mode [ 20.558103][ T291] bridge_slave_1: entered promiscuous mode [ 20.590399][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.597475][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.604598][ T289] bridge_slave_0: entered allmulticast mode [ 20.610785][ T289] bridge_slave_0: entered promiscuous mode [ 20.626139][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.633346][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.640407][ T289] bridge_slave_1: entered allmulticast mode [ 20.646763][ T289] bridge_slave_1: entered promiscuous mode [ 20.756292][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.763353][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.770611][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.777665][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.789657][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.796826][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.804136][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.811161][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.833777][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.840825][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.848209][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.855323][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.864054][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.871084][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.878564][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.885597][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.912277][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.919746][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.927855][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.935108][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.943151][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.950390][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.957923][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.965251][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.979797][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.986889][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.996116][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.003178][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.030610][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.037770][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.045914][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.052956][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.061230][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.068284][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.082314][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.089455][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.108888][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.115977][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.143031][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.150253][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.163353][ T288] veth0_vlan: entered promiscuous mode [ 21.183763][ T289] veth0_vlan: entered promiscuous mode [ 21.197116][ T291] veth0_vlan: entered promiscuous mode [ 21.203730][ T288] veth1_macvtap: entered promiscuous mode [ 21.210768][ T290] veth0_vlan: entered promiscuous mode [ 21.227580][ T291] veth1_macvtap: entered promiscuous mode [ 21.236631][ T289] veth1_macvtap: entered promiscuous mode [ 21.246131][ T290] veth1_macvtap: entered promiscuous mode [ 21.284951][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 21.327689][ T307] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 21.418041][ T314] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 21.427225][ T321] rust_binder: Write failure EINVAL in pid:4 [ 21.428218][ T314] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 21.623880][ T331] rust_binder: Write failure EINVAL in pid:6 [ 21.676662][ T340] binder: Unknown parameter 'context' [ 21.698182][ T341] rust_binder: Read failure Err(EAGAIN) in pid:9 [ 21.753871][ T358] binder: Unknown parameter 'st?ts' [ 21.785513][ T362] SELinux: security_context_str_to_sid () failed with errno=-22 [ 21.808636][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.816535][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.824271][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.832979][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.840364][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.848238][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.856739][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.864373][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.872234][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.879723][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.887131][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.894743][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.902690][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.914112][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.922147][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.930925][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.938539][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.951665][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.959446][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.967657][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.975661][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.983440][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.990882][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 