last executing test programs: 21.27205149s ago: executing program 0 (id=1828): mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext']) (async) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x220800, 0x81) openat$cgroup_ro(r0, &(0x7f0000000080)='freezer.self_freezing\x00', 0x0, 0x0) 21.215662082s ago: executing program 0 (id=1830): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x20a300, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) read(r0, 0x0, 0x0) 21.183467902s ago: executing program 0 (id=1833): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x202c00, 0x0) (async) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x121400, 0x0) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40402, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1db102, 0x0) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x2}) (async) write$cgroup_devices(r2, &(0x7f0000002d80)=ANY=[], 0xffdd) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000005c0)=ANY=[@ANYBLOB="01000000000000ffffffffffffff"]) (async) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x2) openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/cgroup.procs\x00', 0x62c3, 0x150) (async) ioctl$GIO_UNISCRNMAP(r1, 0x4b69, 0x0) (async) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_debug_messages', 0x103002, 0x107) write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000002c80)={0x30}, 0x30) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2542, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) write$tcp_congestion(r7, &(0x7f0000000100)='bic\x00', 0x4) (async) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$RTC_SET_TIME(r10, 0x4024700a, 0x0) (async) r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r9, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @ioapic={0x4000, 0x0, 0x100, 0x2, 0x0, [{0x5d, 0x8, 0x2, '\x00', 0xb2}, {0x8, 0xe, 0x9, '\x00', 0x6}, {0xfb, 0xff, 0x5, '\x00', 0x8}, {0x0, 0xc, 0x8, '\x00', 0x8}, {0x5, 0x3, 0xb, '\x00', 0x86}, {0x7, 0x3, 0x0, '\x00', 0x8c}, {0x10, 0x27, 0x4, '\x00', 0xf9}, {0x7, 0x1, 0x1, '\x00', 0x58}, {0x8, 0x3, 0x1, '\x00', 0xd}, {0xf7, 0x8a, 0x8, '\x00', 0x81}, {0x4, 0xc, 0x6, '\x00', 0xd}, {0xde, 0x9, 0x7, '\x00', 0x4}, {0x8, 0xf, 0x8, '\x00', 0x9}, {0x4, 0x4, 0x82, '\x00', 0xfd}, {0x44, 0x7c, 0x7, '\x00', 0x10}, {0x7, 0x4, 0xc, '\x00', 0x5}, {0x3, 0x9, 0x5, '\x00', 0x2}, {0x6, 0x43, 0x35, '\x00', 0xc}, {0x7, 0x7, 0x18, '\x00', 0x2}, {0x9, 0x40, 0xa, '\x00', 0x40}, {0x5, 0x5, 0x18, '\x00', 0xa}, {0x7, 0x0, 0x0, '\x00', 0x4}, {0xfd, 0x9, 0xc3, '\x00', 0x4}, {0x81, 0x5b, 0x2}]}}) (async) ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000000)={[0x34, 0x6, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x10, 0x800008001], 0xeeee8000, 0x3c4210}) (async) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async) syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 21.073042764s ago: executing program 0 (id=1837): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000004140)={0x0, 0x1, 0x2, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000000), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) syz_clone3(&(0x7f00000000c0)={0x200000400, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d73797374656d5f75dd47d0b90b893a03ffdf"]) ioctl$BLKFRAGET(r1, 0x1265, 0x0) read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r7, 0xc008ae05, &(0x7f0000000080)) ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000004180)=0x2) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x400000f4, 0x0, 0x9}]}) ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000004100)={0x0, 0x3, 0x1b}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x32}, @fda={0x66646185, 0x3fffffffffffffff, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) 20.982503435s ago: executing program 0 (id=1840): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'vxcan1\x00', 0x7c2}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) read(r1, &(0x7f00000001c0)=""/12, 0xc) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1000, 0x2}) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x303d00, 0x120) mkdirat(r2, &(0x7f0000000180)='./file0\x00', 0x177) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r3, &(0x7f0000000680)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000001140)}}, 0x120) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000400)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, &(0x7f0000000500)}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r4, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20.891596467s ago: executing program 0 (id=1844): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000008, 0x12, r1, 0x2b09d000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x2}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)={0x30, 0x30, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0xbfd3d37869228228, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x4}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000580001c0"]) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92, 0x80a0000}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r11, 0x4188aea7, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000000000000700000000000020810000000000000058"]) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x45809000) 12.086817753s ago: executing program 3 (id=1878): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000180)='pids.current\x00', 0x300, 0x0) read$FUSE(r2, &(0x7f000001aa80)={0x2020}, 0x2020) (async, rerun: 64) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async, rerun: 64) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async, rerun: 64) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (rerun: 64) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3f) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x17a, 0x0, 0x8000000000000002}]}) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) (async) r7 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101102, 0x0) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r7}}, 0x58) (async, rerun: 32) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 32) ioctl$VHOST_GET_FEATURES(r8, 0x8008af00, &(0x7f0000000300)) r9 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r9, 0xfff) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x230002, 0x0) 10.617205286s ago: executing program 2 (id=1880): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000061050000000000180900000000000000"]) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000400)=ANY=[@ANYBLOB="01000000000000008b00000400000000fffeffffffffffff"]) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="01000002000000009e00000000040800000000000014197f11f4ee4c3d23cbe246fe36bcb3e0b526c09afb81929e562c9ee0196c61e2eaf50e17d7967d9bc41e4d73f958975672fe8ce769fa12331a0168d3cc6ac3bcb0b40600437c844f4918a45f18a24f6202a9dcb40314e1dba3cba28b342c6c8b65d6db476d21123a0ff3ded41534aabc1768b569f8e80b18196fbd49a20f1cfbf89d0dbbc50099a3a85370c803b712827e8faef36d"]) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_FREEZE(r5, 0x400c620e, &(0x7f00000002c0)={0x0, 0x0, 0x6}) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x121400, 0x0) ioctl$TIOCSLCKTRMIOS(r7, 0x5457, 0x0) ioctl$KVM_SET_IRQCHIP(r6, 0x4020aeb2, &(0x7f0000000800)={0x0, 0x0, @ioapic={0x8000000, 0xe0000, 0x9, 0x3, 0x0, [{0x2, 0x3, 0x5, '\x00', 0x7}, {0xd, 0x7, 0x96, '\x00', 0x3}, {0xff, 0xf2, 0x3, '\x00', 0x5}, {0x17, 0xf8, 0x4, '\x00', 0xf4}, {0x5, 0xd, 0x4, '\x00', 0x9}, {0x5b, 0xc, 0xb, '\x00', 0x8}, {0xb0, 0x1, 0x3, '\x00', 0x1}, {0x7, 0x5, 0x93, '\x00', 0xfd}, {0x1, 0x1, 0x5}, {0x75, 0x81, 0xd, '\x00', 0x7}, {0x0, 0x7, 0xb, '\x00', 0x4}, {0x0, 0x0, 0x0, '\x00', 0x9}, {0x2, 0x26, 0x7b, '\x00', 0xb}, {0xb, 0x6, 0x3}, {0x5, 0x10, 0x22, '\x00', 0xc}, {0xe, 0x1, 0x8, '\x00', 0x82}, {0x5, 0x2, 0xa6, '\x00', 0x9}, {0xf, 0xd, 0x9, '\x00', 0x68}, {0x8, 0x5, 0xf2, '\x00', 0x1}, {0x5, 0x8, 0x1, '\x00', 0x3}, {0xc, 0x7, 0x0, '\x00', 0x7}, {0x6, 0xa1, 0x4}, {0xf9, 0x70, 0xe, '\x00', 0x1c}, {0x76, 0x1, 0xff, '\x00', 0x10}]}}) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r9 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$selinux_attr(r9, 0x0, 0x500) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x5204) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@binder={0x73622a85, 0x1101, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0xfffffffffffffd0d, 0x0, 0x10}, @fda={0x66646185, 0x8, 0x1, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 10.616498856s ago: executing program 3 (id=1881): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x64, 0x0, &(0x7f0000000140)=[@increfs_done={0x40106308, 0x1}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000040)={@flat=@binder={0x73622a85, 0x1, 0x1}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x9, 0x81, 0x34}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x40}, @register_looper], 0x0, 0x0, 0x0}) 9.166542668s ago: executing program 1 (id=1882): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2], 0x8080000, 0x1144}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000280)=0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) 9.165987188s ago: executing program 2 (id=1883): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x201, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000540)={0x2, 0x0, [{0xbe2, 0x0, 0x800}, {0x240, 0x0, 0x3}]}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) close(0x3) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil}) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"]) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_LAPIC(r9, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) close_range(r4, r4, 0x2) 9.165491328s ago: executing program 3 (id=1884): r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x44001, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000f00)={'binder0\x00'}) 7.545133463s ago: executing program 1 (id=1885): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000080)={0xdc}) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) read(r0, &(0x7f0000000000)=""/175, 0xfffffe14) 7.544229983s ago: executing program 2 (id=1886): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x1000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) (async) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async, rerun: 32) r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 32) ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000d2c6100b33159be00000000000000000002612"]) (async) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000080)={0xcc92}) r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x86df038428ab1633, 0x10) (async, rerun: 64) r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) read(r5, &(0x7f00000003c0)=""/18, 0x12) (async) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x100010, r6, 0xa48a2000) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0xa}) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async, rerun: 32) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x440201, 0x0) (rerun: 32) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000066a4d564b00"/24]) (async, rerun: 64) r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (rerun: 64) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000018010040"]) (async) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0xfffffffffffffdfb, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0}) 7.486165794s ago: executing program 3 (id=1887): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) read$FUSE(0xffffffffffffffff, &(0x7f0000002540)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000300)={0x1, 0x0, [{0xc0010113, 0x0, 0x7}]}) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs\x00', &(0x7f0000001e00), 0x800000, &(0x7f0000000040)={[{@max={'max', 0x3d, 0x1}}], [{@dont_appraise}, {@smackfshat={'smackfshat', 0x3d, '^'}}, {@fowner_gt={'fowner>', r0}}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) 5.80753245s ago: executing program 1 (id=1888): r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x2, 0x12, r0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000140)={0x1200000, 0x5, 0xd902, 0x5, 0x4}) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x12, 0x12, 0xc, 0x4c, 0x8, 0x20048000, 0x4, 0x0, 0x1}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000280)={0x0, 0x3, 0x0, 0x1000, &(0x7f00003fb000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{}, {0x0, 0x0, 0x9}, {0xeeee8000, 0x0, 0xa, 0xfd}, {0x1}, {0xdddd1000, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2, 0xb}, {0x0, 0x0, 0x0, 0x0, 0x3e, 0x26, 0x0, 0x0, 0x0, 0xfd}, {0x0, 0x4}, {}, {}, 0xddf8ffdb, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x8080000, [0xffffffffffffffff, 0x0, 0x8]}) ioctl$KVM_TRANSLATE(r5, 0xc018ae85, &(0x7f0000000040)) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x18a, 0x200000002000}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xe05, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda65083404bd7ab227f68e18cd87541bf069bde649a0b9ef1346a748d794685339973d6b59dcbe74a3caf48f4628eedfcd6900c56746f017f0845fea8c95ac7b2a4ff90940f98a163afc082ef6de72f5fddf056e5fe2d42a173f7fd5f6100933a38fad6"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) r7 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000280)={0x7, 0x0, [{0x80000001, 0x1, 0x8000, 0x2, 0x8}, {0x2, 0x1000, 0x4, 0x6, 0x7}, {0x6, 0x40, 0x6, 0xffff, 0x81}, {0xa, 0xb99, 0x9, 0x3, 0x1}, {0x80000007, 0xb, 0x0, 0x707ab59f, 0x5}, {0xa, 0x1e, 0x9, 0x5, 0x8}, {0x80000017, 0xbe, 0x5, 0x1, 0x72}]}) r8 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x109102, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r8, 0xc018620b, &(0x7f0000000080)={0x2}) read$FUSE(r8, &(0x7f00000004c0)={0x2020}, 0x2020) write$FUSE_INIT(r8, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 3.995778528s ago: executing program 2 (id=1889): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x2015, 0x100000000000}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000280)={0x18, 0x0, &(0x7f0000000180)=[@increfs, @clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_other={0x0, 0xffff7fff, 0x100000000, &(0x7f00000000c0)=0xc}) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f00000021c0)={[], [{@context={'context', 0x3d, 'system_u'}}]}) 3.943926659s ago: executing program 3 (id=1890): ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0x0, 0xeeee0000}) ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000280)=0x3) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x40000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x5000aea5, &(0x7f0000000080)=ANY=[]) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r7, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0xd1383000) mmap(&(0x7f00003b3000/0x4000)=nil, 0x4000, 0x1000007, 0x13, r6, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0x280, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r6, 0x0) 2.082835398s ago: executing program 1 (id=1891): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x44, 0x0, &(0x7f0000000300)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000380)="e1c194c07314197567609163a955a737cfdca424e4fc4ea388b431c78b32749341c73f7b7c51446e6bbf7f1de6a8ca5eb7372e3b24ef390ae15b6574683711fa3caff8f4fb3d0ca15b91526634d34eb3"}) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/reserved_size', 0x0, 0x83) prctl$PR_GET_NAME(0x10, &(0x7f0000000cc0)=""/142) read$FUSE(r1, &(0x7f0000001040)={0x2020}, 0x2020) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000240)={{0x1, 0x2, 0xfb, 0x3, 0x6}, 0x3, 0x3, 0x10001}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) 2.072624638s ago: executing program 2 (id=1892): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/255, 0xff, 0x0, 0x33}, @flat=@weak_handle={0x77682a85, 0x0, 0x3}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) 2.051438128s ago: executing program 3 (id=1893): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r7, 0x4008af60, 0x0) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYRES64=r3]) openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x12200, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x24, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000340)={@ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/49, 0x31, 0x0, 0xf473}, @ptr={0x70742a85, 0x0, &(0x7f00000003c0)=""/237, 0x0, 0x1, 0x34}, @fda={0x66646185, 0x2, 0x80000000000002, 0x2d}}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0}) 2.050909948s ago: executing program 1 (id=1894): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8c01, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$UHID_DESTROY(r1, &(0x7f0000000100), 0x4) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) read(r3, 0x0, 0xb) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) write$vga_arbiter(r4, &(0x7f0000000040)=@other={'decodes', ' ', 'mem'}, 0xc) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000000000000ce"]) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000040), 0x4800, &(0x7f0000000000)=ANY=[@ANYBLOB='fscontext?}']) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r10, 0x4018aee3, &(0x7f0000000200)=@attr_other={0x0, 0x5, 0x8, &(0x7f00000001c0)=0x2}) 270.6µs ago: executing program 1 (id=1895): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)=')}%!:\xb9+\x00') openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d80), 0x4d8182) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000083}]}) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_VDPA_GET_CONFIG(r5, 0x8008af73, &(0x7f0000000080)={0x0, 0x2e, ""/46}) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) (async) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)=')}%!:\xb9+\x00') (async) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d80), 0x4d8182) (async) openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000083}]}) (async) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) ioctl$VHOST_VDPA_GET_CONFIG(r5, 0x8008af73, &(0x7f0000000080)={0x0, 0x2e, ""/46}) (async) 0s ago: executing program 2 (id=1896): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) read$FUSE(r1, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(r2, &(0x7f0000000240)='system_u:object_r:auditd_etc_t:s0\x00', 0x82b4232358c9beab) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts. [ 20.741238][ T36] audit: type=1400 audit(1750359512.509:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.742361][ T281] cgroup: Unknown subsys name 'net' [ 20.764005][ T36] audit: type=1400 audit(1750359512.509:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.791206][ T36] audit: type=1400 audit(1750359512.539:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.791389][ T281] cgroup: Unknown subsys name 'devices' [ 20.990416][ T281] cgroup: Unknown subsys name 'hugetlb' [ 20.996001][ T281] cgroup: Unknown subsys name 'rlimit' [ 21.189201][ T36] audit: type=1400 audit(1750359512.959:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.212398][ T36] audit: type=1400 audit(1750359512.959:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.237179][ T36] audit: type=1400 audit(1750359512.959:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.245230][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 21.268979][ T36] audit: type=1400 audit(1750359513.039:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.294426][ T36] audit: type=1400 audit(1750359513.039:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.323285][ T36] audit: type=1400 audit(1750359513.089:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.348864][ T36] audit: type=1400 audit(1750359513.089:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.348888][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.121664][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.128802][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.135852][ T291] bridge_slave_0: entered allmulticast mode [ 22.142140][ T291] bridge_slave_0: entered promiscuous mode [ 22.152990][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.160035][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.167078][ T291] bridge_slave_1: entered allmulticast mode [ 22.173363][ T291] bridge_slave_1: entered promiscuous mode [ 22.179490][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.186509][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.193619][ T289] bridge_slave_0: entered allmulticast mode [ 22.199943][ T289] bridge_slave_0: entered promiscuous mode [ 22.214121][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.221236][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.228300][ T289] bridge_slave_1: entered allmulticast mode [ 22.234670][ T289] bridge_slave_1: entered promiscuous mode [ 22.252961][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.260121][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.267199][ T288] bridge_slave_0: entered allmulticast mode [ 22.273467][ T288] bridge_slave_0: entered promiscuous mode [ 22.287222][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.294308][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.301456][ T288] bridge_slave_1: entered allmulticast mode [ 22.307609][ T288] bridge_slave_1: entered promiscuous mode [ 22.339696][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.346731][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.353912][ T290] bridge_slave_0: entered allmulticast mode [ 22.360201][ T290] bridge_slave_0: entered promiscuous mode [ 22.369673][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.376700][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.383772][ T290] bridge_slave_1: entered allmulticast mode [ 22.389958][ T290] bridge_slave_1: entered promiscuous mode [ 22.498926][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.505971][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.513304][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.520355][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.532098][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.539155][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.546401][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.553437][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.568256][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.575328][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.582608][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.589722][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.597903][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.604977][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.612252][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.619284][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.669642][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.676917][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.684513][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.692280][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.700126][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.707307][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.720765][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.727803][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.740377][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.747409][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.763225][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.770279][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.781401][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.788440][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.799987][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.807025][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.820051][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.827099][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.854670][ T289] veth0_vlan: entered promiscuous mode [ 22.874332][ T289] veth1_macvtap: entered promiscuous mode [ 22.892323][ T291] veth0_vlan: entered promiscuous mode [ 22.905462][ T290] veth0_vlan: entered promiscuous mode [ 22.918248][ T288] veth0_vlan: entered promiscuous mode [ 22.930754][ T291] veth1_macvtap: entered promiscuous mode [ 22.946118][ T289] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 22.966653][ T290] veth1_macvtap: entered promiscuous mode [ 22.999774][ T288] veth1_macvtap: entered promiscuous mode [ 23.048678][ T313] binder: Binderfs stats mode cannot be changed during a remount [ 23.060247][ T315] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 23.081332][ T318] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.114113][ T318] binder: Bad value for 'stats' [ 23.294378][ T333] ======================================================= [ 23.294378][ T333] WARNING: The mand mount option has been deprecated and [ 23.294378][ T333] and is ignored by this kernel. Remove the mand [ 23.294378][ T333] option from the mount to silence this warning. [ 23.294378][ T333] ======================================================= [ 23.329696][ T333] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 23.670740][ T339] kvm: kvm [338]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x3032 [ 23.681208][ T339] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 23.681256][ T339] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:12 [ 23.752593][ T347] input: syz0 as /devices/virtual/input/input4 [ 23.853478][ T353] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:7 [ 23.867695][ T356] binder: Unknown parameter 'processor : 0 [ 23.867695][ T356] vendor_id : GenuineIntel [ 23.867695][ T356] cpu family : 6 [ 23.867695][ T356] model : 79 [ 23.867695][ T356] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 23.867695][ T356] stepping : 0 [ 23.867695][ T356] microcode : 0xffffffff [ 23.867695][ T356] cpu MHz : 2200.202 [ 23.867695][ T356] cache size : 56320 KB [ 23.867695][ T356] physical id : 0 [ 23.867695][ T356] siblings : 2 [ 23.867695][ T356] core id : 0 [ 23.867695][ T356] cpu cores : 1 [ 23.867695][ T356] apicid : 0 [ 23.867695][ T356] initial apicid : 0 [ 23.867695][ T356] fpu : yes [ 23.867695][ T356] fpu_exception : yes [ 23.867695][ T356] cpuid level : 13 [ 23.867695][ T356] wp : yes [ 23.867695][ T356] flags : fpu vme de pse tsc msr pae mce cx8 apic se' [ 23.870981][ T353] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=320745794 (2565966352 ns) > initial count (325012024 ns). Using initial count to start timer. [ 23.980125][ T353] rust_binder: Read failure Err(EFAULT) in pid:7 [ 24.061252][ T362] rust_binder: Error in use_page_slow: ESRCH [ 24.061276][ T362] rust_binder: use_range failure