21.999770][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.008802][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.016495][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.025952][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.033469][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.040927][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.048445][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.055936][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.055941][ T376] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.055963][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 22.079325][ T10] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 22.132071][ T380] fido_id[380]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 22.436470][ T398] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.443675][ T398] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:29 [ 22.630404][ T405] rust_binder: Error while translating object. [ 22.652081][ T405] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 22.658604][ T405] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:27 [ 22.795815][ T414] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.814995][ T415] input: syz0 as /devices/virtual/input/input5 [ 22.855957][ T414] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 22.879105][ T420] binder: Unknown parameter 'nwI' [ 22.935000][ T414] rust_binder: Write failure EINVAL in pid:32 [ 23.246204][ T442] SELinux: security policydb version 17 (MLS) not backwards compatible [ 23.281781][ T442] SELinux: failed to load policy [ 23.504010][ T454] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:35 [ 23.585470][ T460] kernel profiling enabled (shift: 63) [ 23.608121][ T460] profiling shift: 63 too large [ 23.610847][ T456] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 23.620998][ T456] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 23.632043][ T458] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 23.658410][ T456] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 23.757960][ T472] binder: Bad value for 'stats' [ 23.778246][ T475] binder: Unknown parameter 'non' [ 23.941369][ T480] random: crng reseeded on system resumption [ 24.112051][ T36] kauditd_printk_skb: 450 callbacks suppressed [ 24.112067][ T36] audit: type=1400 audit(1750374260.440:524): avc: denied { read } for pid=492 comm="syz.0.58" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 24.159853][ T36] audit: type=1400 audit(1750374260.440:525): avc: denied { read open } for pid=492 comm="syz.0.58" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 24.196468][ T36] audit: type=1400 audit(1750374260.440:526): avc: denied { read } for pid=492 comm="syz.0.58" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 24.249404][ T36] audit: type=1400 audit(1750374260.440:527): avc: denied { read open } for pid=492 comm="syz.0.58" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 24.275095][ T502] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:56 [ 24.307291][ T36] audit: type=1400 audit(1750374260.440:528): avc: denied { read } for pid=492 comm="syz.0.58" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 24.408215][ T36] audit: type=1400 audit(1750374260.440:529): avc: denied { read open } for pid=492 comm="syz.0.58" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 24.439894][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 24.440270][ T36] audit: type=1400 audit(1750374260.440:530): avc: denied { read } for pid=492 comm="syz.0.58" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 24.449419][ T289] audit: audit_backlog=65 > audit_backlog_limit=64 [ 24.476674][ T288] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 24.544039][ T516] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 24.544060][ T516] rust_binder: Read failure Err(EFAULT) in pid:47 [ 24.662444][ T525] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.682544][ T523] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:49 [ 24.712426][ T527] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:51 [ 24.752875][ T530] input: syz1 as /devices/virtual/input/input7 [ 24.782144][ T530] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:51 [ 24.969303][ T544] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 24.987648][ T540] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 24.999377][ T544] rust_binder: Error while translating object. [ 25.011672][ T544] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.021710][ T540] rust_binder: Error while translating object. [ 25.033217][ T544] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:60 [ 25.042450][ T540] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.065446][ T540] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:55 [ 25.451112][ T565] SELinux: failed to load policy [ 25.680646][ T573] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 25.680678][ T573] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:64 [ 25.885756][ T586] rust_binder: Error while translating object. [ 25.905083][ T586] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 25.911372][ T586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:68 [ 26.193226][ T599] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70 [ 26.276116][ T599] rust_binder: Error while translating object. [ 26.304041][ T599] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.316064][ T599] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70 [ 26.317408][ T603] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.342519][ T603] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:75 [ 26.588540][ T616] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 26.597907][ T616] rust_binder: Error while translating object. [ 26.615843][ T616] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.627165][ T616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:76 [ 26.719327][ T623] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:74 [ 26.731359][ T624] rust_binder: Write failure EINVAL in pid:74 [ 26.935439][ T621] rust_binder: Read failure Err(EFAULT) in pid:82 [ 27.026706][ T640] binder: Bad value for 'max' [ 27.450853][ T653] input: syz1 as /devices/virtual/input/input11 [ 27.661522][ T662] KVM: debugfs: duplicate directory 662-10 [ 28.048881][ T683] binder: Bad value for 'stats' [ 28.377069][ T691] kvm: kvm [687]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x7fffffffffffffff [ 28.420406][ T688] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 28.420436][ T688] rust_binder: Error in use_page_slow: EBUSY [ 28.431955][ T692] rust_binder: Write failure EINVAL in pid:92 [ 28.452010][ T688] rust_binder: use_range failure EBUSY [ 28.485234][ T688] rust_binder: Failed to allocate buffer. len:112, is_oneway:false [ 28.494489][ T688] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 28.519331][ T688] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 28.588589][ T688] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:96 [ 28.691071][ T708] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:109 [ 28.901700][ T712] rust_binder: Error while translating object. [ 28.931642][ T712] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 28.941117][ T712] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:96 [ 29.123216][ T36] kauditd_printk_skb: 1014 callbacks suppressed [ 29.123232][ T36] audit: type=1400 audit(1750374265.450:1524): avc: denied { read write } for pid=720 comm="syz.3.134" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 29.174679][ T722] audit: audit_backlog=65 > audit_backlog_limit=64 [ 29.191065][ T36] audit: type=1400 audit(1750374265.450:1525): avc: denied { read } for pid=720 comm="syz.3.134" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 29.199429][ T721] audit: audit_backlog=65 > audit_backlog_limit=64 [ 29.218907][ T36] audit: type=1400 audit(1750374265.450:1526): avc: denied { read open } for pid=720 comm="syz.3.134" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 29.248155][ T721] audit: audit_lost=9 audit_rate_limit=0 audit_backlog_limit=64 [ 29.250280][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 29.265107][ T721] audit: backlog limit exceeded [ 29.273480][ T722] audit: audit_lost=10 audit_rate_limit=0 audit_backlog_limit=64 [ 29.275812][ T721] audit: audit_backlog=65 > audit_backlog_limit=64 [ 29.502221][ T728] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2736183408 (2736183408 ns) > initial count (1312075853 ns). Using initial count to start timer. [ 29.567146][ T728] binder: Bad value for 'stats' [ 29.829910][ T737] random: crng reseeded on system resumption [ 29.875929][ T735] rust_binder: Failed copying remainder into alloc: EFAULT [ 29.875952][ T735] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 29.898065][ T735] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 29.923609][ T735] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:99 [ 30.000091][ T740] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.190186][ T750] binder: Unknown parameter '' [ 30.357181][ T753] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.358265][ T753] rust_binder: Error while translating object. [ 30.365012][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 30.417492][ T753] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.417523][ T753] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:109 [ 30.676815][ T766] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 30.744007][ T766] rust_binder: Error while translating object. [ 30.771277][ T766] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.781085][ T766] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:111 [ 31.103723][ T794] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 31.230609][ T794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:121 [ 31.235636][ T794] rust_binder: Error while translating object. [ 31.271899][ T794] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.284751][ T794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:121 [ 31.359203][ T803] input: syz1 as /devices/virtual/input/input14 [ 31.717767][ T816] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 144, limit: 160, size: 60) [ 31.717792][ T816] rust_binder: Error while translating object. [ 31.755084][ T816] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.761378][ T816] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:126 [ 32.090929][ T834] SELinux: security_context_str_to_sid () failed with errno=-22 [ 32.115242][ T836] ======================================================= [ 32.115242][ T836] WARNING: The mand mount option has been deprecated and [ 32.115242][ T836] and is ignored by this kernel. Remove the mand [ 32.115242][ T836] option from the mount to silence this