ESRCH [ 24.067340][ T362] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 24.073107][ T362] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 24.081684][ T362] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:19 [ 24.340145][ T377] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 24.560936][ T382] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 24.661189][ T384] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 24.661210][ T384] rust_binder: Read failure Err(EFAULT) in pid:14 [ 24.806493][ T393] binder: Unknown parameter '00000000000000000005' [ 24.887254][ T31] hid-generic C98F:0072:0000.0001: unknown main item tag 0x0 [ 24.895946][ T31] hid-generic C98F:0072:0000.0001: unknown main item tag 0x0 [ 24.906989][ T31] hid-generic C98F:0072:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 24.992477][ T405] input: syz1 as /devices/virtual/input/input5 [ 25.252049][ T423] rust_binder: Write failure EINVAL in pid:23 [ 25.285974][ T422] deleting an unspecified loop device is not supported. [ 25.349118][ T434] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:27 [ 25.349455][ T435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:27 [ 25.427078][ T445] binder: Unknown parameter '' [ 25.529637][ T451] SELinux: failed to load policy [ 25.606421][ T458] input: syz1 as /devices/virtual/input/input6 [ 25.629546][ T458] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 25.636804][ T458] rust_binder: Write failure EINVAL in pid:43 [ 25.699334][ T464] rust_binder: Write failure EFAULT in pid:36 [ 25.706666][ T464] rust_binder: Got transaction with invalid offset. [ 25.711364][ T471] rust_binder: Failed to allocate buffer. len:1144, is_oneway:true [ 25.716302][ T464] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.727497][ T464] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:36 [ 25.728178][ T471] rust_binder: Write failure EFAULT in pid:47 [ 25.751917][ T471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:47 [ 25.792095][ T473] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 25.817005][ T475] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 25.826693][ T476] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 25.908637][ T36] kauditd_printk_skb: 84 callbacks suppressed [ 25.908652][ T36] audit: type=1400 audit(1750359517.679:158): avc: denied { map } for pid=487 comm="syz.2.61" path="/dev/ptmx" dev="devtmpfs" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1 [ 25.972726][ T36] audit: type=1400 audit(1750359517.739:159): avc: denied { map } for pid=487 comm="syz.2.61" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.018241][ T495] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 26.018262][ T495] rust_binder: Error while translating object. [ 26.027119][ T495] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.033381][ T495] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:50 [ 26.057416][ T497] __vm_enough_memory: pid: 497, comm: syz.2.64, bytes: 281474976845824 not enough memory for the allocation [ 26.057594][ T36] audit: type=1400 audit(1750359517.819:160): avc: denied { write } for pid=496 comm="syz.2.64" name="hwrng" dev="devtmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 26.131436][ T500] rust_binder: Write failure EFAULT in pid:54 [ 26.251771][ T502] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 26.257906][ T502] rust_binder: Error in use_page_slow: EBUSY [ 26.268318][ T502] rust_binder: use_range failure EBUSY [ 26.274326][ T502] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 26.279838][ T502] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 26.287490][ T502] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 26.296806][ T502] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:34 [ 26.335016][ T36] audit: type=1400 audit(1750359518.099:161): avc: denied { block_suspend } for pid=512 comm="syz.1.69" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 26.368284][ T513] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 26.368305][ T513] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 26.376976][ T513] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:37 [ 26.397318][ T522] rust_binder: Error while translating object. [ 26.407103][ T522] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.413688][ T522] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:55 [ 26.466228][ T530] __vm_enough_memory: pid: 530, comm: syz.3.73, bytes: 281474976845824 not enough memory for the allocation [ 26.507050][ T532] rust_binder: Error while translating object. [ 26.507084][ T532] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.514505][ T534] binder: Unknown parameter '0000000000000000000001777777777777777777777' [ 26.514612][ T532] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:71 [ 26.527994][ T36] audit: type=1400 audit(1750359518.299:162): avc: denied { write } for pid=533 comm="syz.1.75" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 26.564631][ T36] audit: type=1400 audit(1750359518.299:163): avc: denied { read write } for pid=533 comm="syz.1.75" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 26.586266][ T534] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.587402][ T534] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:41 [ 26.599362][ T36] audit: type=1400 audit(1750359518.299:164): avc: denied { open } for pid=533 comm="syz.1.75" path="/dev/ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 26.631203][ T36] audit: type=1400 audit(1750359518.299:165): avc: denied { ioctl } for pid=533 comm="syz.1.75" path="/dev/ppp" dev="devtmpfs" ino=86 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 26.655448][ T36] audit: type=1400 audit(1750359518.349:166): avc: denied { map } for pid=533 comm="syz.1.75" path="/dev/ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 26.742450][ T545] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 26.742471][ T545] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 26.750214][ T545] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 26.959675][ T556] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:46 [ 27.094846][ T566] rust_binder: Error while translating object. [ 27.104059][ T566] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 27.110403][ T566] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70 [ 27.213458][ T574] binder: Unknown parameter 'defcontext01777777777777777777777' [ 27.216608][ T575] binder: Bad value for 'defcontext' [ 27.226827][ T577] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:60 [ 27.244432][ T577] rust_binder: Write failure EINVAL in pid:60 [ 27.268899][ T579] binder: Bad value for 'max' [ 27.388885][ T591] rust_binder: Write failure EFAULT in pid:84 [ 27.459127][ T599] input: syz1 as /devices/virtual/input/input9 [ 27.493434][ T597] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 27.508821][ T597] rust_binder: Write failure EINVAL in pid:65 [ 27.645916][ T606] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 27.652132][ T606] rust_binder: Error while translating object. [ 27.662700][ T606] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 27.668953][ T606] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:88 [ 27.699836][ T609] rust_binder: Write failure EFAULT in pid:90 [ 27.790417][ T36] audit: type=1400 audit(1750359519.559:167): avc: denied { append } for pid=614 comm="syz.0.101" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 27.798716][ T615] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 27.819804][ T615] rust_binder: Error in use_page_slow: EBUSY [ 27.830989][ T615] rust_binder: use_range failure EBUSY [ 27.837314][ T615] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 27.843155][ T615] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 27.851416][ T615] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 27.862326][ T615] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:89 [ 27.917654][ T628] rust_binder: Error while translating object. [ 27.926070][ T628] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 27.932510][ T628] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:66 [ 27.954906][ T632] __vm_enough_memory: pid: 632, comm: syz.3.107, bytes: 281474976845824 not enough memory for the allocation [ 27.983344][ T634] binder: Unknown parameter 'fscontext?}' [ 28.048672][ T640] SELinux: security_context_str_to_sid (system_uGй :) failed with errno=-22 [ 28.104519][ T650] rust_binder: Write failure EFAULT in pid:73 [ 28.150447][ T658] rust_binder: Write failure EINVAL in pid:92 [ 28.156842][ T657] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 28.156842][ T658] rust_binder: Write failure EINVAL in pid:92 [ 28.156855][ T657] rust_binder: Read failure Err(EFAULT) in pid:92 [ 28.217613][ T655] rust_binder: Write failure EFAULT in pid:101 [ 28.227731][ T663] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.246923][ T663] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 28.265729][ T663] rust_binder: Error while translating object. [ 28.278260][ T666] SELinux: security_context_str_to_sid (sytem_uGй :0x000000000000000000000000000000000000003) failed with errno=-22 [ 28.297897][ T663] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 28.297935][ T663] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:97 [ 28.382508][ T669] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.417127][ T669] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.424014][ T669] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 28.439261][ T669] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 28.479918][ T675] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:77 [ 28.528894][ T685] binder: Binderfs stats mode cannot be changed during a remount [ 28.577444][ T688] rust_binder: Write failure EFAULT in pid:81 [ 28.688395][ T698] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 28.866941][ T707] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:124 [ 28.867011][ T707] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.876695][ T707] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 28.883333][ T707] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:124 [ 29.700973][ T738] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 29.781576][ T748] rust_binder: Error while translating object. [ 29.781601][ T748] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.797973][ T748] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:130 [ 30.048696][ T754] input: syz0 as /devices/virtual/input/input12 [ 30.079369][ T311] udevd[311]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory [ 30.164346][ T770] binder: Unknown parameter 'context' [ 30.168354][ T759] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.170441][ T759] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 30.178763][ T314] hid-generic 0000:0000:0000.0002: item fetching failed at offset 0/1 [ 30.196694][ T759] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:105 [ 30.197433][ T759] input: syz1 as /devices/virtual/input/input13 [ 30.228929][ T314] hid-generic 0000:0000:0000.0002: probe with driver hid-generic failed with error -22 [ 30.511858][ T793] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 30.572430][ T794] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 30.572454][ T794] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 30.580337][ T794] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 30.609247][ T803] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.689743][ T804] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.698602][ T804] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:106 [ 30.721918][ T808] rust_binder: Error while translating object. [ 30.731228][ T808] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 30.737468][ T808] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:112 [ 30.771546][ T810] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 30.812501][ T816] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 30.827139][ T816] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 30.835642][ T816] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 30.846122][ T816] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 30.854422][ T816] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 30.862728][ T816] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 30.871061][ T816] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 31.047326][ T36] kauditd_printk_skb: 17 callbacks suppressed [ 31.047341][ T36] audit: type=1326 audit(1750359522.809:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=837 comm="syz.1.172" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6419f8e929 code=0x0 [ 31.228807][ T842] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 31.877064][ T869] rust_binder: Write failure EINVAL in pid:186 [ 31.899757][ T873] input: syz1 as /devices/virtual/input/input14 [ 31.920771][ T871] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.920818][ T871] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.058349][ T892] rust_binder: Write failure EFAULT in pid:197 [ 32.107564][ T36] audit: type=1400 audit(1750359523.869:186): avc: denied { map } for pid=898 comm="syz.2.193" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 32.154118][ T904] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 32.205581][ T908] Bluetooth: hci0: Frame reassembly failed (-84) [ 32.220308][ T292] Bluetooth: hci0: Frame reassembly failed (-84) [ 32.416689][ T915] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.416708][ T915] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.427988][ T915] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.449886][ T920] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:204 [ 32.457498][ T920] rust_binder: Read failure Err(EFAULT) in pid:204 [ 32.470059][ T920] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 32.720171][ T938] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 32.766918][ T947] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 32.774869][ T947] rust_binder: Read failure Err(EFAULT) in pid:213 [ 32.862306][ T36] audit: type=1400 audit(1750359524.629:187): avc: denied { append } for pid=952 comm="syz.3.207" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 32.940018][ T955] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.091523][ T959] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.098311][ T959] rust_binder: Error while translating object. [ 33.104964][ T959] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.111342][ T959] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:222 [ 33.158008][ T963] rust_binder: Write failure EFAULT in pid:153 [ 33.158772][ T961] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 136, size: 89) [ 33.174343][ T961] rust_binder: Error while translating object. [ 33.184840][ T961] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.191902][ T961] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:224 [ 33.214838][ T967] binder: Unknown parameter '00000000000000000000' [ 33.266774][ T974] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.266849][ T974] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.515148][ T995] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.522070][ T995] rust_binder: Write failure EINVAL in pid:237 [ 33.667011][ T998] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.676438][ T998] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:240 [ 33.756727][ T1007] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.766630][ T1008] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.789180][ T1012] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.796382][ T1012] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.956305][ T1030] rust_binder: Write failure EFAULT in pid:265 [ 34.126223][ T1036] binder: Unknown parameter 'non' [ 34.147862][ T1038] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 34.147890][ T1038] rust_binder: Read failure Err(EFAULT) in pid:166 [ 34.179677][ T36] audit: type=1326 audit(1750359525.949:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1039 comm="syz.0.237" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d6618e929 code=0x0 [ 34.238568][ T910] Bluetooth: hci0: command 0x1003 tx timeout [ 34.244598][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 34.296777][ T1052] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.296946][ T1052] rust_binder: validate_parent_fixup: new_min_offset=72, sg_entry.length=0 [ 34.303434][ T1052] rust_binder: Error while translating object. [ 34.312139][ T1052] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.318334][ T1052] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:140 [ 34.484347][ T1061] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.607317][ T1065] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.666020][ T1066] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:275 [ 34.709352][ T1068] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 34.836567][ T1071] input: syz1 as /devices/virtual/input/input20 [ 34.877215][ T1071] input: syz0 as /devices/virtual/input/input21 [ 34.886953][ T36] audit: type=1400 audit(1750359526.649:189): avc: denied { relabelfrom } for pid=1070 comm="syz.1.245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 34.906672][ T36] audit: type=1400 audit(1750359526.649:190): avc: denied { relabelto } for pid=1070 comm="syz.1.245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 35.157996][ T1084] rust_binder: Write failure EINVAL in pid:165 [ 35.370920][ T1097] rust_binder: Error while translating object. [ 35.377099][ T1097] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 35.383342][ T1097] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:185 [ 35.415298][ T36] audit: type=1400 audit(1750359527.179:191): avc: denied { attach_queue } for pid=1104 comm="syz.0.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 35.451555][ T1107] binder: Unknown parameter 'non' [ 35.516424][ T1110] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.516764][ T1110] rust_binder: Write failure EINVAL in pid:153 [ 35.535428][ T1112] binder: Bad value for 'defcontext' [ 35.597204][ T1120] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.597265][ T1120] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:172 [ 35.616720][ T1120] rust_binder: Error while translating object. [ 35.626377][ T1120] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.633535][ T1120] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:172 [ 35.647069][ T1124] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:157 [ 35.654304][ T1126] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.666883][ T1127] rust_binder: Error while translating object. [ 35.673496][ T1127] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.680568][ T1126] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.686058][ T1127] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:174 [ 35.694690][ T1126] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.718862][ T1133] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 35.726646][ T1133] rust_binder: Error while translating object. [ 35.737630][ T1133] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.744057][ T1133] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:198 [ 35.761197][ T1129] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 35.780857][ T1137] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:200 [ 35.787186][ T1140] binder: Bad value for 'stats' [ 35.814443][ T1141] binder: Bad value for 'stats' [ 35.838020][ T36] audit: type=1400 audit(1750359527.599:192): avc: denied { remount } for pid=1149 comm="syz.0.271" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 35.894441][ T1155] rust_binder: Read failure Err(EAGAIN) in pid:285 [ 35.895183][ T1150] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 35.923620][ T1158] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.923894][ T1158] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 35.930450][ T1158] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:183 [ 35.968071][ T1160] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.977907][ T1160] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:289 [ 35.985732][ T1160] rust_binder: Error while translating object. [ 36.003242][ T1160] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.011661][ T1160] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:289 [ 36.042191][ T1160] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.090158][ T36] audit: type=1400 audit(1750359527.859:193): avc: denied { execute } for pid=1163 comm="syz.0.276" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 36.206674][ T1180] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 36.247051][ T1185] binder: Unknown parameter '' [ 36.252209][ T1185] binder: Unknown parameter '' [ 36.255729][ T1186] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:195 [ 36.257223][ T1185] binder: Unknown parameter '' [ 36.268991][ T1184] SELinux: security_context_str_to_sid () failed with errno=-22 [ 36.276352][ T1185] binder: Unknown parameter '' [ 36.279380][ T1191] input: syz0 as /devices/virtual/input/input22 [ 36.287026][ T1185] binder: Unknown parameter '' [ 36.290333][ T1191] input: failed to attach handler leds to device input22, error: -6 [ 36.295365][ T1185] binder: Unknown parameter '' [ 36.315615][ T1185] binder: Unknown parameter '' [ 36.320642][ T1185] binder: Unknown parameter '' [ 36.327026][ T1185] binder: Unknown parameter '' [ 36.345650][ T1185] binder: Unknown parameter '' [ 36.355737][ T1185] binder: Unknown parameter '' [ 36.372527][ T1185] binder: Unknown parameter '' [ 36.373060][ T1201] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.381486][ T1185] binder: Unknown parameter '' [ 36.396237][ T1204] __vm_enough_memory: pid: 1204, comm: syz.3.287, bytes: 281474976845824 not enough memory for the allocation [ 36.413737][ T1185] binder: Unknown parameter '' [ 36.419882][ T1185] binder: Unknown parameter '' [ 36.424993][ T1185] binder: Unknown parameter '' [ 36.430414][ T1185] binder: Unknown parameter '' [ 36.435341][ T1185] binder: Unknown parameter '' [ 36.439505][ T1206] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:301 [ 36.441335][ T1206] SELinux: policydb magic number 0x1c7cff8c does not match expected magic number 0xf97cff8c [ 36.443505][ T1185] binder: Unknown parameter '' [ 36.450636][ T1206] SELinux: failed to load policy [ 36.461058][ T1185] binder: Unknown parameter '' [ 36.475502][ T1185] binder: Unknown parameter '' [ 36.480677][ T1185] binder: Unknown parameter '' [ 36.486006][ T1185] binder: Unknown parameter '' [ 36.491151][ T1185] binder: Unknown parameter '' [ 36.497738][ T1185] binder: Unknown parameter '' [ 36.500022][ T1209] binder: Unknown parameter 'coyBLV"i5ntextXqtem_u' [ 36.502952][ T1185] binder: Unknown parameter '' [ 36.515176][ T1185] binder: Unknown parameter '' [ 36.520481][ T1185] binder: Unknown parameter '' [ 36.525407][ T1185] binder: Unknown parameter '' [ 36.531985][ T1185] binder: Unknown parameter '' [ 36.540627][ T1185] binder: Unknown parameter '' [ 36.546484][ T1214] kvm: kvm [1213]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x4000000000000001 [ 36.556965][ T1185] binder: Unknown parameter '' [ 36.564131][ T1185] binder: Unknown parameter '' [ 36.569582][ T1185] binder: Unknown parameter '' [ 36.577099][ T1185] binder: Unknown parameter '' [ 36.585596][ T1214] rust_binder: Error in use_page_slow: ESRCH [ 36.585616][ T1214] rust_binder: use_range failure ESRCH [ 36.595143][ T1185] binder: Unknown parameter '' [ 36.606343][ T1214] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 36.606363][ T1214] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 36.611923][ T1185] binder: Unknown parameter '' [ 36.615468][ T1214] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:309 [ 36.623993][ T1185] binder: Unknown parameter '' [ 36.647806][ T1185] binder: Unknown parameter '' [ 36.652873][ T1185] binder: Unknown parameter '' [ 36.657758][ T1185] binder: Unknown parameter '' [ 36.663208][ T1185] binder: Unknown parameter '' [ 36.668091][ T1185] binder: Unknown parameter '' [ 36.673010][ T1185] binder: Unknown parameter '' [ 36.677945][ T1185] binder: Unknown parameter '' [ 36.683145][ T1185] binder: Unknown parameter '' [ 36.688117][ T1185] binder: Unknown parameter '' [ 36.693108][ T1185] binder: Unknown parameter '' [ 36.698042][ T1185] binder: Unknown parameter '' [ 36.708633][ T1185] binder: Unknown parameter '' [ 36.713555][ T1185] binder: Unknown parameter '' [ 36.728709][ T1185] binder: Unknown parameter '' [ 36.733865][ T1185] binder: Unknown parameter '' [ 36.739196][ T1185] binder: Unknown parameter '' [ 36.744462][ T1185] binder: Unknown parameter '' [ 36.749637][ T1185] binder: Unknown parameter '' [ 36.754685][ T1185] binder: Unknown parameter '' [ 36.760218][ T1185] binder: Unknown parameter '' [ 36.765218][ T1185] binder: Unknown parameter '' [ 36.774875][ T1185] binder: Unknown parameter '' [ 36.780645][ T1185] binder: Unknown parameter '' [ 36.786020][ T1185] binder: Unknown parameter '' [ 36.799233][ T1185] binder: Unknown parameter '' [ 36.807071][ T1185] binder: Unknown parameter '' [ 36.828660][ T1185] binder: Unknown parameter '' [ 36.845652][ T36] audit: type=1400 audit(1750359528.609:194): avc: denied { map } for pid=1228 comm="syz.3.295" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 36.939943][ T1244] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.940327][ T1244] rust_binder: Error in use_page_slow: ESRCH [ 36.946874][ T1244] rust_binder: use_range failure ESRCH [ 36.956809][ T1244] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 36.962499][ T1244] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 36.971574][ T1244] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:321 [ 37.035397][ T1251] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.079548][ T1251] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:200 [ 37.132679][ T1260] binder: Unknown parameter 'fscontext?}' [ 37.235592][ T1264] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 37.235625][ T1264] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:178 [ 37.302229][ T36] audit: type=1326 audit(1750359529.069:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1266 comm="" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd966b8e929 code=0x0 [ 37.686626][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 37.967320][ T1286] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.117733][ T36] audit: type=1326 audit(1750359529.879:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1297 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 38.129035][ T1298] binder: Bad value for 'context' [ 38.148977][ T36] audit: type=1326 audit(1750359529.879:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1297 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 38.176309][ T36] audit: type=1326 audit(1750359529.879:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1297 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 38.200050][ T36] audit: type=1326 audit(1750359529.879:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1297 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 38.223457][ T36] audit: type=1326 audit(1750359529.879:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1297 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 38.246689][ T36] audit: type=1326 audit(1750359529.879:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1297 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 38.270027][ T36] audit: type=1326 audit(1750359529.879:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1297 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 38.732957][ T1333] rust_binder: Error in use_page_slow: ESRCH [ 38.732974][ T1333] rust_binder: use_range failure ESRCH [ 38.739123][ T1333] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 38.744632][ T1333] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 38.753085][ T1333] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:200 [ 38.769493][ T1336] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.781199][ T1338] binder: Unknown parameter 'sats' [ 38.900405][ T1347] tap0: tun_chr_ioctl cmd 2148553947 [ 39.011550][ T1352] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 271) [ 39.011566][ T1352] rust_binder: Error while translating object. [ 39.022195][ T1352] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 39.028359][ T1352] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:205 [ 39.095237][ T1367] binder: Unknown parameter 'defcontext01777777777777777777777' [ 39.277352][ T1379] SELinux: policydb version 905587468 does not match my version range 15-33 [ 39.299092][ T1379] SELinux: failed to load policy [ 39.613040][ T1396] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.639257][ T1391] rtc_cmos 00:00: Alarms can be up to one day in the future [ 39.664351][ T1398] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 39.664385][ T1398] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:236 [ 39.758580][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 39.773817][ T910] Bluetooth: hci0: command 0x1003 tx timeout [ 39.820258][ T314] rtc_cmos 00:00: Alarms can be up to one day in the future [ 39.844214][ T314] rtc_cmos 00:00: Alarms can be up to one day in the future [ 39.861981][ T314] rtc_cmos 00:00: Alarms can be up to one day in the future [ 39.875281][ T1402] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:333 [ 39.888642][ T314] rtc_cmos 00:00: Alarms can be up to one day in the future [ 39.912233][ T1410] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 39.923246][ T292] Bluetooth: hci0: Frame reassembly failed (-84) [ 39.930517][ T314] rtc rtc0: __rtc_set_alarm: err=-22 [ 40.036712][ T1412] binder: Unknown parameter 'context' [ 40.056711][ T1414] binder: Bad value for 'stats' [ 40.181806][ T1421] FAULT_INJECTION: forcing a failure. [ 40.181806][ T1421] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 40.195083][ T1421] CPU: 1 UID: 0 PID: 1421 Comm: syz.0.357 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 40.195112][ T1421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.195125][ T1421] Call Trace: [ 40.195130][ T1421] [ 40.195134][ T1421] __dump_stack+0x21/0x30 [ 40.195155][ T1421] dump_stack_lvl+0x10c/0x190 [ 40.195166][ T1421] ? __cfi_dump_stack_lvl+0x10/0x10 [ 40.195177][ T1421] ? __kasan_check_read+0x15/0x20 [ 40.195188][ T1421] dump_stack+0x19/0x20 [ 40.195198][ T1421] should_fail_ex+0x3d9/0x530 [ 40.195209][ T1421] should_fail_alloc_page+0xeb/0x110 [ 40.195222][ T1421] __alloc_pages_noprof+0x19d/0x6c0 [ 40.195231][ T1421] ? __cfi_memcg1_commit_charge+0x10/0x10 [ 40.195242][ T1421] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 40.195251][ T1421] ? __kasan_check_read+0x15/0x20 [ 40.195261][ T1421] ? __folio_batch_add_and_move+0x2ab/0x370 [ 40.195275][ T1421] ? __cfi_lru_add+0x10/0x10 [ 40.195288][ T1421] ? folio_rotate_reclaimable+0x130/0x130 [ 40.195301][ T1421] ? __kasan_check_read+0x15/0x20 [ 40.195313][ T1421] __folio_alloc_noprof+0x14/0x80 [ 40.195322][ T1421] folio_prealloc+0x46/0x240 [ 40.195335][ T1421] do_pte_missing+0x1603/0x3e50 [ 40.195348][ T1421] ? cgroup_rstat_updated+0x132/0x7f0 [ 40.195359][ T1421] ? pte_marker_clear+0x1b0/0x1b0 [ 40.195371][ T1421] ? __pte_offset_map+0x1b0/0x230 [ 40.195381][ T1421] ? pte_offset_map_rw_nolock+0xba/0x110 [ 40.195391][ T1421] handle_mm_fault+0x1166/0x1b90 [ 40.195403][ T1421] ? __cfi_handle_mm_fault+0x10/0x10 [ 40.195415][ T1421] ? find_vma+0xcd/0x110 [ 40.195426][ T1421] ? lock_mm_and_find_vma+0xb8/0x3a0 [ 40.195437][ T1421] do_user_addr_fault+0x4ca/0x1200 [ 40.195450][ T1421] exc_page_fault+0x59/0xc0 [ 40.195459][ T1421] asm_exc_page_fault+0x2b/0x30 [ 40.195473][ T1421] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 40.195484][ T1421] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 40.195492][ T1421] RSP: 0018:ffffc9000e2277d8 EFLAGS: 00050206 [ 40.195504][ T1421] RAX: ffffffff82a23e01 RBX: ffff888114dc6000 RCX: 0000000000000080 [ 40.195512][ T1421] RDX: 0000000000000000 RSI: ffff888114dc6f80 RDI: 000020000000d000 [ 40.195518][ T1421] RBP: ffffc9000e227940 R08: ffff888114dc6fff R09: 1ffff110229b8dff [ 40.195525][ T1421] R10: dffffc0000000000 R11: ffffed10229b8e00 R12: 000020000000c080 [ 40.195532][ T1421] R13: 000020000000d080 R14: 1ffff92001c44faf R15: 0000000000001000 [ 40.195539][ T1421] ? _copy_to_iter+0x131/0x14b0 [ 40.195552][ T1421] ? _copy_to_iter+0x212/0x14b0 [ 40.195569][ T1421] ? __cfi__copy_to_iter+0x10/0x10 [ 40.195580][ T1421] ? __kasan_check_write+0x18/0x20 [ 40.195590][ T1421] ? folio_mark_accessed+0x18e/0x5c0 [ 40.195602][ T1421] ? is_bpf_text_address+0x17b/0x1a0 [ 40.195615][ T1421] ? __cfi_folio_mark_accessed+0x10/0x10 [ 40.195628][ T1421] copy_page_to_iter+0x20d/0x2f0 [ 40.195640][ T1421] filemap_read+0x93c/0xef0 [ 40.195650][ T1421] ? __cfi_filemap_read+0x10/0x10 [ 40.195659][ T1421] ? __cfi_selinux_file_permission+0x10/0x10 [ 40.195673][ T1421] ? __kasan_check_write+0x18/0x20 [ 40.195682][ T1421] ? proc_fail_nth_write+0x17e/0x210 [ 40.195692][ T1421] blkdev_read_iter+0x303/0x430 [ 40.195706][ T1421] vfs_read+0x53d/0xb60 [ 40.195717][ T1421] ? __cfi_vfs_read+0x10/0x10 [ 40.195728][ T1421] ksys_read+0x141/0x250 [ 40.195738][ T1421] ? __cfi_ksys_read+0x10/0x10 [ 40.195748][ T1421] ? __kasan_check_read+0x15/0x20 [ 40.195757][ T1421] __x64_sys_read+0x7f/0x90 [ 40.195767][ T1421] x64_sys_call+0x2638/0x2ee0 [ 40.195779][ T1421] do_syscall_64+0x58/0xf0 [ 40.195790][ T1421] ? clear_bhb_loop+0x35/0x90 [ 40.195802][ T1421] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 40.195814][ T1421] RIP: 0033:0x7f8d6618e929 [ 40.195825][ T1421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 40.195832][ T1421] RSP: 002b:00007f8d67058038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 40.195841][ T1421] RAX: ffffffffffffffda RBX: 00007f8d663b5fa0 RCX: 00007f8d6618e929 [ 40.195848][ T1421] RDX: 00000000ffffff6c RSI: 0000200000000080 RDI: 000000000000000e [ 40.195854][ T1421] RBP: 00007f8d67058090 R08: 0000000000000000 R09: 0000000000000000 [ 40.195860][ T1421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 40.195865][ T1421] R13: 0000000000000000 R14: 00007f8d663b5fa0 R15: 00007ffe05a04e28 [ 40.195873][ T1421] [ 40.697087][ T1426] rust_binder: Write failure EFAULT in pid:241 [ 40.768666][ T1431] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.775382][ T1431] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 40.820629][ T1435] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 40.839539][ T1435] tun0: tun_chr_ioctl cmd 1074025676 [ 40.844888][ T1435] tun0: owner set to 0 [ 40.849380][ T1435] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.857454][ T1435] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 40.863944][ T1435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:248 [ 41.174856][ T1467] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 41.201060][ T1468] input: syz1 as /devices/virtual/input/input29 [ 41.216214][ T36] kauditd_printk_skb: 13 callbacks suppressed [ 41.216228][ T36] audit: type=1400 audit(1750359532.979:216): avc: denied { map } for pid=1465 comm="syz.3.367" path="/dev/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1 [ 41.417890][ T1483] rust_binder: Error in use_page_slow: ESRCH [ 41.417912][ T1483] rust_binder: use_range failure ESRCH [ 41.424358][ T1483] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 41.431900][ T1483] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 41.440130][ T1483] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:256 [ 41.576962][ T1445] cgroup: fork rejected by pids controller in [ 41.586761][ T1445] /syz0 [ 41.703431][ T1507] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.722784][ T1507] rust_binder: Write failure EINVAL in pid:260 [ 41.786993][ T1510] rust_binder: Write failure EFAULT in pid:262 [ 41.800502][ T1512] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.807271][ T1512] rust_binder: Error in use_page_slow: ESRCH [ 41.813730][ T1512] rust_binder: use_range failure ESRCH [ 41.819773][ T1512] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 41.825782][ T1512] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 41.833898][ T1512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:264 [ 41.918576][ T910] Bluetooth: hci0: command 0x1003 tx timeout [ 41.918572][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 41.955994][ T1521] rust_binder: Error while translating object. [ 41.956021][ T1521] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 41.962365][ T1521] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:233 [ 41.975462][ T1521] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 41.984577][ T1521] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:233 [ 41.994039][ T1521] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 42.003229][ T1521] rust_binder: Read failure Err(EFAULT) in pid:233 [ 42.069908][ T1529] rust_binder: Write failure EINVAL in pid:376 [ 42.180210][ T1537] binder: Unknown parameter 'non' [ 42.186688][ T36] audit: type=1400 audit(1750359533.949:217): avc: denied { ioctl } for pid=1538 comm="syz.1.388" path="/dev/uhid" dev="devtmpfs" ino=199 ioctlcmd=0x9420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 42.272406][ T1544] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 42.472867][ T1552] FAULT_INJECTION: forcing a failure. [ 42.472867][ T1552] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 42.486359][ T1552] CPU: 1 UID: 0 PID: 1552 Comm: syz.1.391 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 42.486391][ T1552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.486402][ T1552] Call Trace: [ 42.486408][ T1552] [ 42.486415][ T1552] __dump_stack+0x21/0x30 [ 42.486439][ T1552] dump_stack_lvl+0x10c/0x190 [ 42.486457][ T1552] ? __cfi_dump_stack_lvl+0x10/0x10 [ 42.486476][ T1552] ? __kasan_check_read+0x15/0x20 [ 42.486495][ T1552] dump_stack+0x19/0x20 [ 42.486512][ T1552] should_fail_ex+0x3d9/0x530 [ 42.486530][ T1552] should_fail_alloc_page+0xeb/0x110 [ 42.486551][ T1552] __alloc_pages_noprof+0x19d/0x6c0 [ 42.486568][ T1552] ? __cfi_memcg1_commit_charge+0x10/0x10 [ 42.486587][ T1552] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 42.486604][ T1552] ? __kasan_check_read+0x15/0x20 [ 42.486621][ T1552] ? __folio_batch_add_and_move+0x2ab/0x370 [ 42.486644][ T1552] ? __cfi_lru_add+0x10/0x10 [ 42.486666][ T1552] ? folio_rotate_reclaimable+0x130/0x130 [ 42.486688][ T1552] ? __kasan_check_read+0x15/0x20 [ 42.486706][ T1552] __folio_alloc_noprof+0x14/0x80 [ 42.486721][ T1552] folio_prealloc+0x46/0x240 [ 42.486744][ T1552] do_pte_missing+0x1603/0x3e50 [ 42.486766][ T1552] ? cgroup_rstat_updated+0x132/0x7f0 [ 42.486786][ T1552] ? pte_marker_clear+0x1b0/0x1b0 [ 42.486808][ T1552] ? __pte_offset_map+0x1b0/0x230 [ 42.486825][ T1552] ? pte_offset_map_rw_nolock+0xba/0x110 [ 42.486843][ T1552] handle_mm_fault+0x1166/0x1b90 [ 42.486866][ T1552] ? __cfi_handle_mm_fault+0x10/0x10 [ 42.486886][ T1552] ? find_vma+0xcd/0x110 [ 42.486906][ T1552] ? lock_mm_and_find_vma+0xb8/0x3a0 [ 42.486926][ T1552] do_user_addr_fault+0x4ca/0x1200 [ 42.486948][ T1552] exc_page_fault+0x59/0xc0 [ 42.486967][ T1552] asm_exc_page_fault+0x2b/0x30 [ 42.486988][ T1552] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 42.487008][ T1552] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 42.487021][ T1552] RSP: 0018:ffffc9000d88f7d8 EFLAGS: 00050206 [ 42.487038][ T1552] RAX: ffffffff82a23e01 RBX: ffff88810fb70000 RCX: 0000000000000080 [ 42.487051][ T1552] RDX: 0000000000000000 RSI: ffff88810fb70f80 RDI: 000020000000e000 [ 42.487063][ T1552] RBP: ffffc9000d88f940 R08: ffff88810fb70fff R09: 1ffff11021f6e1ff [ 42.487076][ T1552] R10: dffffc0000000000 R11: ffffed1021f6e200 R12: 000020000000d080 [ 42.487096][ T1552] R13: 000020000000e080 R14: 1ffff92001b11faf R15: 0000000000001000 [ 42.487110][ T1552] ? _copy_to_iter+0x131/0x14b0 [ 42.487132][ T1552] ? _copy_to_iter+0x212/0x14b0 [ 42.487152][ T1552] ? __cfi__copy_to_iter+0x10/0x10 [ 42.487172][ T1552] ? __kasan_check_write+0x18/0x20 [ 42.487189][ T1552] ? folio_mark_accessed+0x2c1/0x5c0 [ 42.487212][ T1552] ? __cfi_folio_mark_accessed+0x10/0x10 [ 42.487236][ T1552] copy_page_to_iter+0x20d/0x2f0 [ 42.487257][ T1552] filemap_read+0x93c/0xef0 [ 42.487275][ T1552] ? __cfi_filemap_read+0x10/0x10 [ 42.487293][ T1552] ? __cfi_selinux_file_permission+0x10/0x10 [ 42.487316][ T1552] ? __kasan_check_write+0x18/0x20 [ 42.487337][ T1552] ? proc_fail_nth_write+0x17e/0x210 [ 42.487354][ T1552] blkdev_read_iter+0x303/0x430 [ 42.487378][ T1552] vfs_read+0x53d/0xb60 [ 42.487397][ T1552] ? __cfi_vfs_read+0x10/0x10 [ 42.487418][ T1552] ksys_read+0x141/0x250 [ 42.487436][ T1552] ? __cfi_ksys_read+0x10/0x10 [ 42.487455][ T1552] ? __kasan_check_read+0x15/0x20 [ 42.487472][ T1552] __x64_sys_read+0x7f/0x90 [ 42.487491][ T1552] x64_sys_call+0x2638/0x2ee0 [ 42.487511][ T1552] do_syscall_64+0x58/0xf0 [ 42.487530][ T1552] ? clear_bhb_loop+0x35/0x90 [ 42.487552][ T1552] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 42.487573][ T1552] RIP: 0033:0x7f6419f8e929 [ 42.487587][ T1552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.487599][ T1552] RSP: 002b:00007f641ad4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 42.487616][ T1552] RAX: ffffffffffffffda RBX: 00007f641a1b5fa0 RCX: 00007f6419f8e929 [ 42.487629][ T1552] RDX: 00000000ffffff6c RSI: 0000200000000080 RDI: 000000000000000f [ 42.487641][ T1552] RBP: 00007f641ad4d090 R08: 0000000000000000 R09: 0000000000000000 [ 42.487652][ T1552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 42.487662][ T1552] R13: 0000000000000000 R14: 00007f641a1b5fa0 R15: 00007fffbd26a7a8 [ 42.487676][ T1552] [ 42.952233][ T1557] rust_binder: Write failure EINVAL in pid:242 [ 42.952286][ T1558] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:242 [ 42.996091][ T1562] rust_binder: Error while translating object. [ 43.005346][ T1562] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 43.012212][ T1562] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:245 [ 43.114351][ T1572] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:250 [ 43.123962][ T1571] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.133665][ T1571] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.140355][ T1571] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.200993][ T1578] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.207850][ T1578] rust_binder: Error while translating object. [ 43.214638][ T1578] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 43.221081][ T1578] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:387 [ 43.260198][ T1576] input input30: cannot allocate more than FF_MAX_EFFECTS effects [ 43.278076][ T1576] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 43.296574][ T1592] rust_binder: Write failure EFAULT in pid:394 [ 43.357606][ T1597] binder: Unknown parameter 'fsmagic' [ 43.413924][ T1601] input: syz0 as /devices/virtual/input/input32 [ 43.426772][ T1601] binder: Bad value for 'max' [ 43.449193][ T1608] rust_binder: Write failure EFAULT in pid:399 [ 43.461941][ T1613] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.675630][ T1627] input: syz1 as /devices/virtual/input/input33 [ 43.712559][ T36] audit: type=1326 audit(1750359535.479:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.0.417" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x0 [ 43.788836][ T1635] rust_binder: Write failure EINVAL in pid:407 [ 43.789695][ T1635] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 43.799045][ T1635] rust_binder: Read failure Err(EFAULT) in pid:407 [ 43.799184][ T1636] rust_binder: Write failure EINVAL in pid:407 [ 43.837485][ T1643] binder: Unknown parameter 'non' [ 44.065222][ T1658] rust_binder: Write failure EFAULT in pid:268 [ 44.411225][ T1694] binder: Unknown parameter 'noninderfs/binder0' [ 44.653809][ T36] audit: type=1400 audit(1750359536.419:219): avc: denied { map } for pid=1718 comm="syz.3.442" path="/proc/425" dev="proc" ino=32367 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 44.671137][ T1721] tap0: tun_chr_ioctl cmd 1074812118 [ 44.743773][ T1728] SELinux: security_context_str_to_sid (system_uGй :) failed with errno=-22 [ 44.789898][ T36] audit: type=1400 audit(1750359536.559:220): avc: denied { write } for pid=1735 comm="syz.2.448" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.800249][ T1738] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.819746][ T1738] rust_binder: Error while translating object. [ 44.826244][ T36] audit: type=1400 audit(1750359536.559:221): avc: denied { remove_name } for pid=1735 comm="syz.2.448" name="binder0" dev="binder" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.826333][ T1738] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 44.833777][ T1738] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:376 [ 44.856363][ T36] audit: type=1400 audit(1750359536.559:222): avc: denied { unlink } for pid=1735 comm="syz.2.448" name="binder0" dev="binder" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 44.879311][ T1738] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:376 [ 44.914065][ T1740] FAULT_INJECTION: forcing a failure. [ 44.914065][ T1740] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 44.936817][ T1740] CPU: 0 UID: 0 PID: 1740 Comm: syz.3.450 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 44.936855][ T1740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.936872][ T1740] Call Trace: [ 44.936878][ T1740] [ 44.936893][ T1740] __dump_stack+0x21/0x30 [ 44.936920][ T1740] dump_stack_lvl+0x10c/0x190 [ 44.936935][ T1740] ? __cfi_dump_stack_lvl+0x10/0x10 [ 44.936950][ T1740] ? exc_page_fault+0x66/0xc0 [ 44.936967][ T1740] dump_stack+0x19/0x20 [ 44.936998][ T1740] should_fail_ex+0x3d9/0x530 [ 44.937013][ T1740] should_fail+0xf/0x20 [ 44.937027][ T1740] should_fail_usercopy+0x1e/0x30 [ 44.937044][ T1740] _copy_to_iter+0x1a3/0x14b0 [ 44.937061][ T1740] ? __cfi__copy_to_iter+0x10/0x10 [ 44.937076][ T1740] ? __kasan_check_write+0x18/0x20 [ 44.937094][ T1740] ? folio_mark_accessed+0x18e/0x5c0 [ 44.937125][ T1740] ? is_bpf_text_address+0x17b/0x1a0 [ 44.937143][ T1740] ? __cfi_folio_mark_accessed+0x10/0x10 [ 44.937161][ T1740] copy_page_to_iter+0x20d/0x2f0 [ 44.937178][ T1740] filemap_read+0x93c/0xef0 [ 44.937193][ T1740] ? __cfi_filemap_read+0x10/0x10 [ 44.937207][ T1740] ? __cfi_selinux_file_permission+0x10/0x10 [ 44.937227][ T1740] ? __kasan_check_write+0x18/0x20 [ 44.937244][ T1740] ? proc_fail_nth_write+0x17e/0x210 [ 44.937260][ T1740] blkdev_read_iter+0x303/0x430 [ 44.937282][ T1740] vfs_read+0x53d/0xb60 [ 44.937302][ T1740] ? __cfi_vfs_read+0x10/0x10 [ 44.937322][ T1740] ksys_read+0x141/0x250 [ 44.937339][ T1740] ? __cfi_ksys_read+0x10/0x10 [ 44.937356][ T1740] ? __kasan_check_read+0x15/0x20 [ 44.937371][ T1740] __x64_sys_read+0x7f/0x90 [ 44.937387][ T1740] x64_sys_call+0x2638/0x2ee0 [ 44.937405][ T1740] do_syscall_64+0x58/0xf0 [ 44.937423][ T1740] ? clear_bhb_loop+0x35/0x90 [ 44.937447][ T1740] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 44.937469][ T1740] RIP: 0033:0x7fc435f8e929 [ 44.937483][ T1740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 44.937497][ T1740] RSP: 002b:00007fc436d5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 44.937516][ T1740] RAX: ffffffffffffffda RBX: 00007fc4361b5fa0 RCX: 00007fc435f8e929 [ 44.937537][ T1740] RDX: 00000000ffffff6c RSI: 0000200000000080 RDI: 000000000000000f [ 44.937548][ T1740] RBP: 00007fc436d5f090 R08: 0000000000000000 R09: 0000000000000000 [ 44.937559][ T1740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 44.937570][ T1740] R13: 0000000000000000 R14: 00007fc4361b5fa0 R15: 00007ffe6c201058 [ 44.937584][ T1740] [ 45.018375][ T1744] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.249002][ T1750] rust_binder: Write failure EINVAL in pid:381 [ 45.505386][ T36] audit: type=1400 audit(1750359537.269:223): avc: denied { map } for pid=1764 comm="syz.1.457" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 45.533416][ T1763] input: syz0 as /devices/virtual/input/input35 [ 45.556426][ T1767] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.556522][ T1767] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:310 [ 45.679558][ T36] audit: type=1326 audit(1750359537.449:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1772 comm="syz.2.460" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd966b8e929 code=0x0 [ 46.279104][ T1776] binder: Unknown parameter 'noninderfs/binder0' [ 46.280569][ T1777] rust_binder: validate_parent_fixup: new_min_offset=87, sg_entry.length=0 [ 46.285520][ T1777] rust_binder: Error while translating object. [ 46.294329][ T1777] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 46.300866][ T1777] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:388 [ 46.322870][ T1781] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.325980][ T1783] binder: Unknown parameter 'nXI' [ 46.357442][ T1781] binder: Unknown parameter 'nXI' [ 46.365376][ T1787] rust_binder: Write failure EINVAL in pid:394 [ 46.603486][ T1802] kvm: kvm [1801]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff [ 46.708461][ T1811] SELinux: failed to load policy [ 46.715583][ T1820] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.725332][ T1811] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:321 [ 46.835666][ T1832] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 46.845309][ T1832] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:405 [ 46.857105][ T1835] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.991997][ T36] audit: type=1400 audit(1750359538.759:225): avc: denied { append } for pid=1859 comm="syz.2.487" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 47.023427][ T1862] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 47.034025][ T1862] SELinux: failed to load policy [ 47.063373][ T1871] SELinux: security_context_str_to_sid () failed with errno=-22 [ 47.080243][ T1871] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:426 [ 47.288924][ T36] audit: type=1326 audit(1750359539.059:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1872 comm="syz.2.490" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd966b8e929 code=0x0 [ 47.344704][ T1875] rust_binder: Write failure EINVAL in pid:428 [ 47.344918][ T1877] binder: Bad value for 'max' [ 47.413161][ T36] audit: type=1400 audit(1750359539.179:227): avc: denied { map } for pid=1886 comm="syz.3.494" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 47.439914][ T1892] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.440436][ T1892] rust_binder: Write failure EINVAL in pid:336 [ 47.553878][ T1902] input: syz1 as /devices/virtual/input/input36 [ 47.608886][ T36] audit: type=1400 audit(1750359539.379:228): avc: denied { setcurrent } for pid=1908 comm="syz.0.503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 47.628421][ T36] audit: type=1401 audit(1750359539.379:229): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 47.735679][ T1898] rust_binder: Read failure Err(EFAULT) in pid:338 [ 47.890393][ T1920] __vm_enough_memory: pid: 1920, comm: syz.0.506, bytes: 281474976845824 not enough memory for the allocation [ 47.931968][ T1929] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.945500][ T1932] KVM: debugfs: duplicate directory 1932-10 [ 47.982156][ T1936] rust_binder: Write failure EINVAL in pid:455 [ 47.999512][ T1938] rust_binder: Error while translating object. [ 48.005755][ T1938] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 48.012282][ T1938] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:473 [ 48.154057][ T1954] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.465770][ T1970] binder: Bad value for 'stats' [ 48.529862][ T1975] input: syz0 as /devices/virtual/input/input38 [ 48.589402][ T1977] kvm: emulating exchange as write [ 48.600269][ T1977] rust_binder: Error in use_page_slow: ESRCH [ 48.600284][ T1977] rust_binder: use_range failure ESRCH [ 48.606315][ T1977] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 48.611949][ T1977] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 48.619892][ T1977] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:481 [ 48.689934][ T1980] rust_binder: Error while translating object. [ 48.699125][ T1980] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 48.705387][ T1980] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:484 [ 48.723005][ T1982] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:474 [ 48.727197][ T1986] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:486 [ 48.854243][ T2001] rust_binder: Error while translating object. [ 48.863507][ T2001] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 48.869730][ T2001] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:492 [ 49.055734][ T2015] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:356 [ 49.349727][ T2029] tap0: tun_chr_ioctl cmd 1074025673 [ 49.364263][ T2028] tap0: tun_chr_ioctl cmd 1074812118 [ 49.369832][ T2028] tap0: tun_chr_ioctl cmd 1074025698 [ 49.493820][ T36] audit: type=1326 