warning. [ 32.115242][ T836] ======================================================= [ 32.167961][ T836] binder: Unknown parameter 'coyBLV"i5ntext' [ 32.194513][ T834] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 32.262053][ T842] SELinux: Context \MZr})QN'd: is not valid (left unmapped). [ 32.393381][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 32.501035][ T857] input: syz0 as /devices/virtual/input/input15 [ 32.733206][ T868] syz.1.181 (868) used obsolete PPPIOCDETACH ioctl [ 32.848776][ T874] binder: Unknown parameter 'dont_hash' [ 32.893362][ T874] binder: Unknown parameter 'obj_type' [ 32.947769][ T878] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:150 [ 33.155312][ T876] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 33.183433][ T876] rust_binder: Error in use_page_slow: EBUSY [ 33.237645][ T876] rust_binder: use_range failure EBUSY [ 33.281251][ T876] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 33.291869][ T876] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 33.312187][ T876] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 33.332186][ T876] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:149 [ 33.377977][ T910] binder: Bad value for 'max' [ 33.455055][ T913] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 33.455078][ T913] rust_binder: Read failure Err(EFAULT) in pid:132 [ 33.636561][ T921] SELinux: security_context_str_to_sid (system_uGй :) failed with errno=-22 [ 33.926756][ T937] binder: Unknown parameter 'nXI' [ 34.139187][ T36] kauditd_printk_skb: 1239 callbacks suppressed [ 34.139204][ T36] audit: type=1400 audit(1750374270.460:2752): avc: denied { ioctl } for pid=946 comm="syz.3.205" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 34.184327][ T36] audit: type=1400 audit(1750374270.490:2753): avc: denied { ioctl } for pid=948 comm="syz.0.206" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 34.211063][ T36] audit: type=1400 audit(1750374270.500:2754): avc: denied { ioctl } for pid=946 comm="syz.3.205" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 34.239674][ T36] audit: type=1400 audit(1750374270.500:2755): avc: denied { ioctl } for pid=946 comm="syz.3.205" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 34.268108][ T36] audit: type=1400 audit(1750374270.500:2756): avc: denied { ioctl } for pid=946 comm="syz.3.205" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf61 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 34.297233][ T36] audit: type=1400 audit(1750374270.500:2757): avc: denied { ioctl } for pid=948 comm="syz.0.206" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 34.327114][ T36] audit: type=1400 audit(1750374270.500:2758): avc: denied { ioctl } for pid=946 comm="syz.3.205" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 34.361772][ T36] audit: type=1400 audit(1750374270.500:2759): avc: denied { read } for pid=948 comm="syz.0.206" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 34.388432][ T36] audit: type=1400 audit(1750374270.500:2760): avc: denied { read open } for pid=948 comm="syz.0.206" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 34.414749][ T36] audit: type=1400 audit(1750374270.500:2761): avc: denied { ioctl } for pid=948 comm="syz.0.206" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 34.606384][ T957] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 34.628134][ T957] rust_binder: Write failure EINVAL in pid:138 [ 34.874043][ T978] rust_binder: Read failure Err(EAGAIN) in pid:164 [ 34.981925][ T983] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:166 [ 35.067785][ T989] rust_binder: Write failure EFAULT in pid:168 [ 35.110513][ T989] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:168 [ 35.142143][ T985] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:146 [ 35.162014][ T989] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:168 [ 35.373951][ T1002] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.383667][ T1002] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:148 [ 35.669969][ T1011] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 243) [ 35.687649][ T1011] rust_binder: Error while translating object. [ 35.699368][ T1011] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.706152][ T1011] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152 [ 35.833606][ T1012] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.980400][ T1031] binder: Bad value for 'max' [ 36.081661][ T1035] SELinux: Context system_u:object_r:devicekit_disk_exec_t:s0 is not valid (left unmapped). [ 36.160948][ T1037] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 36.202106][ T1037] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 36.221076][ T1033] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 36.232284][ T1033] binder: Unknown parameter 'fscontext?