audit(1750359541.259:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2032 comm="syz.2.541" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd966b8e929 code=0x0 [ 49.646193][ T2043] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 49.655474][ T2043] input: syz0 as /devices/virtual/input/input39 [ 49.662102][ T2043] input: failed to attach handler leds to device input39, error: -6 [ 49.716300][ T36] audit: type=1326 audit(1750359541.479:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2048 comm="syz.0.545" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d6618e929 code=0x0 [ 49.770921][ T2051] input: syz1 as /devices/virtual/input/input40 [ 50.035515][ T36] audit: type=1326 audit(1750359541.799:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2052 comm="syz.3.546" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc435f8e929 code=0x0 [ 50.096899][ T2055] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.097204][ T2055] rust_binder: Error while translating object. [ 50.103734][ T2055] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 50.110099][ T2055] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:361 [ 50.147579][ T2063] binder: Unknown parameter 'dont_hash' [ 50.162653][ T2063] binder: Unknown parameter 'dont_hash' [ 50.612097][ T2080] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:490 [ 50.773052][ T2098] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.814630][ T2106] SELinux: security_context_str_to_sid () failed with errno=-22 [ 50.823793][ T2108] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.830697][ T2108] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 50.837238][ T2108] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:503 [ 50.846242][ T2110] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.858191][ T2110] rust_binder: Error while translating object. [ 50.864860][ T2110] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 50.871254][ T2110] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:391 [ 50.890284][ T2110] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.903794][ T2110] rust_binder: Error while translating object. [ 50.911813][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 50.913069][ T2110] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 50.918865][ T305] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz1 [ 50.928178][ T2110] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:391 [ 50.934528][ T2112] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.976457][ T2112] rust_binder: Write failure EINVAL in pid:505 [ 50.993883][ T2119] fido_id[2119]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 51.123495][ T2125] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 51.123886][ T2125] rust_binder: Error while translating object. [ 51.136472][ T2125] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 51.142838][ T2125] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:507 [ 51.171752][ T2130] binder: Unknown parameter 'processor : 0 [ 51.171752][ T2130] vendor_id : GenuineIntel [ 51.171752][ T2130] cpu family : 6 [ 51.171752][ T2130] model : 79 [ 51.171752][ T2130] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 51.171752][ T2130] stepping : 0 [ 51.171752][ T2130] microcode : 0xffffffff [ 51.171752][ T2130] cpu MHz : 2200.202 [ 51.171752][ T2130] cache size : 56320 KB [ 51.171752][ T2130] physical id : 0 [ 51.171752][ T2130] siblings : 2 [ 51.171752][ T2130] core id : 0 [ 51.171752][ T2130] cpu cores : 1 [ 51.171752][ T2130] apicid : 0 [ 51.171752][ T2130] initial apicid : 0 [ 51.171752][ T2130] fpu : yes [ 51.171752][ T2130] fpu_exception : yes [ 51.171752][ T2130] cpuid level : 13 [ 51.171752][ T2130] wp : yes [ 51.171752][ T2130] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 51.171752][ T2130] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 51.190664][ T2132] binder: Unknown parameter 'nXI' [ 51.404766][ T2142] binder: Unknown parameter 'nXI' [ 51.821571][ T2159] SELinux: security_context_str_to_sid (syte?-oL z^PY'=0]-+a~JmlGd|{&9@N\U@C1r.皎UȣiҀ&JW\*݁~)ͥI?$MRV#xp=~;_5ZݹYB &X\Qe\rPmJLAN_:h؜Dm$ Vd'ɻ< Іzo˲j qdsn'\s$V) failed with errno=-22 [ 52.122638][ T36] audit: type=1326 audit(1750359543.889:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2181 comm="syz.0.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 52.145996][ T36] audit: type=1326 audit(1750359543.889:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2181 comm="syz.0.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 52.170569][ T36] audit: type=1326 audit(1750359543.889:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2181 comm="syz.0.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 52.189703][ T2187] binder: Unknown parameter 'context' [ 52.194133][ T36] audit: type=1326 audit(1750359543.889:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2181 comm="syz.0.593" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x0 [ 52.450029][ T2192] SELinux: security_context_str_to_sid (dev/kvm) failed with errno=-22 [ 52.612710][ T2203] binder: Unknown parameter 'nXI' [ 52.618789][ T2205] rust_binder: Error in use_page_slow: ESRCH [ 52.618807][ T2205] rust_binder: use_range failure ESRCH [ 52.624868][ T2205] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 52.630443][ T2205] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 52.638344][ T2205] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:517 [ 52.958582][ T910] Bluetooth: hci0: command 0x1003 tx timeout [ 52.968549][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 53.020449][ T2252] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.257870][ T2272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.258537][ T2274] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 136, size: 255) [ 53.271823][ T2272] rust_binder: Error while translating object. [ 53.273064][ T2274] rust_binder: Error while translating object. [ 53.283287][ T2272] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 53.290178][ T2274] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 53.305404][ T2274] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:532 [ 53.307911][ T2272] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:547 [ 53.364061][ T2287] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.373555][ T2287] rust_binder: Write failure EINVAL in pid:405 [ 53.390416][ T36] audit: type=1326 audit(1750359545.159:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2289 comm="syz.1.631" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6419f8e929 code=0x0 [ 53.442322][ T2293] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.449736][ T2294] rust_binder: Write failure EFAULT in pid:550 [ 53.623395][ T2311] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 53.745569][ T36] audit: type=1326 audit(1750359545.509:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2320 comm="syz.2.641" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd966b8e929 code=0x0 [ 53.798234][ T36] audit: type=1400 audit(1750359545.559:239): avc: denied { map } for pid=2324 comm="syz.3.643" path="/dev/hwrng" dev="devtmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 53.931982][ T2336] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 53.932015][ T2336] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:552 [ 54.073708][ T2338] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 54.117423][ T2340] rust_binder: Error while translating object. [ 54.123945][ T2340] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 54.130132][ T2340] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:554 [ 54.234696][ T2351] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 54.253489][ T2351] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 54.260041][ T2351] rust_binder: Error while translating object. [ 54.268773][ T2351] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 54.274978][ T2351] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:410 [ 54.284425][ T2351] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 54.293631][ T2351] rust_binder: Read failure Err(EFAULT) in pid:410 [ 54.331026][ T2353] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 54.358072][ T2360] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 54.372889][ T2362] binder: Unknown parameter '' [ 54.487643][ T2362] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 54.508740][ T2362] kvm: requested 96381 ns i8254 timer period limited to 200000 ns [ 54.517027][ T2362] kvm: requested 119847 ns i8254 timer period limited to 200000 ns [ 54.525285][ T2362] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 54.534061][ T2362] kvm: requested 171809 ns i8254 timer period limited to 200000 ns [ 54.609447][ T2371] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 54.618353][ T2371] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 54.726101][ T2374] binder: Bad value for 'max' [ 54.769697][ T2378] binder: Unknown parameter 'fsname' [ 54.788961][ T2380] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 54.826822][ T2382] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 54.901432][ T2388] input: syz1 as /devices/virtual/input/input42 [ 54.934224][ T2392] binder: Bad value for 'max' [ 55.005779][ T2395] FAULT_INJECTION: forcing a failure. [ 55.005779][ T2395] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 55.020186][ T2395] CPU: 0 UID: 0 PID: 2395 Comm: syz.2.669 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 55.020214][ T2395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 55.020225][ T2395] Call Trace: [ 55.020230][ T2395] [ 55.020237][ T2395] __dump_stack+0x21/0x30 [ 55.020262][ T2395] dump_stack_lvl+0x10c/0x190 [ 55.020280][ T2395] ? __cfi_dump_stack_lvl+0x10/0x10 [ 55.020298][ T2395] ? __kasan_check_read+0x15/0x20 [ 55.020316][ T2395] dump_stack+0x19/0x20 [ 55.020330][ T2395] should_fail_ex+0x3d9/0x530 [ 55.020348][ T2395] should_fail_alloc_page+0xeb/0x110 [ 55.020368][ T2395] __alloc_pages_noprof+0x19d/0x6c0 [ 55.020383][ T2395] ? __cfi_memcg1_commit_charge+0x10/0x10 [ 55.020401][ T2395] ? is_bpf_text_address+0x17b/0x1a0 [ 55.020422][ T2395] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 55.020436][ T2395] ? __kasan_check_read+0x15/0x20 [ 55.020453][ T2395] ? __folio_batch_add_and_move+0x2ab/0x370 [ 55.020474][ T2395] ? __cfi_lru_add+0x10/0x10 [ 55.020495][ T2395] ? folio_rotate_reclaimable+0x130/0x130 [ 55.020515][ T2395] ? __kasan_check_read+0x15/0x20 [ 55.020530][ T2395] __folio_alloc_noprof+0x14/0x80 [ 55.020544][ T2395] folio_prealloc+0x46/0x240 [ 55.020564][ T2395] do_pte_missing+0x1603/0x3e50 [ 55.020583][ T2395] ? cgroup_rstat_updated+0x132/0x7f0 [ 55.020601][ T2395] ? pte_marker_clear+0x1b0/0x1b0 [ 55.020618][ T2395] ? __pte_offset_map+0x1b0/0x230 [ 55.020635][ T2395] ? pte_offset_map_rw_nolock+0xba/0x110 [ 55.020652][ T2395] handle_mm_fault+0x1166/0x1b90 [ 55.020673][ T2395] ? __cfi_handle_mm_fault+0x10/0x10 [ 55.020690][ T2395] ? find_vma+0xcd/0x110 [ 55.020707][ T2395] ? lock_mm_and_find_vma+0xb8/0x3a0 [ 55.020726][ T2395] do_user_addr_fault+0x4ca/0x1200 [ 55.020745][ T2395] exc_page_fault+0x59/0xc0 [ 55.020758][ T2395] asm_exc_page_fault+0x2b/0x30 [ 55.020775][ T2395] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 55.020791][ T2395] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 55.020803][ T2395] RSP: 0018:ffffc9000ec577d8 EFLAGS: 00050206 [ 55.020817][ T2395] RAX: ffffffff82a23e01 RBX: ffff888119be4000 RCX: 0000000000000080 [ 55.020827][ T2395] RDX: 0000000000000000 RSI: ffff888119be4f80 RDI: 0000200000016000 [ 55.020845][ T2395] RBP: ffffc9000ec57940 R08: ffff888119be4fff R09: 1ffff1102337c9ff [ 55.020855][ T2395] R10: dffffc0000000000 R11: ffffed102337ca00 R12: 0000200000015080 [ 55.020865][ T2395] R13: 0000200000016080 R14: 1ffff92001d8afaf R15: 0000000000001000 [ 55.020876][ T2395] ? _copy_to_iter+0x131/0x14b0 [ 55.020892][ T2395] ? _copy_to_iter+0x212/0x14b0 [ 55.020913][ T2395] ? __cfi__copy_to_iter+0x10/0x10 [ 55.020928][ T2395] ? __kasan_check_write+0x18/0x20 [ 55.020941][ T2395] ? folio_mark_accessed+0x18e/0x5c0 [ 55.020959][ T2395] ? is_bpf_text_address+0x17b/0x1a0 [ 55.020975][ T2395] ? __cfi_folio_mark_accessed+0x10/0x10 [ 55.020993][ T2395] copy_page_to_iter+0x20d/0x2f0 [ 55.021009][ T2395] filemap_read+0x93c/0xef0 [ 55.021023][ T2395] ? __cfi_filemap_read+0x10/0x10 [ 55.021037][ T2395] ? __cfi_selinux_file_permission+0x10/0x10 [ 55.021055][ T2395] ? __kasan_check_write+0x18/0x20 [ 55.021068][ T2395] ? proc_fail_nth_write+0x17e/0x210 [ 55.021081][ T2395] blkdev_read_iter+0x303/0x430 [ 55.021100][ T2395] vfs_read+0x53d/0xb60 [ 55.021114][ T2395] ? __cfi_vfs_read+0x10/0x10 [ 55.021129][ T2395] ksys_read+0x141/0x250 [ 55.021143][ T2395] ? __cfi_ksys_read+0x10/0x10 [ 55.021157][ T2395] ? __kasan_check_read+0x15/0x20 [ 55.021170][ T2395] __x64_sys_read+0x7f/0x90 [ 55.021184][ T2395] x64_sys_call+0x2638/0x2ee0 [ 55.021203][ T2395] do_syscall_64+0x58/0xf0 [ 55.021219][ T2395] ? clear_bhb_loop+0x35/0x90 [ 55.021236][ T2395] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 55.021252][ T2395] RIP: 0033:0x7fd966b8e929 [ 55.021263][ T2395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.021273][ T2395] RSP: 002b:00007fd9651f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 55.021286][ T2395] RAX: ffffffffffffffda RBX: 00007fd966db5fa0 RCX: 00007fd966b8e929 [ 55.021296][ T2395] RDX: 00000000ffffff6c RSI: 0000200000000080 RDI: 000000000000000e [ 55.021305][ T2395] RBP: 00007fd9651f7090 R08: 0000000000000000 R09: 0000000000000000 [ 55.021313][ T2395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 55.021321][ T2395] R13: 0000000000000000 R14: 00007fd966db5fa0 R15: 00007ffd0036b9b8 [ 55.021331][ T2395] [ 55.525834][ T2405] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 55.813587][ T2419] binder: Bad value for 'stats' [ 55.818031][ T36] audit: type=1400 audit(1750359547.579:240): avc: denied { execute } for pid=2420 comm="syz.2.676" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 55.848441][ T2424] SELinux: Context \MZr})QN'd: is not valid (left unmapped). [ 55.860254][ T2425] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 55.860345][ T2426] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 55.860375][ T2424] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 55.873286][ T2424] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:583 [ 55.932127][ T2426] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:424 [ 55.932808][ T2429] binder: Unknown parameter '' [ 55.967408][ T2433] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 55.967432][ T2433] rust_binder: Error while translating object. [ 55.974824][ T60] Bluetooth: hci0: Frame reassembly failed (-84) [ 55.978050][ T2433] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 55.990589][ T2433] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:600 [ 56.015851][ T2434] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 56.025152][ T2434] rust_binder: Error in use_page_slow: EBUSY [ 56.035717][ T2434] rust_binder: use_range failure EBUSY [ 56.042458][ T2434] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 56.048069][ T2434] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 56.055952][ T2434] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 56.065459][ T2434] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:585 [ 56.071410][ T2438] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 56.087626][ T2434] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:585 [ 56.328963][ T2452] input: syz0 as /devices/virtual/input/input43 [ 56.344474][ T2452] input: failed to attach handler leds to device input43, error: -6 [ 56.367145][ T2454] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 56.568270][ T2471] binder: Unknown parameter 'non' [ 56.605392][ T2478] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 56.605420][ T2478] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:611 [ 56.707069][ T2485] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:428 [ 56.716596][ T2487] rust_binder: Write failure EFAULT in pid:616 [ 56.738777][ T2490] rust_binder: Write failure EFAULT in pid:430 [ 56.745161][ T2494] rust_binder: Write failure EINVAL in pid:430 [ 56.766174][ T2498] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 56.813639][ T2506] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 56.822636][ T2506] rust_binder: Write failure EINVAL in pid:433 [ 56.822881][ T2506] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 56.982634][ T2522] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:625 [ 57.012217][ T2525] rust_binder: Write failure EFAULT in pid:632 [ 57.023762][ T2527] rust_binder: Error while translating object. [ 57.030022][ T2527] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 57.036272][ T2527] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:630 [ 57.058365][ T2530] rust_binder: Write failure EINVAL in pid:440 [ 57.163644][ T2533] tun0: tun_chr_ioctl cmd 1074025676 [ 57.175134][ T2533] tun0: owner set to 0 [ 57.398724][ T2552] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 57.398753][ T2552] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:639 [ 57.402199][ T2553] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 57.408905][ T2552] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 57.418565][ T2553] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:639 [ 57.427026][ T2552] rust_binder: Read failure Err(EFAULT) in pid:639 [ 57.434798][ T2553] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 57.444550][ T2557] input: syz1 as /devices/virtual/input/input44 [ 57.453889][ T2553] rust_binder: Read failure Err(EFAULT) in pid:639 [ 57.462200][ T2557] binder: Unknown parameter '0x000000006547203a' [ 57.498321][ T2562] rust_binder: Write failure EINVAL in pid:642 [ 57.539855][ T2568] binder: Bad value for 'max' [ 57.597151][ T2572] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:652 [ 57.708404][ T2577] rust_binder: Error in use_page_slow: ESRCH [ 57.717761][ T2577] rust_binder: use_range failure ESRCH [ 57.733901][ T2577] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 57.739786][ T2577] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 57.747778][ T2577] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:645 [ 57.758306][ T2577] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 57.776539][ T2577] rust_binder: Write failure EINVAL in pid:645 [ 57.912743][ T2586] input: syz0 as /devices/virtual/input/input45 [ 57.980401][ T2586] rust_binder: Write failure EINVAL in pid:651 [ 57.998580][ T910] Bluetooth: hci0: command 0x1003 tx timeout [ 58.008635][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 58.019105][ T2590] kvm: apic: phys broadcast and lowest prio [ 58.187802][ T2624] binder: Unknown parameter '' [ 58.191628][ T2622] SELinux: security_context_str_to_sid () failed with errno=-22 [ 58.258725][ T2630] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 58.301088][ T2638] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 58.301270][ T2638] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 58.307726][ T2638] rust_binder: Read failure Err(EFAULT) in pid:464 [ 58.337016][ T2645] rust_binder: Write failure EINVAL in pid:670 [ 58.428291][ T2647] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 184, size: 89) [ 58.434503][ T2647] rust_binder: Error while translating object. [ 58.444998][ T2647] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 58.451189][ T2647] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:672 [ 58.504783][ T2654] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 58.560334][ T2665] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:534 [ 58.582961][ T2670] binder: Bad value for 'max' [ 58.671820][ T2678] rust_binder: Write failure EINVAL in pid:662 [ 58.705177][ T2681] rust_binder: Write failure EINVAL in pid:665 [ 58.798635][ T2697] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 58.826021][ T2714] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 58.864368][ T2727] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 58.873305][ T2727] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 58.888583][ T2727] rust_binder: Write failure EINVAL in pid:483 [ 58.923340][ T36] audit: type=1326 audit(1750359550.689:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2731 comm="syz.1.776" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6419f8e929 code=0x0 [ 59.005487][ T2744] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:688 [ 59.008311][ T2744] rust_binder: Read failure Err(EFAULT) in pid:688 [ 59.066285][ T2749] rust_binder: Error while translating object. [ 59.072909][ T2749] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 59.079142][ T2749] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:548 [ 59.115857][ T2755] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 59.115880][ T2755] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 59.123746][ T2755] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 59.150626][ T292] Bluetooth: hci0: Frame reassembly failed (-84) [ 59.191047][ T2766] rust_binder: Error while translating object. [ 59.191069][ T2766] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 59.197245][ T2766] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:692 [ 59.216369][ T2768] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 27) [ 59.225581][ T2768] rust_binder: Error while translating object. [ 59.236184][ T2768] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 59.242493][ T2768] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:694 [ 59.268456][ T2770] rust_binder: inc_ref_done called when no active inc_refs [ 59.335844][ T2772] binder: Unknown parameter 'nXI' [ 59.349579][ T36] audit: type=1400 audit(1750359551.119:242): avc: denied { map } for pid=2771 comm="syz.3.789" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 59.377728][ T2772] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 59.466102][ T2775] rust_binder: Write failure EINVAL in pid:707 [ 59.796892][ T2782] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.803741][ T2783] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:490 [ 59.823790][ T2787] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.844167][ T2791] SELinux: security_context_str_to_sid () failed with errno=-22 [ 59.860206][ T2791] binder: Bad value for 'max' [ 59.945543][ T2796] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 59.945566][ T2796] rust_binder: Error in use_page_slow: EBUSY [ 59.955980][ T2796] rust_binder: use_range failure EBUSY [ 59.962032][ T2796] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 59.967548][ T2796] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 59.975392][ T2796] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 59.984851][ T2796] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:714 [ 60.044047][ T2803] rust_binder: Error while translating object. [ 60.052549][ T2804] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.058710][ T2803] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 60.058737][ T2803] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:717 [ 60.125931][ T36] audit: type=1326 audit(1750359551.889:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2809 comm="syz.0.800" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x0 [ 60.135956][ T2804] rust_binder: Write failure EFAULT in pid:717 [ 60.201778][ T2814] kvm: Disabled LAPIC found during irq injection [ 60.210533][ T2817] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.246188][ T2817] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 2 [ 60.259980][ T2817] rust_binder: Write failure EINVAL in pid:706 [ 60.284046][ T2823] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.293048][ T36] audit: type=1326 audit(1750359552.069:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2822 comm="syz.1.804" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6419f8e929 code=0x0 [ 60.396097][ T2824] rust_binder: Error while translating object. [ 60.396143][ T2824] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 60.402411][ T2824] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:513 [ 60.467641][ T2826] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.534940][ T2827] rust_binder: got new transaction with bad transaction stack [ 60.541420][ T2827] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:709 [ 60.882179][ T2830] random: crng reseeded on system resumption [ 60.882179][ T36] audit: type=1400 audit(1750359552.649:245): avc: denied { write } for pid=2829 comm="syz.3.806" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 61.128885][ T2836] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=320745794 (2565966352 ns) > initial count (325012024 ns). Using initial count to start timer. [ 61.198575][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 61.212671][ T2839] rust_binder: Error while translating object. [ 61.212700][ T2839] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 61.219056][ T2839] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:559 [ 61.356077][ T2842] FAULT_INJECTION: forcing a failure. [ 61.356077][ T2842] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.378255][ T2842] CPU: 1 UID: 0 PID: 2842 Comm: syz.2.809 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 61.378280][ T2842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 61.378295][ T2842] Call Trace: [ 61.378300][ T2842] [ 61.378305][ T2842] __dump_stack+0x21/0x30 [ 61.378321][ T2842] dump_stack_lvl+0x10c/0x190 [ 61.378332][ T2842] ? __cfi_dump_stack_lvl+0x10/0x10 [ 61.378343][ T2842] ? exc_page_fault+0x66/0xc0 [ 61.378354][ T2842] dump_stack+0x19/0x20 [ 61.378364][ T2842] should_fail_ex+0x3d9/0x530 [ 61.378375][ T2842] should_fail+0xf/0x20 [ 61.378384][ T2842] should_fail_usercopy+0x1e/0x30 [ 61.378394][ T2842] _copy_to_iter+0x1a3/0x14b0 [ 61.378407][ T2842] ? __cfi__copy_to_iter+0x10/0x10 [ 61.378418][ T2842] ? __kasan_check_read+0x15/0x20 [ 61.378428][ T2842] ? folio_mark_accessed+0x198/0x5c0 [ 61.378442][ T2842] ? is_bpf_text_address+0x17b/0x1a0 [ 61.378455][ T2842] ? __cfi_folio_mark_accessed+0x10/0x10 [ 61.378469][ T2842] copy_page_to_iter+0x20d/0x2f0 [ 61.378480][ T2842] filemap_read+0x93c/0xef0 [ 61.378490][ T2842] ? __cfi_filemap_read+0x10/0x10 [ 61.378511][ T2842] ? __cfi_selinux_file_permission+0x10/0x10 [ 61.378525][ T2842] ? __kasan_check_write+0x18/0x20 [ 61.378535][ T2842] ? proc_fail_nth_write+0x17e/0x210 [ 61.378545][ T2842] blkdev_read_iter+0x303/0x430 [ 61.378560][ T2842] vfs_read+0x53d/0xb60 [ 61.378571][ T2842] ? __cfi_vfs_read+0x10/0x10 [ 61.378582][ T2842] ksys_read+0x141/0x250 [ 61.378592][ T2842] ? __cfi_ksys_read+0x10/0x10 [ 61.378603][ T2842] ? __kasan_check_read+0x15/0x20 [ 61.378613][ T2842] __x64_sys_read+0x7f/0x90 [ 61.378623][ T2842] x64_sys_call+0x2638/0x2ee0 [ 61.378635][ T2842] do_syscall_64+0x58/0xf0 [ 61.378647][ T2842] ? clear_bhb_loop+0x35/0x90 [ 61.378661][ T2842] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 61.378674][ T2842] RIP: 0033:0x7fd966b8e929 [ 61.378683][ T2842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.378691][ T2842] RSP: 002b:00007fd9651f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 61.378703][ T2842] RAX: ffffffffffffffda RBX: 00007fd966db5fa0 RCX: 00007fd966b8e929 [ 61.378710][ T2842] RDX: 00000000ffffff6c RSI: 0000200000000080 RDI: 000000000000000f [ 61.378717][ T2842] RBP: 00007fd9651f7090 R08: 0000000000000000 R09: 0000000000000000 [ 61.378723][ T2842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 61.378729][ T2842] R13: 0000000000000000 R14: 00007fd966db5fa0 R15: 00007ffd0036b9b8 [ 61.378736][ T2842] [ 61.666308][ T2855] rust_binder: Error while translating object. [ 61.666348][ T2855] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 61.672600][ T2855] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:734 [ 61.739460][ T2857] rust_binder: Write failure EINVAL in pid:736 [ 61.756948][ T2859] kvm_intel: kvm [2858]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 61.840891][ T2870] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:523 [ 61.863044][ T2880] rust_binder: Write failure EINVAL in pid:566 [ 61.863086][ T2881] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 61.882033][ T2881] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 61.888488][ T2881] rust_binder: Error while translating object. [ 61.900659][ T2881] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 61.907030][ T2881] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:530 [ 61.927681][ T2886] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.002430][ T2890] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.021680][ T2904] rust_binder: Write failure EFAULT in pid:745 [ 62.099182][ T2908] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 62.105394][ T2908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:532 [ 62.160016][ T2910] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.170715][ T2910] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.177536][ T2910] rust_binder: Failed to allocate buffer. len:4232, is_oneway:true [ 62.196516][ T2912] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 89) [ 62.198461][ T2914] SELinux: security_context_str_to_sid (system_uGй :) failed with errno=-22 [ 62.204547][ T2912] rust_binder: Error while translating object. [ 62.224230][ T2912] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 62.236018][ T2912] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:572 [ 62.255270][ T2919] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:574 [ 62.276459][ T2925] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.340548][ T2938] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.349784][ T2940] rust_binder: Write failure EINVAL in pid:536 [ 62.356746][ T2940] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:536 [ 62.365739][ T2943] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.375294][ T36] audit: type=1326 audit(1750359554.139:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2942 comm="syz.0.842" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d6618e929 code=0x0 [ 62.495998][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.496027][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.502541][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.509065][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.515491][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.521962][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.528442][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.534918][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.541411][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.547882][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.554458][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.560978][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.567524][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.567527][ T2947] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 62.567544][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.589078][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.595551][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.602000][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.608420][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.614897][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.621370][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.627849][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.634350][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.640808][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.647219][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.653701][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.660177][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.666611][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.671269][ T2955] __vm_enough_memory: pid: 2955, comm: syz.2.845, bytes: 281474976845824 not enough memory for the allocation [ 62.673421][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.691174][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.697682][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.704262][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.710757][ T2949] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.723000][ T2962] binfmt_misc: register: failed to install interpreter file ./cgroup [ 62.753134][ T2966] binder: Bad value for 'stats' [ 62.957450][ T2972] rust_binder: Error while translating object. [ 62.957475][ T2972] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 62.963759][ T2972] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:603 [ 62.987576][ T2977] FAULT_INJECTION: forcing a failure. [ 62.987576][ T2977] name failslab, interval 1, probability 0, space 0, times 0 [ 63.009384][ T2977] CPU: 0 UID: 0 PID: 2977 Comm: syz.2.853 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 63.009413][ T2977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.009423][ T2977] Call Trace: [ 63.009428][ T2977] [ 63.009435][ T2977] __dump_stack+0x21/0x30 [ 63.009457][ T2977] dump_stack_lvl+0x10c/0x190 [ 63.009474][ T2977] ? __cfi_dump_stack_lvl+0x10/0x10 [ 63.009492][ T2977] ? unwind_get_return_address+0x51/0x90 [ 63.009506][ T2977] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 63.009524][ T2977] dump_stack+0x19/0x20 [ 63.009539][ T2977] should_fail_ex+0x3d9/0x530 [ 63.009555][ T2977] should_failslab+0xac/0x100 [ 63.009577][ T2977] __kmalloc_node_noprof+0x6c/0x450 [ 63.009593][ T2977] ? __kvmalloc_node_noprof+0x11d/0x300 [ 63.009611][ T2977] __kvmalloc_node_noprof+0x11d/0x300 [ 63.009626][ T2977] ? __cfi___kvmalloc_node_noprof+0x10/0x10 [ 63.009644][ T2977] ? kstrtouint_from_user+0xfb/0x150 [ 63.009660][ T2977] ? __x64_sys_openat+0x13a/0x170 [ 63.009675][ T2977] ? x64_sys_call+0xe69/0x2ee0 [ 63.009695][ T2977] seq_read_iter+0x21f/0xfe0 [ 63.009716][ T2977] kernfs_fop_read_iter+0x149/0x520 [ 63.009737][ T2977] vfs_read+0x53d/0xb60 [ 63.009754][ T2977] ? __cfi_vfs_read+0x10/0x10 [ 63.009772][ T2977] ? __cfi_mutex_lock+0x10/0x10 [ 63.009789][ T2977] ksys_read+0x141/0x250 [ 63.009804][ T2977] ? __cfi_ksys_read+0x10/0x10 [ 63.009821][ T2977] ? __kasan_check_read+0x15/0x20 [ 63.009838][ T2977] __x64_sys_read+0x7f/0x90 [ 63.009856][ T2977] x64_sys_call+0x2638/0x2ee0 [ 63.009875][ T2977] do_syscall_64+0x58/0xf0 [ 63.009894][ T2977] ? clear_bhb_loop+0x35/0x90 [ 63.009916][ T2977] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 63.009936][ T2977] RIP: 0033:0x7fd966b8e929 [ 63.009950][ T2977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.009964][ T2977] RSP: 002b:00007fd9651f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 63.009982][ T2977] RAX: ffffffffffffffda RBX: 00007fd966db5fa0 RCX: 00007fd966b8e929 [ 63.009995][ T2977] RDX: 0000000000002020 RSI: 00002000000011c0 RDI: 0000000000000003 [ 63.010006][ T2977] RBP: 00007fd9651f7090 R08: 0000000000000000 R09: 0000000000000000 [ 63.010016][ T2977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.010027][ T2977] R13: 0000000000000000 R14: 00007fd966db5fa0 R15: 00007ffd0036b9b8 [ 63.010040][ T2977] [ 63.328254][ T288] cgroup: fork rejected by pids controller in /syz1 [ 63.417877][ T3002] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 63.505673][ T36] audit: type=1400 audit(1750359555.269:247): avc: denied { mounton } for pid=3008 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 63.545260][ T3008] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.552349][ T3008] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.559586][ T3008] bridge_slave_0: entered allmulticast mode [ 63.565789][ T3008] bridge_slave_0: entered promiscuous mode [ 63.572237][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.579344][ T3008] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.590863][ T3008] bridge_slave_1: entered allmulticast mode [ 63.598752][ T3008] bridge_slave_1: entered promiscuous mode [ 63.599537][ T3014] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 63.605096][ T3015] FAULT_INJECTION: forcing a failure. [ 63.605096][ T3015] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 63.624637][ T3015] CPU: 0 UID: 0 PID: 3015 Comm: syz.2.864 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 63.624665][ T3015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.624675][ T3015] Call Trace: [ 63.624681][ T3015] [ 63.624687][ T3015] __dump_stack+0x21/0x30 [ 63.624709][ T3015] dump_stack_lvl+0x10c/0x190 [ 63.624725][ T3015] ? __cfi_dump_stack_lvl+0x10/0x10 [ 63.624742][ T3015] ? snprintf+0xdb/0x130 [ 63.624761][ T3015] dump_stack+0x19/0x20 [ 63.624777][ T3015] should_fail_ex+0x3d9/0x530 [ 63.624796][ T3015] should_fail+0xf/0x20 [ 63.624810][ T3015] should_fail_usercopy+0x1e/0x30 [ 63.624828][ T3015] _copy_to_iter+0x1a3/0x14b0 [ 63.624847][ T3015] ? show_trace_dev_match+0x2ad/0x2d0 [ 63.624866][ T3015] ? __cfi__copy_to_iter+0x10/0x10 [ 63.624884][ T3015] ? mutex_unlock+0x8b/0x240 [ 63.624900][ T3015] ? __cfi_mutex_unlock+0x10/0x10 [ 63.624915][ T3015] ? check_stack_object+0x82/0x140 [ 63.624933][ T3015] ? __virt_addr_valid+0x2a6/0x380 [ 63.624955][ T3015] ? __check_object_size+0x455/0x620 [ 63.624972][ T3015] seq_read_iter+0xd39/0xfe0 [ 63.624995][ T3015] kernfs_fop_read_iter+0x149/0x520 [ 63.625017][ T3015] vfs_read+0x53d/0xb60 [ 63.625028][ T3015] ? __cfi_vfs_read+0x10/0x10 [ 63.625038][ T3015] ? __cfi_mutex_lock+0x10/0x10 [ 63.625048][ T3015] ksys_read+0x141/0x250 [ 63.625058][ T3015] ? __cfi_ksys_read+0x10/0x10 [ 63.625068][ T3015] ? __kasan_check_read+0x15/0x20 [ 63.625079][ T3015] __x64_sys_read+0x7f/0x90 [ 63.625089][ T3015] x64_sys_call+0x2638/0x2ee0 [ 63.625101][ T3015] do_syscall_64+0x58/0xf0 [ 63.625112][ T3015] ? clear_bhb_loop+0x35/0x90 [ 63.625126][ T3015] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 63.625139][ T3015] RIP: 0033:0x7fd966b8e929 [ 63.625149][ T3015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.625157][ T3015] RSP: 002b:00007fd9651f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 63.625169][ T3015] RAX: ffffffffffffffda RBX: 00007fd966db5fa0 RCX: 00007fd966b8e929 [ 63.625176][ T3015] RDX: 0000000000002020 RSI: 00002000000011c0 RDI: 0000000000000003 [ 63.625183][ T3015] RBP: 00007fd9651f7090 R08: 0000000000000000 R09: 0000000000000000 [ 63.625189][ T3015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.625195][ T3015] R13: 0000000000000000 R14: 00007fd966db5fa0 R15: 00007ffd0036b9b8 [ 63.625203][ T3015] [ 63.891500][ T292] bridge_slave_1: left allmulticast mode [ 63.910062][ T292] bridge_slave_1: left promiscuous mode [ 63.921861][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.929641][ T292] bridge_slave_0: left allmulticast mode [ 63.935306][ T292] bridge_slave_0: left promiscuous mode [ 63.941086][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.056190][ T36] audit: type=1400 audit(1750359555.819:248): avc: denied { create } for pid=3008 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.062390][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.076785][ T36] audit: type=1400 audit(1750359555.819:249): avc: denied { write } for pid=3008 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.083779][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.083867][ T3008] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.104306][ T36] audit: type=1400 audit(1750359555.819:250): avc: denied { read } for pid=3008 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.111389][ T3008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.166887][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.174831][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.183565][ T292] veth1_macvtap: left promiscuous mode [ 64.189178][ T292] veth0_vlan: left promiscuous mode [ 64.252412][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.259518][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.270321][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.277389][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.309845][ T3008] veth0_vlan: entered promiscuous mode [ 64.320294][ T3008] veth1_macvtap: entered promiscuous mode [ 64.337326][ T36] audit: type=1400 audit(1750359556.099:251): avc: denied { unmount } for pid=3008 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 64.376400][ T3040] binder: Bad value for 'max' [ 64.411723][ T3046] random: crng reseeded on system resumption [ 64.419875][ T36] audit: type=1326 audit(1750359556.189:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3043 comm="syz.3.871" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc435f8e929 code=0x0 [ 64.509466][ T3050] FAULT_INJECTION: forcing a failure. [ 64.509466][ T3050] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 64.523504][ T3050] CPU: 0 UID: 0 PID: 3050 Comm: syz.2.873 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 64.523534][ T3050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 64.523544][ T3050] Call Trace: [ 64.523550][ T3050] [ 64.523557][ T3050] __dump_stack+0x21/0x30 [ 64.523580][ T3050] dump_stack_lvl+0x10c/0x190 [ 64.523599][ T3050] ? __cfi_dump_stack_lvl+0x10/0x10 [ 64.523618][ T3050] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 64.523640][ T3050] dump_stack+0x19/0x20 [ 64.523657][ T3050] should_fail_ex+0x3d9/0x530 [ 64.523675][ T3050] should_fail_alloc_page+0xeb/0x110 [ 64.523696][ T3050] __alloc_pages_noprof+0x19d/0x6c0 [ 64.523710][ T3050] ? is_bpf_text_address+0x17b/0x1a0 [ 64.523731][ T3050] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 64.523747][ T3050] ? kernel_text_address+0xa9/0xe0 [ 64.523762][ T3050] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 64.523779][ T3050] ? arch_stack_walk+0x10b/0x170 [ 64.523798][ T3050] __folio_alloc_noprof+0x14/0x80 [ 64.523811][ T3050] folio_prealloc+0x46/0x240 [ 64.523831][ T3050] do_pte_missing+0x1603/0x3e50 [ 64.523851][ T3050] ? pte_marker_clear+0x1b0/0x1b0 [ 64.523869][ T3050] ? __pte_offset_map+0x1b0/0x230 [ 64.523886][ T3050] ? pte_offset_map_rw_nolock+0xba/0x110 [ 64.523905][ T3050] handle_mm_fault+0x1166/0x1b90 [ 64.523925][ T3050] ? __cfi_handle_mm_fault+0x10/0x10 [ 64.523962][ T3050] ? find_vma+0xcd/0x110 [ 64.523980][ T3050] ? lock_mm_and_find_vma+0xb8/0x3a0 [ 64.523998][ T3050] do_user_addr_fault+0x4ca/0x1200 [ 64.524017][ T3050] exc_page_fault+0x59/0xc0 [ 64.524033][ T3050] asm_exc_page_fault+0x2b/0x30 [ 64.524053][ T3050] RIP: 0010:rep_movs_alternative+0x33/0xa0 [ 64.524071][ T3050] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb [ 64.524084][ T3050] RSP: 0018:ffffc9000e9af9d8 EFLAGS: 00050216 [ 64.524100][ T3050] RAX: 38690a6b636f6c62 RBX: ffff88811c8be000 RCX: 0000000000000011 [ 64.524111][ T3050] RDX: 0000000000000000 RSI: ffff88811c8be000 RDI: 00002000000011c0 [ 64.524123][ T3050] RBP: ffffc9000e9afb38 R08: ffff88811c8be010 R09: 1ffff11023917c02 [ 64.524135][ T3050] R10: dffffc0000000000 R11: ffffed1023917c03 R12: 00002000000011c0 [ 64.524146][ T3050] R13: 00002000000011d1 R14: 1ffff92001d35faf R15: 0000000000000011 [ 64.524158][ T3050] ? _copy_to_iter+0x212/0x14b0 [ 64.524176][ T3050] ? show_trace_dev_match+0x2ad/0x2d0 [ 64.524194][ T3050] ? __cfi__copy_to_iter+0x10/0x10 [ 64.524211][ T3050] ? mutex_unlock+0x8b/0x240 [ 64.524225][ T3050] ? __cfi_mutex_unlock+0x10/0x10 [ 64.524238][ T3050] ? check_stack_object+0x82/0x140 [ 64.524255][ T3050] ? __virt_addr_valid+0x2a6/0x380 [ 64.524274][ T3050] ? __check_object_size+0x455/0x620 [ 64.524290][ T3050] seq_read_iter+0xd39/0xfe0 [ 64.524312][ T3050] kernfs_fop_read_iter+0x149/0x520 [ 64.524334][ T3050] vfs_read+0x53d/0xb60 [ 64.524351][ T3050] ? __cfi_vfs_read+0x10/0x10 [ 64.524365][ T3050] ? __cfi_mutex_lock+0x10/0x10 [ 64.524379][ T3050] ksys_read+0x141/0x250 [ 64.524395][ T3050] ? xfd_validate_state+0x68/0x150 [ 64.524411][ T3050] ? __cfi_ksys_read+0x10/0x10 [ 64.524427][ T3050] ? __kasan_check_read+0x15/0x20 [ 64.524445][ T3050] __x64_sys_read+0x7f/0x90 [ 64.524463][ T3050] x64_sys_call+0x2638/0x2ee0 [ 64.524483][ T3050] do_syscall_64+0x58/0xf0 [ 64.524502][ T3050] ? clear_bhb_loop+0x35/0x90 [ 64.524523][ T3050] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 64.524544][ T3050] RIP: 0033:0x7fd966b8e929 [ 64.524558][ T3050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.524571][ T3050] RSP: 002b:00007fd9651f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 64.524588][ T3050] RAX: ffffffffffffffda RBX: 00007fd966db5fa0 RCX: 00007fd966b8e929 [ 64.524600][ T3050] RDX: 0000000000002020 RSI: 00002000000011c0 RDI: 0000000000000003 [ 64.524610][ T3050] RBP: 00007fd9651f7090 R08: 0000000000000000 R09: 0000000000000000 [ 64.524620][ T3050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.524628][ T3050] R13: 0000000000000000 R14: 00007fd966db5fa0 R15: 00007ffd0036b9b8 [ 64.524640][ T3050] [ 64.525069][ T3051] random: crng reseeded on system resumption [ 65.005625][ T3063] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 65.068738][ T36] audit: type=1326 audit(1750359556.839:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3066 comm="syz.1.878" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f64afb8e929 code=0x0 [ 65.068789][ T3068] SELinux: Context is not valid (left unmapped). [ 65.116253][ T3074] rust_binder: Write failure EFAULT in pid:14 [ 65.126546][ T3074] input: syz1 as /devices/virtual/input/input49 [ 65.180986][ T3076] FAULT_INJECTION: forcing a failure. [ 65.180986][ T3076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.194198][ T3076] CPU: 1 UID: 0 PID: 3076 Comm: syz.0.881 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 65.194224][ T3076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.194234][ T3076] Call Trace: [ 65.194239][ T3076] [ 65.194246][ T3076] __dump_stack+0x21/0x30 [ 65.194268][ T3076] dump_stack_lvl+0x10c/0x190 [ 65.194284][ T3076] ? __cfi_dump_stack_lvl+0x10/0x10 [ 65.194300][ T3076] ? exc_page_fault+0x66/0xc0 [ 65.194316][ T3076] dump_stack+0x19/0x20 [ 65.194334][ T3076] should_fail_ex+0x3d9/0x530 [ 65.194350][ T3076] should_fail+0xf/0x20 [ 65.194364][ T3076] should_fail_usercopy+0x1e/0x30 [ 65.194380][ T3076] _copy_to_iter+0x1a3/0x14b0 [ 65.194400][ T3076] ? __cfi__copy_to_iter+0x10/0x10 [ 65.194416][ T3076] ? __kasan_check_write+0x18/0x20 [ 65.194432][ T3076] ? folio_mark_accessed+0x18e/0x5c0 [ 65.194451][ T3076] ? is_bpf_text_address+0x17b/0x1a0 [ 65.194471][ T3076] ? __cfi_folio_mark_accessed+0x10/0x10 [ 65.194491][ T3076] copy_page_to_iter+0x20d/0x2f0 [ 65.194509][ T3076] filemap_read+0x93c/0xef0 [ 65.194524][ T3076] ? __cfi_filemap_read+0x10/0x10 [ 65.194540][ T3076] ? __cfi_selinux_file_permission+0x10/0x10 [ 65.194560][ T3076] ? __kasan_check_write+0x18/0x20 [ 65.194575][ T3076] ? proc_fail_nth_write+0x17e/0x210 [ 65.194589][ T3076] blkdev_read_iter+0x303/0x430 [ 65.194610][ T3076] vfs_read+0x53d/0xb60 [ 65.194626][ T3076] ? __cfi_vfs_read+0x10/0x10 [ 65.194644][ T3076] ksys_read+0x141/0x250 [ 65.194659][ T3076] ? __cfi_ksys_read+0x10/0x10 [ 65.194675][ T3076] ? __kasan_check_read+0x15/0x20 [ 65.194690][ T3076] __x64_sys_read+0x7f/0x90 [ 65.194705][ T3076] x64_sys_call+0x2638/0x2ee0 [ 65.194722][ T3076] do_syscall_64+0x58/0xf0 [ 65.194740][ T3076] ? clear_bhb_loop+0x35/0x90 [ 65.194758][ T3076] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.194777][ T3076] RIP: 0033:0x7f8d6618e929 [ 65.194790][ T3076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.194802][ T3076] RSP: 002b:00007f8d67058038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 65.194819][ T3076] RAX: ffffffffffffffda RBX: 00007f8d663b5fa0 RCX: 00007f8d6618e929 [ 65.194830][ T3076] RDX: 00000000ffffff6c RSI: 0000200000000080 RDI: 000000000000000e [ 65.194840][ T3076] RBP: 00007f8d67058090 R08: 0000000000000000 R09: 0000000000000000 [ 65.194855][ T3076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 65.194864][ T3076] R13: 0000000000000000 R14: 00007f8d663b5fa0 R15: 00007ffe05a04e28 [ 65.194876][ T3076] [ 65.567000][ T3081] __vm_enough_memory: pid: 3081, comm: syz.0.883, bytes: 281474976845824 not enough memory for the allocation [ 65.611199][ T3085] rust_binder: Error while translating object. [ 65.611227][ T3085] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 65.617421][ T3085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:16 [ 65.639662][ T3087] FAULT_INJECTION: forcing a failure. [ 65.639662][ T3087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.664868][ T3087] CPU: 0 UID: 0 PID: 3087 Comm: syz.1.886 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 65.664894][ T3087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.664903][ T3087] Call Trace: [ 65.664908][ T3087] [ 65.664915][ T3087] __dump_stack+0x21/0x30 [ 65.664937][ T3087] dump_stack_lvl+0x10c/0x190 [ 65.664953][ T3087] ? __cfi_dump_stack_lvl+0x10/0x10 [ 65.664969][ T3087] ? vsnprintf+0x7b4/0x1aa0 [ 65.664984][ T3087] ? __asan_memcpy+0x5a/0x80 [ 65.664998][ T3087] dump_stack+0x19/0x20 [ 65.665011][ T3087] should_fail_ex+0x3d9/0x530 [ 65.665025][ T3087] should_fail+0xf/0x20 [ 65.665037][ T3087] should_fail_usercopy+0x1e/0x30 [ 65.665050][ T3087] _copy_from_user+0x22/0xb0 [ 65.665066][ T3087] kstrtouint_from_user+0xc2/0x150 [ 65.665087][ T3087] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 65.665101][ T3087] ? selinux_file_permission+0x309/0xb30 [ 65.665118][ T3087] ? __cfi_selinux_file_permission+0x10/0x10 [ 65.665135][ T3087] proc_fail_nth_write+0x89/0x210 [ 65.665147][ T3087] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 65.665159][ T3087] ? bpf_lsm_file_permission+0xd/0x20 [ 65.665172][ T3087] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 65.665184][ T3087] vfs_write+0x3c0/0xe80 [ 65.665199][ T3087] ? __cfi_vfs_write+0x10/0x10 [ 65.665212][ T3087] ? __kasan_check_write+0x18/0x20 [ 65.665225][ T3087] ? mutex_lock+0x92/0x1c0 [ 65.665237][ T3087] ? __cfi_mutex_lock+0x10/0x10 [ 65.665248][ T3087] ? __fget_files+0x2c5/0x340 [ 65.665266][ T3087] ksys_write+0x141/0x250 [ 65.665280][ T3087] ? __cfi_ksys_write+0x10/0x10 [ 65.665294][ T3087] ? __kasan_check_read+0x15/0x20 [ 65.665307][ T3087] __x64_sys_write+0x7f/0x90 [ 65.665321][ T3087] x64_sys_call+0x271c/0x2ee0 [ 65.665336][ T3087] do_syscall_64+0x58/0xf0 [ 65.665351][ T3087] ? clear_bhb_loop+0x35/0x90 [ 65.665368][ T3087] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.665385][ T3087] RIP: 0033:0x7f64afb8d3df [ 65.665397][ T3087] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 65.665408][ T3087] RSP: 002b:00007f64b0ad8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 65.665424][ T3087] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64afb8d3df [ 65.665434][ T3087] RDX: 0000000000000001 RSI: 00007f64b0ad80a0 RDI: 0000000000000004 [ 65.665442][ T3087] RBP: 00007f64b0ad8090 R08: 0000000000000000 R09: 0000000000000000 [ 65.665451][ T3087] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 65.665459][ T3087] R13: 0000000000000000 R14: 00007f64afdb5fa0 R15: 00007fff6ac5dbe8 [ 65.665470][ T3087] [ 66.085366][ T36] audit: type=1326 audit(1750359557.849:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3099 comm="syz.3.890" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc435f8e929 code=0x0 [ 66.135955][ T3117] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:792 [ 66.163947][ T3118] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 2 [ 66.180483][ T3118] rust_binder: Write failure EINVAL in pid:24 [ 66.249371][ T3126] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.289794][ T3126] rust_binder: Write failure EINVAL in pid:649 [ 66.318899][ T3128] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 66.333411][ T3128] rust_binder: Write failure EINVAL in pid:790 [ 66.429480][ T3135] binder: Unknown parameter 'processor : 0 [ 66.429480][ T3135] vendor_id : GenuineIntel [ 66.429480][ T3135] cpu family : 6 [ 66.429480][ T3135] model : 79 [ 66.429480][ T3135] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 66.429480][ T3135] stepping : 0 [ 66.429480][ T3135] microcode : 0xffffffff [ 66.429480][ T3135] cpu MHz : 2200.202 [ 66.429480][ T3135] cache size : 56320 KB [ 66.429480][ T3135] physical id : 0 [ 66.429480][ T3135] siblings : 2 [ 66.429480][ T3135] core id : 0 [ 66.429480][ T3135] cpu cores : 1 [ 66.429480][ T3135] apicid : 0 [ 66.429480][ T3135] initial apicid : 0 [ 66.429480][ T3135] fpu : yes [ 66.429480][ T3135] fpu_exception : yes [ 66.429480][ T3135] cpuid level : 13 [ 66.429480][ T3135] wp : yes [ 66.429480][ T3135] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 66.429480][ T3135] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 66.462565][ T36] audit: type=1400 audit(1750359558.229:255): avc: denied { mounton } for pid=3134 comm="syz.0.903" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 66.462584][ T3135] binder: Unknown parameter 'processor : 0 [ 66.462584][ T3135] vendor_id : GenuineIntel [ 66.462584][ T3135] cpu family : 6 [ 66.462584][ T3135] model : 7' [ 66.749546][ T3142] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.750283][ T3142] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.756962][ T3142] rust_binder: Error while translating object. [ 66.763435][ T3142] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 66.769649][ T3142] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:653 [ 66.933255][ T3151] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:804 [ 67.053725][ T3166] FAULT_INJECTION: forcing a failure. [ 67.053725][ T3166] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 67.077463][ T3166] CPU: 0 UID: 0 PID: 3166 Comm: syz.1.912 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 67.077488][ T3166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 67.077498][ T3166] Call Trace: [ 67.077503][ T3166] [ 67.077509][ T3166] __dump_stack+0x21/0x30 [ 67.077531][ T3166] dump_stack_lvl+0x10c/0x190 [ 67.077564][ T3166] ? __cfi_dump_stack_lvl+0x10/0x10 [ 67.077578][ T3166] ? exc_page_fault+0x66/0xc0 [ 67.077593][ T3166] dump_stack+0x19/0x20 [ 67.077607][ T3166] should_fail_ex+0x3d9/0x530 [ 67.077621][ T3166] should_fail+0xf/0x20 [ 67.077634][ T3166] should_fail_usercopy+0x1e/0x30 [ 67.077649][ T3166] _copy_to_iter+0x1a3/0x14b0 [ 67.077669][ T3166] ? __cfi__copy_to_iter+0x10/0x10 [ 67.077686][ T3166] ? __kasan_check_write+0x18/0x20 [ 67.077704][ T3166] ? folio_mark_accessed+0x2c1/0x5c0 [ 67.077725][ T3166] ? __cfi_folio_mark_accessed+0x10/0x10 [ 67.077745][ T3166] copy_page_to_iter+0x20d/0x2f0 [ 67.077765][ T3166] filemap_read+0x93c/0xef0 [ 67.077782][ T3166] ? __cfi_filemap_read+0x10/0x10 [ 67.077799][ T3166] ? __cfi_selinux_file_permission+0x10/0x10 [ 67.077821][ T3166] ? __kasan_check_write+0x18/0x20 [ 67.077837][ T3166] ? proc_fail_nth_write+0x17e/0x210 [ 67.077853][ T3166] blkdev_read_iter+0x303/0x430 [ 67.077876][ T3166] vfs_read+0x53d/0xb60 [ 67.077894][ T3166] ? __cfi_vfs_read+0x10/0x10 [ 67.077914][ T3166] ksys_read+0x141/0x250 [ 67.077932][ T3166] ? __cfi_ksys_read+0x10/0x10 [ 67.077950][ T3166] ? __kasan_check_read+0x15/0x20 [ 67.077966][ T3166] __x64_sys_read+0x7f/0x90 [ 67.077983][ T3166] x64_sys_call+0x2638/0x2ee0 [ 67.078010][ T3166] do_syscall_64+0x58/0xf0 [ 67.078030][ T3166] ? clear_bhb_loop+0x35/0x90 [ 67.078050][ T3166] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 67.078067][ T3166] RIP: 0033:0x7f64afb8e929 [ 67.078081][ T3166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.078094][ T3166] RSP: 002b:00007f64b0ad8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 67.078113][ T3166] RAX: ffffffffffffffda RBX: 00007f64afdb5fa0 RCX: 00007f64afb8e929 [ 67.078126][ T3166] RDX: 00000000ffffff6c RSI: 0000200000000080 RDI: 000000000000000f [ 67.078137][ T3166] RBP: 00007f64b0ad8090 R08: 0000000000000000 R09: 0000000000000000 [ 67.078148][ T3166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 67.078158][ T3166] R13: 0000000000000000 R14: 00007f64afdb5fa0 R15: 00007fff6ac5dbe8 [ 67.078171][ T3166] [ 67.420664][ T3173] input: syz1 as /devices/virtual/input/input50 [ 67.433245][ T3173] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 67.586363][ T291] cgroup: fork rejected by pids controller in /syz2 [ 67.641135][ T292] bridge_slave_1: left allmulticast mode [ 67.646912][ T292] bridge_slave_1: left promiscuous mode [ 67.652594][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.668803][ T292] bridge_slave_0: left allmulticast mode [ 67.674511][ T292] bridge_slave_0: left promiscuous mode [ 67.680593][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.761824][ T3182] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 212) [ 67.761847][ T3182] rust_binder: Error while translating object. [ 67.772600][ T3182] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 67.779422][ T3182] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:810 [ 67.823898][ T3184] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.840099][ T3184] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.847160][ T3184] bridge_slave_0: entered allmulticast mode [ 67.854471][ T3184] bridge_slave_0: entered promiscuous mode [ 67.861899][ T3184] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.871240][ T3184] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.878351][ T3184] bridge_slave_1: entered allmulticast mode [ 67.884774][ T3184] bridge_slave_1: entered promiscuous mode [ 67.893941][ T292] veth1_macvtap: left promiscuous mode [ 67.899551][ T292] veth0_vlan: left promiscuous mode [ 67.967243][ T3184] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.974348][ T3184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.981655][ T3184] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.988707][ T3184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.009089][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.016363][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.028402][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.035471][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.044903][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.051955][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.084012][ T3203] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 68.091722][ T3203] SELinux: failed to load policy [ 68.092053][ T3184] veth0_vlan: entered promiscuous mode [ 68.108403][ T3184] veth1_macvtap: entered promiscuous mode [ 68.176940][ T3213] binder: Binderfs stats mode cannot be changed during a remount [ 68.210156][ T3221] rust_binder: Error while translating object. [ 68.210199][ T3221] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 68.216606][ T3221] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:813 [ 68.237165][ T3227] binder: Bad value for 'max' [ 68.253173][ T3229] rust_binder: Error while translating object. [ 68.253215][ T3229] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 68.264429][ T3229] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:815 [ 68.354334][ T3238] cgroup: fork rejected by pids controller in /syz3 [ 68.392517][ T3281] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 68.392547][ T3281] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:12 [ 68.599601][ T3304] binder: Bad value for 'stats' [ 68.751124][ T3333] binder: Unknown parameter 'nonv/ppp' [ 68.776356][ T3341] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 68.809029][ T3344] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 68.948001][ T3347] rust_binder: Write failure EFAULT in pid:827 [ 68.989398][ T36] audit: type=1326 audit(1750359560.759:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3351 comm="syz.3.951" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc435f8e929 code=0x0 [ 69.133435][ T3360] binder: Unknown parameter 'maxN00000000017777777777' [ 69.262496][ T3376] binder: Bad value for 'max' [ 69.329865][ T3378] rust_binder: Error while translating object. [ 69.329893][ T3378] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 69.336159][ T3378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:25 [ 69.462448][ T3384] rust_binder: Write failure EFAULT in pid:843 [ 69.508903][ T3393] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:31 [ 69.589332][ T3404] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 69.598441][ T3404] rust_binder: Error while translating object. [ 69.609286][ T3404] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 69.615504][ T3404] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:845 [ 70.347026][ T36] audit: type=1400 audit(1750359562.109:257): avc: denied { append } for pid=3458 comm="syz.0.986" name="pfkey" dev="proc" ino=4026532457 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 70.387253][ T3461] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 70.598815][ T3471] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 70.598845][ T3471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:870 [ 70.608391][ T3471] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 70.617896][ T3471] rust_binder: Read failure Err(EFAULT) in pid:870 [ 70.630845][ T3471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:870 [ 70.860325][ T3494] SELinux: security_context_str_to_sid () failed with errno=-22 [ 70.972369][ T36] audit: type=1400 audit(1750359562.739:258): avc: granted { setsecparam } for pid=3498 comm="syz.3.1001" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 71.023938][ T3509] binder: Bad value for 'max' [ 71.169026][ T3514] rust_binder: Write failure EINVAL in pid:881 [ 71.343847][ T3523] rust_binder: Error while translating object. [ 71.357833][ T3523] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 71.357865][ T3523] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:884 [ 71.566178][ T3546] __vm_enough_memory: pid: 3546, comm: syz.0.1017, bytes: 281474976845824 not enough memory for the allocation [ 71.636625][ T3556] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 71.636660][ T3556] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:892 [ 71.652431][ T3558] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:67 [ 71.705258][ T3560] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 71.714944][ T3561] rust_binder: Write failure EINVAL in pid:67 [ 71.996210][ T36] audit: type=1400 audit(1750359563.759:259): avc: granted { setsecparam } for pid=3575 comm="syz.0.1028" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.015745][ T36] audit: type=1400 audit(1750359563.759:260): avc: granted { setsecparam } for pid=3575 comm="syz.0.1028" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.022471][ T3578] SELinux: Context is not valid (left unmapped). [ 72.039665][ T36] audit: type=1400 audit(1750359563.759:261): avc: granted { setsecparam } for pid=3575 comm="syz.0.1028" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.056401][ T3580] rust_binder: Write failure EINVAL in pid:910 [ 72.062234][ T3580] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 72.066157][ T36] audit: type=1400 audit(1750359563.759:262): avc: granted { setsecparam } for pid=3575 comm="syz.0.1028" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.076694][ T3580] rust_binder: Read failure Err(EFAULT) in pid:910 [ 72.097082][ T36] audit: type=1400 audit(1750359563.759:263): avc: granted { setsecparam } for pid=3575 comm="syz.0.1028" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 72.101188][ T3580] rust_binder: Write failure EINVAL in pid:910 [ 72.234807][ T3589] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:925 [ 72.359124][ T3598] binder: Binderfs stats mode cannot be changed during a remount [ 72.504531][ T3616] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 72.504548][ T3616] rust_binder: Error while translating object. [ 72.515382][ T3616] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 72.521721][ T3616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:72 [ 72.832324][ T3639] SELinux: security_context_str_to_sid () failed with errno=-22 [ 72.857238][ T3650] binder: Bad value for 'max' [ 72.869467][ T3652] rust_binder: Write failure EFAULT in pid:938 [ 72.879398][ T3656] rust_binder: Write failure EFAULT in pid:929 [ 73.007298][ T3665] input: syz1 as /devices/virtual/input/input55 [ 73.066015][ T3668] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 73.066047][ T3668] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:933 [ 73.280199][ T3692] binder: Bad value for 'max' [ 73.280807][ T3690] SELinux: security_context_str_to_sid (sytem_u) failed with errno=-22 [ 73.606233][ T3716] rust_binder: Write failure EFAULT in pid:941 [ 73.607622][ T3716] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:941 [ 73.626086][ T3720] input: syz1 as /devices/virtual/input/input57 [ 73.660123][ T3722] rust_binder: Write failure EINVAL in pid:947 [ 73.671000][ T3724] binder: Unknown parameter 'fscontext?}' [ 73.808917][ T3736] random: crng reseeded on system resumption [ 73.835176][ T36] audit: type=1400 audit(1750359565.599:264): avc: denied { ioctl } for pid=3734 comm="syz.1.1082" path="/dev/snapshot" dev="devtmpfs" ino=21 ioctlcmd=0x3313 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 73.910182][ T3754] rust_binder: Error while translating object. [ 73.910210][ T3754] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 73.916406][ T3754] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:962 [ 74.185369][ T3778] random: crng reseeded on system resumption [ 74.210501][ T36] audit: type=1400 audit(1750359565.979:265): avc: denied { setattr } for pid=3779 comm="syz.2.1097" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 74.243782][ T3784] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 74.247080][ T3787] kvm: user requested TSC rate below hardware speed [ 74.267941][ T36] audit: type=1326 audit(1750359566.029:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3783 comm="syz.0.1098" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x0 [ 74.277696][ T3787] kvm: user requested TSC rate below hardware speed [ 74.299731][ T3787] kvm: user requested TSC rate below hardware speed [ 74.308419][ T3787] kvm: user requested TSC rate below hardware speed [ 74.311153][ T3786] kvm: user requested TSC rate below hardware speed [ 74.315555][ T3787] kvm: user requested TSC rate below hardware speed [ 74.335935][ T3801] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 74.335957][ T3801] rust_binder: Error while translating object. [ 74.345142][ T3801] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 74.351367][ T3801] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:115 [ 74.571100][ T3816] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 74.639920][ T3822] kvm: user requested TSC rate below hardware speed [ 74.647754][ T3822] rust_binder: Failed copying remainder into alloc: EFAULT [ 74.647770][ T3822] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 74.655074][ T3822] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 74.664019][ T3822] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:123 [ 74.719644][ T3833] SELinux: failed to load policy [ 74.827689][ T3842] binder: Bad value for 'defcontext' [ 74.839432][ T3844] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 74.917788][ T3863] binder: Unknown parameter 'processor : 0 [ 74.917788][ T3863] vendor_id : GenuineIntel [ 74.917788][ T3863] cpu family : 6 [ 74.917788][ T3863] model : 79 [ 74.917788][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 74.917788][ T3863] stepping : 0 [ 74.917788][ T3863] microcode : 0xffffffff [ 74.917788][ T3863] cpu MHz : 2200.202 [ 74.917788][ T3863] cache size : 56320 KB [ 74.917788][ T3863] physical id : 0 [ 74.917788][ T3863] siblings : 2 [ 74.917788][ T3863] core id : 0 [ 74.917788][ T3863] cpu cores : 1 [ 74.917788][ T3863] apicid : 0 [ 74.917788][ T3863] 0x0000900000000000' [ 74.975751][ T3863] binder: Unknown parameter 'processor : 0 [ 74.975751][ T3863] vendor_id : GenuineIntel [ 74.975751][ T3863] cpu family : 6 [ 74.975751][ T3863] model : 79 [ 74.975751][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 74.975751][ T3863] stepping : 0 [ 74.975751][ T3863] microcode : 0xffffffff [ 74.975751][ T3863] cpu MHz : 2200.202 [ 74.975751][ T3863] cache size : 56320 KB [ 74.975751][ T3863] physical id : 0 [ 74.975751][ T3863] siblings : 2 [ 74.975751][ T3863] core id : 0 [ 74.975751][ T3863] cpu cores : 1 [ 74.975751][ T3863] apicid : 0 [ 74.975751][ T3863] 0x0000900000000000' [ 75.036650][ T3863] binder: Unknown parameter 'processor : 0 [ 75.036650][ T3863] vendor_id : GenuineIntel [ 75.036650][ T3863] cpu family : 6 [ 75.036650][ T3863] model : 79 [ 75.036650][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.036650][ T3863] stepping : 0 [ 75.036650][ T3863] microcode : 0xffffffff [ 75.036650][ T3863] cpu MHz : 2200.202 [ 75.036650][ T3863] cache size : 56320 KB [ 75.036650][ T3863] physical id : 0 [ 75.036650][ T3863] siblings : 2 [ 75.036650][ T3863] core id : 0 [ 75.036650][ T3863] cpu cores : 1 [ 75.036650][ T3863] apicid : 0 [ 75.036650][ T3863] 0x0000900000000000' [ 75.094696][ T3863] binder: Unknown parameter 'processor : 0 [ 75.094696][ T3863] vendor_id : GenuineIntel [ 75.094696][ T3863] cpu family : 6 [ 75.094696][ T3863] model : 79 [ 75.094696][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.094696][ T3863] stepping : 0 [ 75.094696][ T3863] microcode : 0xffffffff [ 75.094696][ T3863] cpu MHz : 2200.202 [ 75.094696][ T3863] cache size : 56320 KB [ 75.094696][ T3863] physical id : 0 [ 75.094696][ T3863] siblings : 2 [ 75.094696][ T3863] core id : 0 [ 75.094696][ T3863] cpu cores : 1 [ 75.094696][ T3863] apicid : 0 [ 75.094696][ T3863] 0x0000900000000000' [ 75.152598][ T3863] binder: Unknown parameter 'processor : 0 [ 75.152598][ T3863] vendor_id : GenuineIntel [ 75.152598][ T3863] cpu family : 6 [ 75.152598][ T3863] model : 79 [ 75.152598][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.152598][ T3863] stepping : 0 [ 75.152598][ T3863] microcode : 0xffffffff [ 75.152598][ T3863] cpu MHz : 2200.202 [ 75.152598][ T3863] cache size : 56320 KB [ 75.152598][ T3863] physical id : 0 [ 75.152598][ T3863] siblings : 2 [ 75.152598][ T3863] core id : 0 [ 75.152598][ T3863] cpu cores : 1 [ 75.152598][ T3863] apicid : 0 [ 75.152598][ T3863] 0x0000900000000000' [ 75.210560][ T3863] binder: Unknown parameter 'processor : 0 [ 75.210560][ T3863] vendor_id : GenuineIntel [ 75.210560][ T3863] cpu family : 6 [ 75.210560][ T3863] model : 79 [ 75.210560][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.210560][ T3863] stepping : 0 [ 75.210560][ T3863] microcode : 0xffffffff [ 75.210560][ T3863] cpu MHz : 2200.202 [ 75.210560][ T3863] cache size : 56320 KB [ 75.210560][ T3863] physical id : 0 [ 75.210560][ T3863] siblings : 2 [ 75.210560][ T3863] core id : 0 [ 75.210560][ T3863] cpu cores : 1 [ 75.210560][ T3863] apicid : 0 [ 75.210560][ T3863] 0x0000900000000000' [ 75.269079][ T3863] binder: Unknown parameter 'processor : 0 [ 75.269079][ T3863] vendor_id : GenuineIntel [ 75.269079][ T3863] cpu family : 6 [ 75.269079][ T3863] model : 79 [ 75.269079][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.269079][ T3863] stepping : 0 [ 75.269079][ T3863] microcode : 0xffffffff [ 75.269079][ T3863] cpu MHz : 2200.202 [ 75.269079][ T3863] cache size : 56320 KB [ 75.269079][ T3863] physical id : 0 [ 75.269079][ T3863] siblings : 2 [ 75.269079][ T3863] core id : 0 [ 75.269079][ T3863] cpu cores : 1 [ 75.269079][ T3863] apicid : 0 [ 75.269079][ T3863] 0x0000900000000000' [ 75.327154][ T3863] binder: Unknown parameter 'processor : 0 [ 75.327154][ T3863] vendor_id : GenuineIntel [ 75.327154][ T3863] cpu family : 6 [ 75.327154][ T3863] model : 79 [ 75.327154][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.327154][ T3863] stepping : 0 [ 75.327154][ T3863] microcode : 0xffffffff [ 75.327154][ T3863] cpu MHz : 2200.202 [ 75.327154][ T3863] cache size : 56320 KB [ 75.327154][ T3863] physical id : 0 [ 75.327154][ T3863] siblings : 2 [ 75.327154][ T3863] core id : 0 [ 75.327154][ T3863] cpu cores : 1 [ 75.327154][ T3863] apicid : 0 [ 75.327154][ T3863] 0x0000900000000000' [ 75.387090][ T3863] binder: Unknown parameter 'processor : 0 [ 75.387090][ T3863] vendor_id : GenuineIntel [ 75.387090][ T3863] cpu family : 6 [ 75.387090][ T3863] model : 79 [ 75.387090][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.387090][ T3863] stepping : 0 [ 75.387090][ T3863] microcode : 0xffffffff [ 75.387090][ T3863] cpu MHz : 2200.202 [ 75.387090][ T3863] cache size : 56320 KB [ 75.387090][ T3863] physical id : 0 [ 75.387090][ T3863] siblings : 2 [ 75.387090][ T3863] core id : 0 [ 75.387090][ T3863] cpu cores : 1 [ 75.387090][ T3863] apicid : 0 [ 75.387090][ T3863] 0x0000900000000000' [ 75.445163][ T3863] binder: Unknown parameter 'processor : 0 [ 75.445163][ T3863] vendor_id : GenuineIntel [ 75.445163][ T3863] cpu family : 6 [ 75.445163][ T3863] model : 79 [ 75.445163][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.445163][ T3863] stepping : 0 [ 75.445163][ T3863] microcode : 0xffffffff [ 75.445163][ T3863] cpu MHz : 2200.202 [ 75.445163][ T3863] cache size : 56320 KB [ 75.445163][ T3863] physical id : 0 [ 75.445163][ T3863] siblings : 2 [ 75.445163][ T3863] core id : 0 [ 75.445163][ T3863] cpu cores : 1 [ 75.445163][ T3863] apicid : 0 [ 75.445163][ T3863] 0x0000900000000000' [ 75.503197][ T3863] binder: Unknown parameter 'processor : 0 [ 75.503197][ T3863] vendor_id : GenuineIntel [ 75.503197][ T3863] cpu family : 6 [ 75.503197][ T3863] model : 79 [ 75.503197][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.503197][ T3863] stepping : 0 [ 75.503197][ T3863] microcode : 0xffffffff [ 75.503197][ T3863] cpu MHz : 2200.202 [ 75.503197][ T3863] cache size : 56320 KB [ 75.503197][ T3863] physical id : 0 [ 75.503197][ T3863] siblings : 2 [ 75.503197][ T3863] core id : 0 [ 75.503197][ T3863] cpu cores : 1 [ 75.503197][ T3863] apicid : 0 [ 75.503197][ T3863] 0x0000900000000000' [ 75.563400][ T3863] binder: Unknown parameter 'processor : 0 [ 75.563400][ T3863] vendor_id : GenuineIntel [ 75.563400][ T3863] cpu family : 6 [ 75.563400][ T3863] model : 79 [ 75.563400][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.563400][ T3863] stepping : 0 [ 75.563400][ T3863] microcode : 0xffffffff [ 75.563400][ T3863] cpu MHz : 2200.202 [ 75.563400][ T3863] cache size : 56320 KB [ 75.563400][ T3863] physical id : 0 [ 75.563400][ T3863] siblings : 2 [ 75.563400][ T3863] core id : 0 [ 75.563400][ T3863] cpu cores : 1 [ 75.563400][ T3863] apicid : 0 [ 75.563400][ T3863] 0x0000900000000000' [ 75.632064][ T3863] binder: Unknown parameter 'processor : 0 [ 75.632064][ T3863] vendor_id : GenuineIntel [ 75.632064][ T3863] cpu family : 6 [ 75.632064][ T3863] model : 79 [ 75.632064][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.632064][ T3863] stepping : 0 [ 75.632064][ T3863] microcode : 0xffffffff [ 75.632064][ T3863] cpu MHz : 2200.202 [ 75.632064][ T3863] cache size : 56320 KB [ 75.632064][ T3863] physical id : 0 [ 75.632064][ T3863] siblings : 2 [ 75.632064][ T3863] core id : 0 [ 75.632064][ T3863] cpu cores : 1 [ 75.632064][ T3863] apicid : 0 [ 75.632064][ T3863] 0x0000900000000000' [ 75.693795][ T3863] binder: Unknown parameter 'processor : 0 [ 75.693795][ T3863] vendor_id : GenuineIntel [ 75.693795][ T3863] cpu family : 6 [ 75.693795][ T3863] model : 79 [ 75.693795][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.693795][ T3863] stepping : 0 [ 75.693795][ T3863] microcode : 0xffffffff [ 75.693795][ T3863] cpu MHz : 2200.202 [ 75.693795][ T3863] cache size : 56320 KB [ 75.693795][ T3863] physical id : 0 [ 75.693795][ T3863] siblings : 2 [ 75.693795][ T3863] core id : 0 [ 75.693795][ T3863] cpu cores : 1 [ 75.693795][ T3863] apicid : 0 [ 75.693795][ T3863] 0x0000900000000000' [ 75.755267][ T3863] binder: Unknown parameter 'processor : 0 [ 75.755267][ T3863] vendor_id : GenuineIntel [ 75.755267][ T3863] cpu family : 6 [ 75.755267][ T3863] model : 79 [ 75.755267][ T3863] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 75.755267][ T3863] stepping : 0 [ 75.755267][ T3863] microcode : 0xffffffff [ 75.755267][ T3863] cpu MHz : 2200.202 [ 75.755267][ T3863] cache size : 56320 KB [ 75.755267][ T3863] physical id : 0 [ 75.755267][ T3863] siblings : 2 [ 75.755267][ T3863] core id : 0 [ 75.755267][ T3863] cpu cores : 1 [ 75.755267][ T3863] apicid : 0 [ 75.755267][ T3863] 0x0000900000000000' [ 75.830116][ T3884] rust_binder: Write failure EINVAL in pid:1012 [ 76.018367][ T3906] binder: Unknown parameter 'fscontext?