}' [ 36.240433][ T1033] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 37.027595][ T1077] rust_binder: Write failure EFAULT in pid:217 [ 37.064720][ T1081] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 37.090724][ T1077] input: syz0 as /devices/virtual/input/input17 [ 37.106032][ T1077] input: syz0 as /devices/virtual/input/input18 [ 37.222509][ T1085] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 37.222526][ T1085] rust_binder: Error while translating object. [ 37.264551][ T1085] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 37.273626][ T1085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:192 [ 37.552544][ T1104] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.643067][ T1108] rust_binder: Error in use_page_slow: ESRCH [ 37.643092][ T1108] rust_binder: use_range failure ESRCH [ 37.650017][ T1108] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 37.672268][ T1107] rust_binder: Error in use_page_slow: ESRCH [ 37.691636][ T1107] rust_binder: use_range failure ESRCH [ 37.701633][ T1107] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 37.721668][ T1108] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 37.751656][ T1107] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 37.814965][ T1108] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:223 [ 37.871663][ T1107] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:223 [ 38.120751][ T304] Bluetooth: hci0: Frame reassembly failed (-84) [ 38.151159][ T1144] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 39.152824][ T36] kauditd_printk_skb: 861 callbacks suppressed [ 39.152863][ T36] audit: type=1400 audit(1750374275.480:3623): avc: denied { read write } for pid=289 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 39.202431][ T36] audit: type=1400 audit(1750374275.530:3624): avc: denied { read } for pid=1269 comm="syz.2.314" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 39.230172][ T36] audit: type=1400 audit(1750374275.550:3625): avc: denied { read write } for pid=289 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 39.274215][ T36] audit: type=1400 audit(1750374275.600:3626): avc: denied { read write } for pid=289 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 39.317132][ T36] audit: type=1400 audit(1750374275.640:3627): avc: denied { map } for pid=1276 comm="syz.2.316" path="/dev/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=0 [ 39.343397][ T36] audit: type=1400 audit(1750374275.660:3628): avc: denied { read write } for pid=1276 comm="syz.2.316" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 39.416681][ T36] audit: type=1400 audit(1750374275.740:3629): avc: denied { read write } for pid=289 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 39.443911][ T36] audit: type=1400 audit(1750374275.740:3630): avc: denied { read write } for pid=288 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 39.469257][ T36] audit: type=1400 audit(1750374275.770:3631): avc: denied { read } for pid=1278 comm="syz.0.318" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 39.492714][ T36] audit: type=1400 audit(1750374275.770:3632): avc: denied { read } for pid=1278 comm="syz.0.318" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 40.029570][ T1336] cgroup: fork rejected by pids controller in /syz0 [ 40.151601][ T761] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 40.157739][ T52] Bluetooth: hci0: command 0x1003 tx timeout [ 40.797117][ T1458] kernel profiling enabled (shift: 63) [ 40.807149][ T1458] profiling shift: 63 too large [ 40.903027][ T1462] serio: Serial port ttynull [ 40.943182][ T1464] binfmt_misc: register: failed to install interpreter file ./cgroup [ 44.162342][ T36] kauditd_printk_skb: 4497 callbacks suppressed [ 44.162359][ T36] audit: type=1400 audit(1750374280.490:8130): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.221613][ T36] audit: type=1400 audit(1750374280.520:8131): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.268789][ T289] audit: audit_backlog=65 > audit_backlog_limit=64 [ 44.275423][ T36] audit: type=1400 audit(1750374280.520:8132): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.282653][ T1661] audit: audit_backlog=65 > audit_backlog_limit=64 [ 44.298543][ T289] audit: audit_lost=16 audit_rate_limit=0 audit_backlog_limit=64 [ 44.312355][ T1659] audit: audit_backlog=65 > audit_backlog_limit=64 [ 44.312702][ T289] audit: backlog limit exceeded [ 44.319149][ T1659] audit: audit_lost=17 audit_rate_limit=0 audit_backlog_limit=64 [ 44.324026][ T36] audit: type=1400 audit(1750374280.520:8133): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 45.768070][ T1719] syz.3.455: attempt to access beyond end of device [ 45.768070][ T1719] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 45.871964][ T1725] tun0: tun_chr_ioctl cmd 1074025675 [ 45.877575][ T1725] tun0: persist enabled [ 45.893728][ T1725] tun0: tun_chr_ioctl cmd 1074025675 [ 45.899139][ T1725] tun0: persist enabled [ 46.254236][ T12] Bluetooth: hci0: Frame reassembly failed (-90) [ 46.261183][ T1758] Bluetooth: hci0: Frame reassembly failed (-84) [ 46.290102][ T1758] Bluetooth: hci0: Frame reassembly failed (-84) [ 46.310907][ T1758] Bluetooth: hci0: Frame reassembly failed (-84) [ 46.329132][ T1758] Bluetooth: hci0: Frame reassembly failed (-84) [ 48.311653][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 48.317803][ T761] Bluetooth: hci0: command 0x1003 tx timeout [ 49.171754][ T36] kauditd_printk_skb: 5958 callbacks suppressed [ 49.171770][ T36] audit: type=1400 audit(1750374285.500:13864): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 49.225078][ T289] audit: audit_backlog=65 > audit_backlog_limit=64 [ 49.232501][ T36] audit: type=1400 audit(1750374285.500:13866): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 49.244921][ T289] audit: audit_lost=94 audit_rate_limit=0 audit_backlog_limit=64 [ 49.270031][ T1984] audit: audit_backlog=65 > audit_backlog_limit=64 [ 49.272482][ T290] audit: audit_backlog=65 > audit_backlog_limit=64 [ 49.276644][ T1984] audit: audit_lost=95 audit_rate_limit=0 audit_backlog_limit=64 [ 49.284127][ T290] audit: audit_lost=96 audit_rate_limit=0 audit_backlog_limit=64 [ 49.291161][ T289] audit: backlog limit exceeded [ 49.298658][ T36] audit: type=1400 audit(1750374285.500:13867): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 50.316729][ T2045] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 51.480048][ T2132] tun0: tun_chr_ioctl cmd 1074025676 [ 51.492533][ T2132] tun0: owner set to 0 [ 52.543652][ T2232] syz.1.653: attempt to access beyond end of device [ 52.543652][ T2232] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 54.181996][ T36] kauditd_printk_skb: 5414 callbacks suppressed [ 54.182013][ T36] audit: type=1400 audit(1750374290.510:19279): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 54.241589][ T36] audit: type=1400 audit(1750374290.510:19280): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 54.283955][ T289] audit: audit_backlog=65 > audit_backlog_limit=64 [ 54.296581][ T2370] audit: audit_backlog=65 > audit_backlog_limit=64 [ 54.303223][ T289] audit: audit_lost=97 audit_rate_limit=0 audit_backlog_limit=64 [ 54.311070][ T2370] audit: audit_lost=98 audit_rate_limit=0 audit_backlog_limit=64 [ 54.311606][ T36] audit: type=1400 audit(1750374290.510:19281): avc: denied { setattr } for pid=289 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 54.318949][ T289] audit: backlog limit exceeded [ 54.348084][ T2370] audit: backlog limit exceeded [ 54.360589][ T289] audit: audit_backlog=66 > audit_backlog_limit=64 [ 55.235710][ T12] bridge_slave_1: left allmulticast mode [ 55.246576][ T12] bridge_slave_1: left promiscuous mode [ 55.252257][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.259815][ T12] bridge_slave_0: left allmulticast mode [ 55.265632][ T12] bridge_slave_0: left promiscuous mode [ 55.271233][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.353474][ T12] veth1_macvtap: left promiscuous mode [ 55.359033][ T12] veth0_vlan: left promiscuous mode [ 59.230142][ T36] kauditd_printk_skb: 903 callbacks suppressed [ 59.230158][ T36] audit: type=1400 audit(1750374295.550:20180): avc: denied { execmem } for pid=2479 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 59.280650][ T36] audit: type=1400 audit(1750374295.570:20181): avc: denied { read write } for pid=2480 comm="syz.0.744" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=0 [ 59.305134][ T36] audit: type=1400 audit(1750374295.570:20182): avc: denied { read } for pid=2480 comm="syz.0.744" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 59.329461][ T36] audit: type=1400 audit(1750374295.590:20183): avc: denied { read } for pid=2484 comm="syz.3.746" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 59.352829][ T36] audit: type=1400 audit(1750374295.590:20184): avc: denied { read } for pid=2484 comm="syz.3.746" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 59.375928][ T36] audit: type=1400 audit(1750374295.590:20185): avc: denied { read } for pid=2484 comm="syz.3.746" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 59.399022][ T36] audit: type=1400 audit(1750374295.600:20186): avc: denied { read write } for pid=2484 comm="syz.3.746" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=0 [ 59.423422][ T36] audit: type=1400 audit(1750374295.600:20187): avc: denied { read write } for pid=291 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 59.448417][ T36] audit: type=1400 audit(1750374295.600:20188): avc: denied { read } for pid=2484 comm="syz.3.746" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 59.471682][ T36] audit: type=1400 audit(1750374295.600:20189): avc: denied { remount } for pid=2484 comm="syz.3.746" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=0 [ 60.297291][ T2492] syz.1.748: attempt to access beyond end of device [ 60.297291][ T2492] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 62.628715][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 62.638045][ T2517] Bluetooth: hci0: Frame reassembly failed (-84) [ 64.631725][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 64.632407][ T761] Bluetooth: hci0: command 0x1003 tx timeout [ 64.654875][ T36] kauditd_printk_skb: 45 callbacks suppressed [ 64.654890][ T36] audit: type=1400 audit(1750374300.980:20235): avc: denied { read write } for pid=290 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 65.333297][ T36] audit: type=1400 audit(1750374301.660:20236): avc: denied { execmem } for pid=2528 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 65.361290][ T36] audit: type=1400 audit(1750374301.680:20237): avc: denied { read } for pid=2529 comm="syz.0.758" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 65.392498][ T36] audit: type=1400 audit(1750374301.680:20238): avc: denied { read } for pid=2530 comm="syz.1.759" name="binder1" dev="binder" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 65.422908][ T36] audit: type=1400 audit(1750374301.680:20239): avc: denied { read } for pid=2530 comm="syz.1.759" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 65.446033][ T36] audit: type=1400 audit(1750374301.680:20240): avc: denied { read } for pid=2530 comm="syz.1.759" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 65.470438][ T36] audit: type=1400 audit(1750374301.680:20241): avc: denied { read write } for pid=288 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 65.495371][ T36] audit: type=1400 audit(1750374301.710:20242): avc: denied { read write } for pid=291 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 