}' [ 76.108037][ T3914] binder: Unknown parameter 'processor : 0 [ 76.108037][ T3914] vendor_id : GenuineIntel [ 76.108037][ T3914] cpu family : 6 [ 76.108037][ T3914] model : 79 [ 76.108037][ T3914] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 76.108037][ T3914] stepping : 0 [ 76.108037][ T3914] microcode : 0xffffffff [ 76.108037][ T3914] cpu MHz : 2200.202 [ 76.108037][ T3914] cache size : 56320 KB [ 76.108037][ T3914] physical id : 0 [ 76.108037][ T3914] siblings : 2 [ 76.108037][ T3914] core id : 0 [ 76.108037][ T3914] cpu cores : 1 [ 76.108037][ T3914] apicid : 0 [ 76.108037][ T3914] initial apicid : 0 [ 76.108037][ T3914] fpu : yes [ 76.108037][ T3914] fpu_exception : yes [ 76.108037][ T3914] cpuid level : 13 [ 76.108037][ T3914] wp : yes [ 76.108037][ T3914] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 76.108037][ T3914] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 76.222733][ T36] kauditd_printk_skb: 2 callbacks suppressed [ 76.222751][ T36] audit: type=1326 audit(1750359567.989:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3924 comm="syz.3.1148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc435f8e929 code=0x0 [ 76.450571][ T3931] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 76.450597][ T3931] rust_binder: Error while translating object. [ 76.461205][ T3931] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 76.467378][ T3931] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:154 [ 76.592578][ T3942] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 76.753801][ T3954] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1002 [ 76.766241][ T3958] rust_binder: Write failure EINVAL in pid:162 [ 76.783663][ T3962] rust_binder: Write failure EINVAL in pid:167 [ 76.811665][ T36] audit: type=1326 audit(1750359568.579:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3966 comm="syz.2.1162" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb46ab8e929 code=0x0 [ 76.812497][ T3965] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1005 [ 76.894905][ T3973] rust_binder: Write failure EINVAL in pid:1005 [ 76.957464][ T3980] rust_binder: Failed to allocate buffer. len:128, is_oneway:true [ 77.343920][ T36] audit: type=1326 audit(1750359569.109:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3994 comm="syz.3.1171" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc435f8e929 code=0x0 [ 77.381890][ T36] audit: type=1326 audit(1750359569.149:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3996 comm="syz.1.1172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64afb8e929 code=0x7ffc0000 [ 77.388874][ T3997] binder: Unknown parameter 'context' [ 77.405324][ T36] audit: type=1326 audit(1750359569.149:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3996 comm="syz.1.1172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64afb8e929 code=0x7ffc0000 [ 77.438363][ T36] audit: type=1326 audit(1750359569.159:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3996 comm="syz.1.1172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f64afb8e929 code=0x7ffc0000 [ 77.460469][ T4004] rust_binder: Write failure EFAULT in pid:247 [ 77.461922][ T36] audit: type=1326 audit(1750359569.189:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3996 comm="syz.1.1172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64afb8e929 code=0x7ffc0000 [ 77.491763][ T36] audit: type=1326 audit(1750359569.189:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3996 comm="syz.1.1172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64afb8e929 code=0x7ffc0000 [ 77.515415][ T36] audit: type=1326 audit(1750359569.189:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3996 comm="syz.1.1172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f64afb8e929 code=0x7ffc0000 [ 77.539518][ T36] audit: type=1326 audit(1750359569.189:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3996 comm="syz.1.1172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64afb8e929 code=0x7ffc0000 [ 77.603125][ T4006] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:249 [ 77.603208][ T4006] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 77.612565][ T4006] rust_binder: Read failure Err(EFAULT) in pid:249 [ 77.763964][ T4010] SELinux: security_context_str_to_sid () failed with errno=-22 [ 77.808028][ T4013] rust_binder: Write failure EINVAL in pid:255 [ 77.984126][ T4029] SELinux: failed to load policy [ 77.996278][ T4029] rust_binder: Write failure EINVAL in pid:179 [ 78.122231][ T4039] rust_binder: validate_parent_fixup: new_min_offset=36028797018964027, sg_entry.length=64 [ 78.128468][ T4039] rust_binder: Error while translating object. [ 78.138594][ T4039] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 78.144768][ T4039] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:181 [ 78.154562][ T4040] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 78.180532][ T4045] binder: Unknown parameter 'sUatZ' [ 78.215851][ T4050] binder: Unknown parameter 'defcontext01777777777777777777777' [ 78.259117][ T4055] random: crng reseeded on system resumption [ 78.287361][ T4056] input: syz0 as /devices/virtual/input/input62 [ 78.404778][ T4068] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000200000ffc000 not found [ 78.413008][ T4068] rust_binder: Write failure EINVAL in pid:190 [ 78.413389][ T4068] binder: Unknown parameter 'nXI' [ 78.425703][ T4069] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 78.444402][ T4073] rust_binder: Error in use_page_slow: ESRCH [ 78.444792][ T4077] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 78.451038][ T4073] rust_binder: use_range failure ESRCH [ 78.457131][ T4077] SELinux: failed to load policy [ 78.469014][ T4073] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 78.472819][ T4075] rust_binder: Write failure EFAULT in pid:195 [ 78.477832][ T4073] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 78.491718][ T4073] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1020 [ 78.497057][ T4079] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 78.511779][ T4079] rust_binder: Error while translating object. [ 78.523855][ T4079] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 78.537655][ T4079] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:199 [ 78.551578][ T4085] can0: slcan on ttyS3. [ 78.566327][ T4085] input: syz0 as /devices/virtual/input/input64 [ 78.633934][ T4100] binder: Bad value for 'max' [ 78.808822][ T4126] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:203 [ 78.868876][ T4132] random: crng reseeded on system resumption [ 78.902619][ T4134] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 78.902650][ T4134] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:283 [ 78.915168][ T4132] binder: Bad value for 'context' [ 78.986617][ T4140] rust_binder: Write failure EINVAL in pid:286 [ 79.136722][ T4149] SELinux: policydb version -1471323589 does not match my version range 15-33 [ 79.152067][ T4149] SELinux: failed to load policy [ 79.175458][ T4151] binder: Bad value for 'max' [ 79.193304][ T4153] kvm_intel: kvm [4152]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 79.391212][ T4160] binder: Unknown parameter 'coyBLV"i5ntext' [ 79.421201][ T4084] can0 (unregistered): slcan off ttyS3. [ 79.427246][ T4167] rust_binder: Error while translating object. [ 79.427274][ T4167] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 79.433641][ T4167] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1057 [ 79.458354][ T4167] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 79.493093][ T4167] rust_binder: Write failure EINVAL in pid:1057 [ 79.724229][ T4212] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 79.738047][ T4212] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:211 [ 79.754454][ T4215] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 79.777450][ T4215] rust_binder: Write failure EINVAL in pid:1054 [ 79.883846][ T4225] binder: Bad value for 'defcontext' [ 79.898592][ T4230] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 79.921523][ T4232] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 79.942531][ T4232] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 80.202458][ T4262] rust_binder: Error while translating object. [ 80.222804][ T4262] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 80.234257][ T4262] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:312 [ 80.259838][ T4274] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=320745794 (2565966352 ns) > initial count (325012024 ns). Using initial count to start timer. [ 80.276445][ T4279] binder: Bad value for 'max' [ 80.292563][ T4281] binder: Bad value for 'max' [ 80.532991][ T4305] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 80.566309][ T4312] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 80.566329][ T4312] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 80.574949][ T4312] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:320 [ 80.593573][ T4312] PM: Enabling pm_trace changes system date and time during resume. [ 80.593573][ T4312] PM: Correct system time has to be restored manually after resume. [ 80.700222][ T4318] rust_binder: Read failure Err(EAGAIN) in pid:326 [ 80.799831][ T4323] SELinux: policydb magic number 0x46055c does not match expected magic number 0xf97cff8c [ 80.816507][ T4323] SELinux: failed to load policy [ 81.029651][ T4337] rust_binder: Error while translating object. [ 81.029692][ T4337] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 81.035891][ T4337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:330 [ 81.071111][ T4342] binder: Unknown parameter './binderfs' [ 81.179896][ T4351] binder: Unknown parameter 'fowner>18446744073709551615' [ 81.213344][ T4351] rust_binder: Write failure EINVAL in pid:237 [ 81.224955][ T4350] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1089 [ 81.388773][ T4353] SELinux: policydb magic number 0x236dfea7 does not match expected magic number 0xf97cff8c [ 81.410236][ T4353] SELinux: failed to load policy [ 81.415748][ T4353] binder: Unknown parameter 'stats ' [ 81.607163][ T4374] rust_binder: Write failure EFAULT in pid:245 [ 81.621605][ T4378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:249 [ 81.634342][ T4381] rust_binder: Write failure EFAULT in pid:252 [ 81.742887][ T36] kauditd_printk_skb: 26 callbacks suppressed [ 81.742904][ T36] audit: type=1326 audit(1750359573.509:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4391 comm="syz.3.1287" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc435f8e929 code=0x0 [ 81.775142][ T4390] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:252 [ 82.279727][ T4444] binder: Bad value for 'stats' [ 82.304027][ T4444] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 82.309853][ T4444] pim6reg0: linktype set to 769 [ 82.576555][ T4456] binder: Unknown parameter 'nonv/rnullb0' [ 82.585390][ T4458] SELinux: failed to load policy [ 82.596417][ T4458] __vm_enough_memory: pid: 4458, comm: syz.0.1309, bytes: 281474976845824 not enough memory for the allocation [ 82.609279][ T4458] binder: Unknown parameter 'Oq*[zb' [ 82.633515][ T4460] binder: Bad value for 'stats' [ 82.666806][ T4463] SELinux: failed to load policy [ 82.709448][ T4465] binder: Unknown parameter 'lrRN' [ 82.764650][ T36] audit: type=1326 audit(1750359574.529:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm="syz.0.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.788143][ T36] audit: type=1326 audit(1750359574.529:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm="syz.0.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.794139][ T4474] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 82.811943][ T36] audit: type=1326 audit(1750359574.529:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.812333][ T4474] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:351 [ 82.831917][ T36] audit: type=1326 audit(1750359574.529:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.843878][ T4474] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 82.856767][ T36] audit: type=1326 audit(1750359574.529:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm="$,@.-,$!" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.877506][ T4474] rust_binder: Read failure Err(EFAULT) in pid:351 [ 82.884180][ T36] audit: type=1326 audit(1750359574.529:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm="$,@.-,$!" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.941115][ T36] audit: type=1326 audit(1750359574.549:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm="$,@.-,$!" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.964689][ T36] audit: type=1326 audit(1750359574.549:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4466 comm="$,@.-,$!" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6618e929 code=0x7ffc0000 [ 82.988784][ T4478] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 82.996971][ T4478] rust_binder: Write failure EINVAL in pid:353 [ 83.022254][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.028801][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.034965][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.050531][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.050549][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.056989][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.066612][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.073414][ T4483] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 83.160923][ T36] audit: type=1326 audit(1750359574.929:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4497 comm="syz.1.1324" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64afb8e929 code=0x0 [ 83.209400][ T4501] SELinux: security_context_str_to_sid () failed with errno=-22 [ 83.263192][ T4506] rust_binder: Write failure EINVAL in pid:1117 [ 84.012316][ T4530] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 152, size: 246) [ 84.018751][ T4530] rust_binder: Error while translating object. [ 84.029785][ T4530] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 84.036048][ T4530] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:371 [ 84.109703][ T4532] kvm: user requested TSC rate below hardware speed [ 84.226854][ T4540] input: syz0 as /devices/virtual/input/input72 [ 84.396590][ T4548] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 84.612157][ T4564] rust_binder: Error while translating object. [ 84.612196][ T4564] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 84.619985][ T4564] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1189 [ 84.629496][ T4562] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:392 [ 84.658267][ T4567] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1140 [ 84.824529][ T4586] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 84.834421][ T4586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:397 [ 84.844089][ T4586] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 84.853343][ T4586] rust_binder: Read failure Err(EFAULT) in pid:397 [ 84.883387][ T4588] binder: Unknown parameter 'context0000000000' [ 84.899504][ T4588] tap0: tun_chr_ioctl cmd 1074025677 [ 84.904894][ T4588] tap0: linktype set to 774 [ 85.094649][ T4603] input: syz1 as /devices/virtual/input/input73 [ 85.310593][ T4615] input: syz0 as /devices/virtual/input/input74 [ 85.379044][ T292] bridge_slave_1: left allmulticast mode [ 85.384777][ T292] bridge_slave_1: left promiscuous mode [ 85.390559][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.398373][ T292] bridge_slave_0: left allmulticast mode [ 85.404129][ T292] bridge_slave_0: left promiscuous mode [ 85.412375][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.533936][ T4630] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 85.533962][ T4630] rust_binder: Error while translating object. [ 85.546088][ T4630] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 85.552342][ T4630] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:277 [ 85.573444][ T4610] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.585059][ T4637] rust_binder: Write failure EINVAL in pid:1161 [ 85.589758][ T4610] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.591177][ T4637] rust_binder: Write failure EINVAL in pid:1161 [ 85.596042][ T4610] bridge_slave_0: entered allmulticast mode [ 85.605075][ T4637] binder: Bad value for 'stats' [ 85.610888][ T4610] bridge_slave_0: entered promiscuous mode [ 85.626645][ T4610] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.633707][ T4610] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.641010][ T4610] bridge_slave_1: entered allmulticast mode [ 85.654898][ T4610] bridge_slave_1: entered promiscuous mode [ 85.672539][ T292] veth1_macvtap: left promiscuous mode [ 85.678784][ T292] veth0_vlan: left promiscuous mode [ 85.703251][ T4649] rust_binder: Error while translating object. [ 85.703289][ T4649] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 85.718573][ T4649] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1207 [ 85.788784][ T4660] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1169 [ 85.827776][ T4663] binder: Bad value for 'max' [ 85.863026][ T4665] rust_binder: Write failure EINVAL in pid:1214 [ 85.878019][ T4668] rust_binder: Got transaction with invalid offset. [ 85.884770][ T4668] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 85.891619][ T4668] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1217 [ 85.913091][ T4668] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 85.913245][ T4670] rust_binder: Got transaction with invalid offset. [ 85.920891][ T4670] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 85.927731][ T4670] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1217 [ 85.949776][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.966052][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.984279][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.991373][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.032815][ T4610] veth0_vlan: entered promiscuous mode [ 86.045251][ T4610] veth1_macvtap: entered promiscuous mode [ 86.138111][ T4684] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 86.161634][ T4689] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 86.168143][ T4689] rust_binder: Error while translating object. [ 86.176817][ T4689] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 86.183110][ T4689] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1173 [ 86.406576][ T4694] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 86.416355][ T4694] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 86.430347][ T4696] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 86.799571][ T36] kauditd_printk_skb: 85 callbacks suppressed [ 86.799587][ T36] audit: type=1400 audit(1750359578.569:400): avc: denied { read write } for pid=4720 comm="syz.3.1396" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 86.829768][ T36] audit: type=1400 audit(1750359578.569:401): avc: denied { open } for pid=4720 comm="syz.3.1396" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 86.853673][ T36] audit: type=1400 audit(1750359578.569:402): avc: denied { ioctl } for pid=4720 comm="syz.3.1396" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 86.897242][ T4724] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 86.897561][ T4724] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 86.967133][ T4727] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1198 [ 86.969946][ T36] audit: type=1400 audit(1750359578.739:403): avc: granted { setsecparam } for pid=4728 comm="syz.1.1400" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 87.002941][ T4727] rust_binder: Write failure EINVAL in pid:1198 [ 87.003125][ T36] audit: type=1400 audit(1750359578.779:404): avc: denied { write } for pid=4723 comm="syz.3.1398" name="pfkey" dev="proc" ino=4026532581 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 87.043262][ T36] audit: type=1400 audit(1750359578.809:405): avc: denied { read } for pid=4732 comm="syz.2.1401" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 87.052894][ T4733] SELinux: failed to load policy [ 87.066351][ T36] audit: type=1400 audit(1750359578.809:406): avc: denied { open } for pid=4732 comm="syz.2.1401" path="/dev/rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 87.096341][ T36] audit: type=1400 audit(1750359578.829:407): avc: denied { ioctl } for pid=4732 comm="syz.2.1401" path="/dev/rtc0" dev="devtmpfs" ino=195 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 87.099463][ T4733] rust_binder: Error in use_page_slow: ESRCH [ 87.121467][ T36] audit: type=1400 audit(1750359578.829:408): avc: denied { load_policy } for pid=4732 comm="syz.2.1401" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 87.129644][ T4733] rust_binder: use_range failure ESRCH [ 87.147541][ T4733] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 87.153200][ T4733] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 87.161071][ T4733] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:288 [ 87.213684][ T4739] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 87.222779][ T4739] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:23 [ 87.420571][ T36] audit: type=1400 audit(1750359579.189:409): avc: denied { ioctl } for pid=4753 comm="syz.1.1407" path="/dev/fuse" dev="devtmpfs" ino=23 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 87.486963][ T4756] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 87.486988][ T4756] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1236 [ 87.621546][ T4759] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 87.639674][ T4758] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 87.639938][ T4759] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 87.819698][ T4769] rust_binder: Failed to allocate buffer. len:4144, is_oneway:false [ 87.941670][ T4773] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 87.957098][ T4773] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 87.994729][ T4776] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 87.994754][ T4776] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1238 [ 88.164802][ T4779] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 88.174112][ T4779] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1241 [ 88.277589][ T4784] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 88.286964][ T4784] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:39 [ 88.312594][ T4787] rust_binder: Got transaction with invalid offset. [ 88.322174][ T4787] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 88.329818][ T4787] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:42 [ 88.666673][ T4820] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1211 [ 88.759710][ T4825] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 88.861653][ T4834] rust_binder: Error while translating object. [ 88.874974][ T4834] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 88.885071][ T4834] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:48 [ 88.981513][ T4850] binder: Unknown parameter 'dir' [ 89.212261][ T4865] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 89.333551][ T4869] rust_binder: Error while translating object. [ 89.333579][ T4869] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 89.344565][ T4869] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:63 [ 89.410695][ T4876] rust_binder: Failed copying remainder into alloc: EFAULT [ 89.419846][ T4876] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 89.427183][ T4876] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 89.435559][ T4876] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1272 [ 89.931797][ T4883] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 90.107798][ T4886] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 90.114629][ T4888] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 90.131496][ T4888] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 90.131657][ T4888] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 152, limit: 160, size: 255) [ 90.138073][ T4888] rust_binder: Error while translating object. [ 90.148699][ T4888] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 90.154875][ T4888] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1230 [ 90.209048][ T4891] binder: Unknown parameter 'fscontext?}' [ 90.332654][ T4898] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 90.381454][ T4896] binder: Unknown parameter '01777777777777777777777' [ 90.400251][ T4910] rust_binder: Write failure EINVAL in pid:1285 [ 90.400321][ T4910] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1285 [ 90.485607][ T4915] binder: Bad value for 'max' [ 90.549399][ T60] bridge_slave_1: left allmulticast mode [ 90.555058][ T60] bridge_slave_1: left promiscuous mode [ 90.560845][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.568412][ T60] bridge_slave_0: left allmulticast mode [ 90.574716][ T4917] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 90.578190][ T60] bridge_slave_0: left promiscuous mode [ 90.586590][ T4919] binder: Bad value for 'max' [ 90.591776][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.749084][ T4926] binder: Bad value for 'stats' [ 90.760926][ T4929] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:314 [ 90.762289][ T4929] kvm: user requested TSC rate below hardware speed [ 90.784768][ T60] veth1_macvtap: left promiscuous mode [ 90.790399][ T60] veth0_vlan: left promiscuous mode [ 90.837796][ T4894] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.844871][ T4894] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.851964][ T4894] bridge_slave_0: entered allmulticast mode [ 90.858108][ T4894] bridge_slave_0: entered promiscuous mode [ 90.864415][ T4894] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.871479][ T4894] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.878581][ T4894] bridge_slave_1: entered allmulticast mode [ 90.884844][ T4894] bridge_slave_1: entered promiscuous mode [ 90.928066][ T4894] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.935119][ T4894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.942395][ T4894] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.949430][ T4894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.990841][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.999467][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.009022][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.016096][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.034407][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.041486][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.046984][ T4946] rust_binder: Write failure EINVAL in pid:1294 [ 91.052832][ T4946] rust_binder: Write failure EINVAL in pid:1294 [ 91.074825][ T4894] veth0_vlan: entered promiscuous mode [ 91.096773][ T4950] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:316 [ 91.096886][ T4950] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:316 [ 91.100784][ T4894] veth1_macvtap: entered promiscuous mode [ 91.185015][ T4952] input: syz1 as /devices/virtual/input/input75 [ 91.229261][ T4956] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 91.240226][ T4957] binder: Unknown parameter 'processor : 0 [ 91.240226][ T4957] vendor_id : GenuineIntel [ 91.240226][ T4957] cpu family : 6 [ 91.240226][ T4957] model : 79 [ 91.240226][ T4957] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 91.240226][ T4957] stepping : 0 [ 91.240226][ T4957] microcode : 0xffffffff [ 91.240226][ T4957] cpu MHz : 2200.202 [ 91.240226][ T4957] cache size : 56320 KB [ 91.240226][ T4957] physical id : 0 [ 91.240226][ T4957] siblings : 2 [ 91.240226][ T4957] core id : 0 [ 91.240226][ T4957] cpu cores : 1 [ 91.240226][ T4957] apicid : 0 [ 91.240226][ T4957] initial apicid : 0 [ 91.240226][ T4957] fpu : yes [ 91.240226][ T4957] fpu_exception : yes [ 91.240226][ T4957] cpuid level : 13 [ 91.240226][ T4957] wp : yes [ 91.240226][ T4957] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 91.240226][ T4957] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 91.258641][ T4959] input: syz0 as /devices/virtual/input/input76 [ 91.308979][ T4962] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 91.408839][ T4962] rust_binder: Write failure EINVAL in pid:4 [ 91.491801][ T4968] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 91.497919][ T4968] rust_binder: Error while translating object. [ 91.508606][ T4968] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 91.514791][ T4968] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:11 [ 91.536075][ T4970] binder: Bad value for 'max' [ 91.786029][ T4984] rust_binder: Error while translating object. [ 91.786074][ T4984] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 91.792433][ T4984] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:16 [ 91.798874][ T4986] rust_binder: Error while translating object. [ 91.811218][ T4986] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 91.813196][ T4988] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:18 [ 91.817443][ T4986] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:106 [ 91.830330][ T4988] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 91.845601][ T4988] rust_binder: Read failure Err(EFAULT) in pid:18 [ 91.857500][ T4988] input: syz1 as /devices/virtual/input/input77 [ 91.976855][ T4991] binder: Unknown parameter 'euid' [ 91.982953][ T36] kauditd_printk_skb: 16 callbacks suppressed [ 91.982968][ T36] audit: type=1400 audit(1750359583.759:426): avc: denied { execute } for pid=4990 comm="syz.1.1489" path="/38/cpu.stat" dev="tmpfs" ino=213 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 92.049694][ T4993] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 92.049725][ T4993] rust_binder: Error in use_page_slow: EBUSY [ 92.060153][ T4993] rust_binder: use_range failure EBUSY [ 92.066218][ T4993] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 92.071770][ T4993] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 92.079793][ T4993] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 92.089223][ T4993] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:110 [ 92.145580][ T36] audit: type=1326 audit(1750359583.909:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4995 comm="syz.1.1491" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f658bb8e929 code=0x0 [ 92.188960][ T4999] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 92.188989][ T4999] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:319 [ 92.189958][ T5000] rust_binder: Error while translating object. [ 92.207676][ T5000] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 92.214266][ T5000] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:21 [ 92.251154][ T5010] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 92.260501][ T5010] rust_binder: Error while translating object. [ 92.271683][ T5010] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 92.278014][ T5010] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:113 [ 92.289987][ T5012] rust_binder: Error while translating object. [ 92.299152][ T5012] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 92.305303][ T5012] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:325 [ 92.335418][ T5014] rust_binder: Error in use_page_slow: ESRCH [ 92.335434][ T5014] rust_binder: use_range failure ESRCH [ 92.341463][ T5014] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 92.346931][ T5014] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 92.354851][ T5014] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:327 [ 92.374267][ T5017] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:330 [ 92.434839][ T5018] rust_binder: Write failure EINVAL in pid:330 [ 92.717944][ T5026] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 92.773823][ T5032] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 92.780453][ T5031] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 93.000232][ T36] audit: type=1400 audit(1750359584.769:428): avc: denied { append } for pid=5047 comm="syz.0.1510" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 93.051698][ T5051] binder: Bad value for 'stats' [ 93.052922][ T5052] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 93.059893][ T5052] rust_binder: Failed to allocate buffer. len:112, is_oneway:false [ 93.110615][ T36] audit: type=1400 audit(1750359584.879:429): avc: denied { append } for pid=5054 comm="syz.1.1513" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 93.237040][ T5068] SELinux: failed to load policy [ 93.242782][ T36] audit: type=1326 audit(1750359585.019:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5064 comm="syz.2.1516" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb46ab8e929 code=0x0 [ 93.293209][ T5078] rust_binder: Write failure EFAULT in pid:48 [ 93.300248][ T5080] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 93.306475][ T5080] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:50 [ 93.336439][ T5085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:55 [ 93.345804][ T5085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:55 [ 93.506240][ T5101] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 93.515336][ T5101] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:128 [ 93.644735][ T5118] binder: Unknown parameter '00000000000000000000' [ 93.673241][ T5120] rust_binder: Write failure EINVAL in pid:1349 [ 93.673364][ T5120] binder: Unknown parameter '18446744073709551615' [ 93.686669][ T5121] rust_binder: Write failure EINVAL in pid:1349 [ 93.686711][ T5120] binder: Unknown parameter '18446744073709551615' [ 93.737470][ T5130] rust_binder: Write failure EFAULT in pid:1355 [ 93.871849][ T36] audit: type=1326 audit(1750359585.639:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5134 comm="syz.0.1535" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d6618e929 code=0x0 [ 93.938667][ T5138] input: syz0 as /devices/virtual/input/input78 [ 94.227130][ T36] audit: type=1400 audit(1750359585.989:432): avc: granted { setsecparam } for pid=5141 comm="syz.3.1537" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 94.299765][ T5144] KVM: debugfs: duplicate directory 5144-8 [ 94.469718][ T5147] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70 [ 94.556756][ T5149] serio: Serial port ttynull [ 94.640528][ T5155] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 94.656130][ T5160] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.664671][ T5160] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 94.671119][ T5160] rust_binder: Read failure Err(EFAULT) in pid:145 [ 94.679753][ T5160] rust_binder: Error while translating object. [ 94.686274][ T5160] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 94.693614][ T5160] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:145 [ 94.826725][ T36] audit: type=1400 audit(1750359586.589:433): avc: granted { setsecparam } for pid=5181 comm="syz.1.1552" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 94.854988][ T36] audit: type=1400 audit(1750359586.589:434): avc: granted { setsecparam } for pid=5181 comm="syz.1.1552" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 94.979608][ T5196] kvm: user requested TSC rate below hardware speed [ 95.075464][ T5202] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 95.075486][ T5202] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 95.083228][ T5202] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 95.154532][ T36] audit: type=1400 audit(1750359586.919:435): avc: denied { map } for pid=5208 comm="syz.1.1559" path="pipe:[89237]" dev="pipefs" ino=89237 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 95.226383][ T5214] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 95.236451][ T5214] rust_binder: Write failure EFAULT in pid:354 [ 95.280319][ T5223] rust_binder: Write failure EINVAL in pid:73 [ 95.307206][ T5227] rust_binder: Error while translating object. [ 95.313356][ T5227] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 95.319573][ T5227] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:77 [ 95.339740][ T5231] input: syz1 as /devices/virtual/input/input81 [ 95.356257][ T5231] SELinux: failed to load policy [ 95.434030][ T5244] rust_binder: Read failure Err(EAGAIN) in pid:81 [ 95.440674][ T5247] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:83 [ 95.447314][ T5247] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 95.456435][ T5247] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:83 [ 95.509428][ T5251] SELinux: security_context_str_to_sid (system_uGй :) failed with errno=-22 [ 95.534123][ T5253] rust_binder: Write failure EINVAL in pid:88 [ 95.570194][ T5260] rust_binder: Write failure EFAULT in pid:90 [ 95.678460][ T5276] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 95.784089][ T5279] input: syz1 as /devices/virtual/input/input83 [ 95.798648][ T5279] rust_binder: Write failure EINVAL in pid:377 [ 95.875282][ T5286] SELinux: failed to load policy [ 96.129199][ T5291] binder: Bad value for 'stats' [ 96.201799][ T5298] SELinux: security_context_str_to_sid () failed with errno=-22 [ 96.224725][ T5300] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 96.260471][ T5305] binder: Unknown parameter '184467440737095516150xffffffffffffffff' [ 96.261218][ T5307] binder: Unknown parameter '184467440737095516150xffffffffffffffff' [ 96.374497][ T5313] binder: Bad value for 'stats' [ 96.390555][ T5315] rust_binder: Write failure EINVAL in pid:390 [ 96.501432][ T5334] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:401 [ 96.972050][ T5360] SELinux: failed to load policy [ 97.041515][ T5351] rust_binder: Read failure Err(EFAULT) in pid:1412 [ 97.191032][ T5370] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 97.279835][ T5380] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 97.303563][ T5379] kvm: kvm [5378]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x186) = 0x3 [ 97.368323][ T36] kauditd_printk_skb: 3 callbacks suppressed [ 97.368339][ T36] audit: type=1400 audit(1750359589.129:439): avc: denied { ioctl } for pid=5382 comm="syz.0.1617" path="/dev/uhid" dev="devtmpfs" ino=199 ioctlcmd=0x941f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 97.399526][ T10] hid (null): unknown global tag 0xf [ 97.404940][ T10] hid (null): global environment stack underflow [ 97.418043][ T10] hid (null): unknown global tag 0x78 [ 97.431071][ T10] hid-generic 0003:4EA8:0001.0004: unexpected long global item [ 97.439920][ T10] hid-generic 0003:4EA8:0001.0004: probe with driver hid-generic failed with error -22 [ 97.475568][ T36] audit: type=1326 audit(1750359589.239:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.2.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.540715][ T36] audit: type=1326 audit(1750359589.239:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.2.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.577956][ T36] audit: type=1326 audit(1750359589.239:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.2.1619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.605358][ T36] audit: type=1326 audit(1750359589.239:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.628044][ T5371] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 97.629808][ T36] audit: type=1326 audit(1750359589.239:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.664854][ T36] audit: type=1326 audit(1750359589.239:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.665443][ T5409] rust_binder: Error while translating object. [ 97.687644][ T5409] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 97.688493][ T36] audit: type=1326 audit(1750359589.239:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.694200][ T5409] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:415 [ 97.726065][ T36] audit: type=1326 audit(1750359589.239:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.757668][ T36] audit: type=1326 audit(1750359589.239:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb46ab8e929 code=0x7ffc0000 [ 97.874088][ T5418] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 97.904492][ T5421] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 97.915460][ T5423] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 97.938849][ T5427] rust_binder: Failed copying remainder into alloc: EFAULT [ 97.938871][ T5427] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 97.946172][ T5427] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 97.956230][ T5427] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:217 [ 97.976521][ T5430] binder: Unknown parameter 'coyBLV"i5ntext' [ 98.036391][ T5436] binder: Bad value for 'stats' [ 98.054707][ T5442] rust_binder: Write failure EINVAL in pid:421 [ 98.466146][ T5463] rust_binder: Write failure EFAULT in pid:132 [ 98.472625][ T5463] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.479300][ T5463] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 98.485784][ T5463] rust_binder: Error while translating object. [ 98.497877][ T5463] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 98.504205][ T5463] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:132 [ 98.534463][ T5469] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.544315][ T5469] rust_binder: Failed to allocate buffer. len:18446744073709551520, is_oneway:false [ 98.550860][ T5469] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 98.560310][ T5469] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:138 [ 98.584159][ T5473] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 98.601636][ T5473] rust_binder: Write failure EINVAL in pid:142 [ 98.601964][ T5473] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.652207][ T5490] SELinux: syz.3.1652 (5490) set checkreqprot to 1. This is no longer supported. [ 98.669999][ T5489] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.992617][ T5497] KVM: debugfs: duplicate directory 5497-6 [ 99.073529][ T5512] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 99.237614][ T5522] rust_binder: Write failure EINVAL in pid:1450 [ 99.385156][ T5531] rust_binder: Got transaction with invalid offset. [ 99.394085][ T5531] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 99.401617][ T5531] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1456 [ 99.444786][ T5537] rust_binder: Error while translating object. [ 99.454576][ T5537] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 99.456592][ T5535] SELinux: security_context_str_to_sid () failed with errno=-22 [ 99.462619][ T5537] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:445 [ 99.515741][ T5540] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 99.533739][ T5540] rust_binder: Write failure EINVAL in pid:447 [ 99.705424][ T5549] tap0: tun_chr_ioctl cmd 1074025678 [ 99.723769][ T5549] tap0: group set to 0 [ 99.746799][ T5552] SELinux: security_context_str_to_sid () failed with errno=-22 [ 99.909940][ T5554] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 99.909972][ T5554] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1466 [ 100.304088][ T5586] rust_binder: got new transaction with bad transaction stack [ 100.313379][ T5586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:463 [ 100.823691][ T5592] random: crng reseeded on system resumption [ 100.918875][ T5595] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:175 [ 100.936258][ T5597] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 100.988209][ T5604] rust_binder: Write failure EFAULT in pid:1472 [ 101.061260][ T5602] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 101.084325][ T5602] rust_binder: Error in use_page_slow: ESRCH [ 101.091056][ T5602] rust_binder: use_range failure ESRCH [ 101.099866][ T5609] input: syz0 as /devices/virtual/input/input86 [ 101.121398][ T5602] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 101.121421][ T5602] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 101.126733][ T5611] SELinux: policydb magic number 0x66667830 does not match expected magic number 0xf97cff8c [ 101.151401][ T5602] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:182 [ 101.155959][ T5609] rust_binder: Failed copying remainder into alloc: EFAULT [ 101.164299][ T5611] SELinux: failed to load policy [ 101.189637][ T5609] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 101.191086][ T5609] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 101.214883][ T5609] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:467 [ 101.250150][ T5614] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 101.339497][ T5622] rust_binder: Write failure EINVAL in pid:249 [ 101.368311][ T5618] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 101.421586][ T5618] rust_binder: Write failure EINVAL in pid:187 [ 101.603373][ T5634] SELinux: security_context_str_to_sid () failed with errno=-22 [ 101.955489][ T5651] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 101.993183][ T5651] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 101.999762][ T5651] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:200 [ 102.185667][ T5664] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 102.445740][ T36] kauditd_printk_skb: 591 callbacks suppressed [ 102.445758][ T36] audit: type=1400 audit(1750359594.209:1040): avc: denied { read write } for pid=289 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 102.482733][ T36] audit: type=1400 audit(1750359594.209:1041): avc: denied { read write open } for pid=289 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 102.508924][ T36] audit: type=1400 audit(1750359594.209:1042): avc: denied { ioctl } for pid=289 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 102.517383][ T5677] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 102.534494][ T36] audit: type=1400 audit(1750359594.229:1043): avc: denied { read } for pid=5675 comm="syz.0.1709" name="binder0" dev="binder" ino=59 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 102.552653][ T5677] rust_binder: Failed to allocate buffer. len:24, is_oneway:false [ 102.570182][ T36] audit: type=1400 audit(1750359594.229:1044): avc: denied { read open } for pid=5675 comm="syz.0.1709" path="/dev/binderfs/binder0" dev="binder" ino=59 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 102.605234][ T36] audit: type=1400 audit(1750359594.229:1045): avc: denied { ioctl } for pid=5675 comm="syz.0.1709" path="/dev/binderfs/binder0" dev="binder" ino=59 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 102.631356][ T36] audit: type=1400 audit(1750359594.229:1046): avc: denied { set_context_mgr } for pid=5675 comm="syz.0.1709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 102.652323][ T36] audit: type=1400 audit(1750359594.229:1047): avc: denied { ioctl } for pid=5675 comm="syz.0.1709" path="/dev/binderfs/binder0" dev="binder" ino=59 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 102.678455][ T36] audit: type=1400 audit(1750359594.269:1048): avc: denied { read write } for pid=4610 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 102.704379][ T36] audit: type=1400 audit(1750359594.279:1049): avc: denied { read write open } for pid=4610 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 102.733987][ T5683] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 102.734015][ T5683] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:261 [ 105.547961][ T6050] binfmt_misc: register: failed to install interpreter file ./file0 [ 105.760154][ T60] bridge_slave_1: left allmulticast mode [ 105.765881][ T60] bridge_slave_1: left promiscuous mode [ 105.772653][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.781973][ T60] bridge_slave_0: left allmulticast mode [ 105.791683][ T60] bridge_slave_0: left promiscuous mode [ 105.807445][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.039275][ T60] veth1_macvtap: left promiscuous mode [ 106.044783][ T60] veth0_vlan: left promiscuous mode [ 108.018223][ T36] kauditd_printk_skb: 855 callbacks suppressed [ 108.018240][ T36] audit: type=1400 audit(1750359599.779:1905): avc: denied { execmem } for pid=6090 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 108.046935][ T36] audit: type=1400 audit(1750359599.779:1906): avc: denied { read } for pid=6091 comm="syz.2.1858" name="binder0" dev="binder" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 108.069942][ T36] audit: type=1400 audit(1750359599.789:1907): avc: denied { read } for pid=6091 comm="syz.2.1858" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 108.092850][ T36] audit: type=1400 audit(1750359599.809:1908): avc: denied { read } for pid=6092 comm="syz.1.1857" name="binder0" dev="binder" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 108.115707][ T36] audit: type=1400 audit(1750359599.809:1909): avc: denied { read write } for pid=4894 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 108.139801][ T36] audit: type=1400 audit(1750359599.809:1910): avc: denied { read } for pid=6092 comm="syz.1.1857" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 108.162419][ T36] audit: type=1400 audit(1750359599.909:1911): avc: denied { read } for pid=6092 comm="syz.1.1857" name="binder0" dev="binder" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 108.185123][ T36] audit: type=1400 audit(1750359599.909:1912): avc: denied { read write } for pid=4610 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 108.828913][ T36] audit: type=1400 audit(1750359600.589:1913): avc: denied { execmem } for pid=6100 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 108.860000][ T36] audit: type=1400 audit(1750359600.599:1914): avc: denied { read write } for pid=6103 comm="syz.2.1861" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=0 [ 113.098622][ T36] kauditd_printk_skb: 109 callbacks suppressed [ 113.098638][ T36] audit: type=1400 audit(1750359604.869:2024): avc: denied { execmem } for pid=6139 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 113.132403][ T36] audit: type=1400 audit(1750359604.879:2025): avc: denied { write } for pid=6141 comm="syz.2.1873" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=0 [ 113.158235][ T36] audit: type=1400 audit(1750359604.879:2026): avc: denied { mounton } for pid=6141 comm="syz.2.1873" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 113.188568][ T36] audit: type=1400 audit(1750359604.899:2027): avc: denied { read } for pid=6143 comm="syz.3.1874" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 113.211461][ T36] audit: type=1400 audit(1750359604.899:2028): avc: denied { read } for pid=6140 comm="syz.1.1872" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 113.234103][ T36] audit: type=1400 audit(1750359604.899:2029): avc: denied { mounton } for pid=6140 comm="syz.1.1872" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 113.257066][ T36] audit: type=1400 audit(1750359604.909:2030): avc: denied { read write } for pid=4610 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 113.281257][ T36] audit: type=1400 audit(1750359604.919:2031): avc: denied { read append } for pid=6147 comm="syz.2.1875" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=0 [ 113.304489][ T36] audit: type=1400 audit(1750359604.919:2032): avc: denied { read } for pid=6147 comm="syz.2.1875" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 113.327086][ T36] audit: type=1400 audit(1750359604.919:2033): avc: denied { read write } for pid=6147 comm="syz.2.1875" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 115.918691][ T6172] tun0: tun_chr_ioctl cmd 1074025675 [ 115.923989][ T6172] tun0: persist enabled [ 115.928313][ T6172] tun0: tun_chr_ioctl cmd 1074025675 [ 115.933647][ T6172] tun0: persist enabled [ 118.986967][ T36] kauditd_printk_skb: 101 callbacks suppressed [ 118.986984][ T36] audit: type=1400 audit(1750359610.749:2135): avc: denied { execmem } for pid=6180 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 119.014657][ T36] audit: type=1400 audit(1750359610.769:2136): avc: denied { read } for pid=6181 comm="syz.1.1885" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 119.038481][ T36] audit: type=1400 audit(1750359610.769:2137): avc: denied { read } for pid=6181 comm="syz.1.1885" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 119.062542][ T36] audit: type=1400 audit(1750359610.779:2138): avc: denied { read write } for pid=4610 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 119.087128][ T36] audit: type=1400 audit(1750359610.789:2139): avc: denied { read } for pid=6185 comm="syz.2.1886" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 119.109833][ T36] audit: type=1400 audit(1750359610.789:2140): avc: denied { read } for pid=6185 comm="syz.2.1886" name="binder1" dev="binder" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 119.132794][ T36] audit: type=1400 audit(1750359610.789:2141): avc: denied { read } for pid=6185 comm="syz.2.1886" name="binder1" dev="binder" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 119.155479][ T36] audit: type=1400 audit(1750359610.789:2142): avc: denied { read } for pid=6185 comm="syz.2.1886" name="binder1" dev="binder" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 119.178182][ T36] audit: type=1400 audit(1750359610.789:2143): avc: denied { read } for pid=6185 comm="syz.2.1886" name="binder1" dev="binder" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 119.201152][ T36] audit: type=1400 audit(1750359610.789:2144): avc: denied { read } for pid=6185 comm="syz.2.1886" name="binder1" dev="binder" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 124.446902][ T36] kauditd_printk_skb: 37 callbacks suppressed [ 124.446918][ T36] audit: type=1400 audit(1750359616.209:2182): avc: denied { execmem } for pid=6198 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 124.481165][ T36] audit: type=1400 audit(1750359616.229:2183): avc: denied { read } for pid=6199 comm="syz.1.1891" name="binder1" dev="binder" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 124.510794][ T36] audit: type=1400 audit(1750359616.229:2184): avc: denied { read } for pid=6199 comm="syz.1.1891" name="binder0" dev="binder" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 124.534136][ T36] audit: type=1400 audit(1750359616.239:2185): avc: denied { read write } for pid=4610 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 124.558243][ T36] audit: type=1400 audit(1750359616.239:2186): avc: denied { read } for pid=6201 comm="syz.3.1893" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 124.580953][ T36] audit: type=1400 audit(1750359616.249:2187): avc: denied { read } for pid=6200 comm="syz.2.1892" name="binder0" dev="binder" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 124.603650][ T36] audit: type=1400 audit(1750359616.249:2188): avc: denied { read } for pid=6201 comm="syz.3.1893" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 124.626332][ T36] audit: type=1400 audit(1750359616.259:2189): avc: denied { read } for pid=6201 comm="syz.3.1893" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 124.649034][ T36] audit: type=1400 audit(1750359616.259:2190): avc: denied { read write } for pid=6201 comm="syz.3.1893" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=0 [ 124.673184][ T36] audit: type=1400 audit(1750359616.279:2191): avc: denied { append } for pid=6205 comm="syz.1.1894" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=0 [ 126.732993][ T60] bridge_slave_1: left allmulticast mode [ 126.738679][ T60] bridge_slave_1: left promiscuous mode [ 126.744261][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.751913][ T60] bridge_slave_0: left allmulticast mode [ 126.757552][ T60] bridge_slave_0: left promiscuous mode [ 126.763303][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.989318][ T60] veth1_macvtap: left promiscuous mode [ 126.994814][ T60] veth0_vlan: left promiscuous mode [ 127.939600][ T60] bridge_slave_1: left allmulticast mode [ 127.945246][ T60] bridge_slave_1: left promiscuous mode [ 127.950914][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.958291][ T60] bridge_slave_0: left allmulticast mode [ 127.964021][ T60] bridge_slave_0: left promiscuous mode [ 127.969656][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.977152][ T60] bridge_slave_1: left allmulticast mode [ 127.982842][ T60] bridge_slave_1: left promiscuous mode [ 127.988434][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.996108][ T60] bridge_slave_0: left allmulticast mode [ 128.001778][ T60] bridge_slave_0: left promiscuous mode [ 128.007364][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.319856][ T60] veth1_macvtap: left promiscuous mode [ 128.325358][ T60] veth0_vlan: left promiscuous mode [ 128.330894][ T60] veth1_macvtap: left promiscuous mode [ 128.336389][ T60] veth0_vlan: left promiscuous mode