65.521677][ T36] audit: type=1400 audit(1750374301.720:20243): avc: denied { read write } for pid=2533 comm="syz.3.760" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 65.545236][ T36] audit: type=1400 audit(1750374301.720:20244): avc: denied { read } for pid=2533 comm="syz.3.760" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 70.210675][ T36] kauditd_printk_skb: 24 callbacks suppressed [ 70.210692][ T36] audit: type=1400 audit(1750374306.530:20269): avc: denied { execmem } for pid=2550 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 70.251210][ T36] audit: type=1400 audit(1750374306.540:20270): avc: denied { read write } for pid=2551 comm="syz.0.767" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=0 [ 70.277540][ T36] audit: type=1400 audit(1750374306.550:20271): avc: denied { read } for pid=2551 comm="syz.0.767" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 70.306404][ T36] audit: type=1400 audit(1750374306.570:20272): avc: denied { read } for pid=2551 comm="syz.0.767" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 70.332412][ T36] audit: type=1400 audit(1750374306.570:20273): avc: denied { read } for pid=2553 comm="syz.3.769" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 70.357756][ T36] audit: type=1400 audit(1750374306.570:20274): avc: denied { read } for pid=2553 comm="syz.3.769" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 70.380700][ T36] audit: type=1400 audit(1750374306.570:20275): avc: denied { read } for pid=2553 comm="syz.3.769" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 70.403868][ T36] audit: type=1400 audit(1750374306.570:20276): avc: denied { mounton } for pid=2553 comm="syz.3.769" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 70.427128][ T36] audit: type=1400 audit(1750374306.570:20277): avc: denied { read write } for pid=2554 comm="syz.1.768" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 70.450471][ T36] audit: type=1400 audit(1750374306.580:20278): avc: denied { read write } for pid=290 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 75.964394][ T36] kauditd_printk_skb: 69 callbacks suppressed [ 75.964410][ T36] audit: type=1400 audit(1750374312.290:20348): avc: denied { execmem } for pid=2576 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 76.004358][ T36] audit: type=1400 audit(1750374312.300:20349): avc: denied { read } for pid=2578 comm="syz.0.776" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 76.051295][ T36] audit: type=1400 audit(1750374312.320:20350): avc: denied { read write } for pid=2577 comm="syz.1.777" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 76.088387][ T36] audit: type=1400 audit(1750374312.320:20351): avc: denied { write } for pid=281 comm="syz-executor" path="pipe:[2743]" dev="pipefs" ino=2743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 76.113456][ T36] audit: type=1400 audit(1750374312.320:20352): avc: denied { write } for pid=281 comm="syz-executor" path="pipe:[2743]" dev="pipefs" ino=2743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 76.137364][ T36] audit: type=1400 audit(1750374312.320:20353): avc: denied { write } for pid=281 comm="syz-executor" path="pipe:[2743]" dev="pipefs" ino=2743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 76.177538][ T36] audit: type=1400 audit(1750374312.320:20354): avc: denied { write } for pid=281 comm="syz-executor" path="pipe:[2743]" dev="pipefs" ino=2743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 76.207805][ T36] audit: type=1400 audit(1750374312.320:20355): avc: denied { write } for pid=281 comm="syz-executor" path="pipe:[2743]" dev="pipefs" ino=2743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=0 [ 76.231255][ T36] audit: type=1400 audit(1750374312.320:20356): avc: denied { read } for pid=2577 comm="syz.1.777" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 76.254236][ T36] audit: type=1400 audit(1750374312.320:20357): avc: denied { read } for pid=2580 comm="syz.3.778" name="binder1" dev="binder" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 76.281091][ T12] bridge_slave_1: left allmulticast mode [ 76.286826][ T12] bridge_slave_1: left promiscuous mode [ 76.292586][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.300066][ T12] bridge_slave_0: left allmulticast mode [ 76.306198][ T12] bridge_slave_0: left promiscuous mode [ 76.312289][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.463113][ T12] veth1_macvtap: left promiscuous mode [ 76.468611][ T12] veth0_vlan: left promiscuous mode [ 76.673901][ T12] bridge_slave_1: left allmulticast mode [ 76.679556][ T12] bridge_slave_1: left promiscuous mode [ 76.685264][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.692740][ T12] bridge_slave_0: left allmulticast mode [ 76.698372][ T12] bridge_slave_0: left promiscuous mode [ 76.704149][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.712189][ T12] bridge_slave_1: left allmulticast mode [ 76.717833][ T12] bridge_slave_1: left promiscuous mode [ 76.723540][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.730898][ T12] bridge_slave_0: left allmulticast mode [ 76.736701][ T12] bridge_slave_0: left promiscuous mode [ 76.742355][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.925971][ T12] veth1_macvtap: left promiscuous mode [ 76.931484][ T12] veth0_vlan: left promiscuous mode [ 76.937025][ T12] veth1_macvtap: left promiscuous mode [ 76.942575][ T12] veth0_vlan: left promiscuous mode