last executing test programs: 19.105900067s ago: executing program 1 (id=586): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000001) mmap(&(0x7f0000701000/0x4000)=nil, 0x4000, 0x200000a, 0x12, r0, 0x2546c000) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00') ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0) close_range(r0, r0, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0) r1 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder-control\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x32, 0xffffffffffffffff, 0x2ec37000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000180)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000e6044d564b"]) ioctl$BINDER_CTL_ADD(r1, 0xc1086201, &(0x7f0000000540)={'binder1\x00'}) 19.094595598s ago: executing program 1 (id=587): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000000a8955b94384ed2b27e7fdaeefa5ce0900bed39178b3404cf4a582be44e90eec4d7cb3adef8cfbc39b46e1b4a25cd6498f5b7e24593719b049d13"]) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x90, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x2, &(0x7f0000000240)=""/13, 0xd, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000100)={@fd={0x66642a85, 0x0, r0}, @flat=@binder={0x73622a85, 0xa, 0x3}, @fda={0x66646185, 0x7, 0x2, 0xa}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) 19.074000798s ago: executing program 1 (id=588): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom0\x00', 0x800, 0x0) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000080)=0x6) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x10, 0x0, &(0x7f00000000c0)=[@clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0}) 19.010783419s ago: executing program 1 (id=590): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000014d564b00000000ab00"]) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x22201, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x4, 0x2000, 0x1}) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) read(r6, &(0x7f0000000080)=""/93, 0xffffff6c) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d73792274656d5f75dd47d0b9"]) 18.501572097s ago: executing program 1 (id=599): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000280)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000000000096000040"]) read(r1, &(0x7f0000000000), 0x2002) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x0, 0x3}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SMI(r8, 0xaeb7) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r9, 0x4068aea3, &(0x7f0000000200)) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000040)) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffde1, 0x18, &(0x7f0000000580)={@fd={0x66642a85, 0x0, r3}, @fda={0x66646185, 0x7, 0x0, 0x20000000016}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x18, 0x38}}, 0x40}], 0x0, 0x0, 0x0}) 18.349472339s ago: executing program 1 (id=604): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000006600), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"]) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1}) (async) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r4, 0x40046210, &(0x7f0000000000)=0x1) r6 = getpid() ioctl$BINDER_FREEZE(r5, 0x400c620e, &(0x7f0000000040)={r6, 0x0, 0x100}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xb0, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac1"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f00000000c0)='notify_on_release\x00', 0x2, 0x0) write$cgroup_int(r8, &(0x7f0000000100), 0x12) (async) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom1\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async) read(r5, &(0x7f00000003c0)=""/238, 0xee) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r10, 0x400c55cb, &(0x7f0000000280)={0xc, 0x3a53, 0x1}) (async) r11 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$TCSETAF(r11, 0x5408, &(0x7f00000007c0)={0x0, 0x0, 0xf440, 0x0, 0x0, "95bff5627804ada2"}) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 8.059662117s ago: executing program 3 (id=779): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@dont_hash}]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r2, 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0xc2a4a000) 7.919028009s ago: executing program 3 (id=780): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000002b00)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x88000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="0200000000000000010000007708000003000000f9ffffff020000000000000007000000482b46a0b11cbfc4963300000600000000000000f14887af7be6ee462876c44805815875a00db80892ed6b8cf986a98f312da239a7c70dfdc825a66cd8fd441e03329108"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYRESHEX=r8]) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r9, 0x40345410, &(0x7f0000000300)={{0x1, 0x2, 0xfffffffa, 0x0, 0x200}}) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x2010, r1, 0xea09e000) r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000080)={[0xf7, 0x8000, 0xfffffffffffffcf1, 0xd, 0x2, 0x2, 0x7fffffffffffffff, 0x100000005, 0x4, 0x7, 0x6, 0x193, 0x3, 0xb, 0x4e, 0x7], 0xf000, 0xa4000}) read$FUSE(r10, &(0x7f0000000ac0)={0x2020}, 0x2020) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffd, 0x2000000000000002, 0x9, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x8, 0x2, 0x0, 0x3, 0x6], 0x0, 0x41901}) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000b80)={'team_slave_1\x00', 0x8411}) ioctl$TUNSETOFFLOAD(r11, 0x400454c9, 0x9) ioctl$TUNATTACHFILTER(r11, 0x400454cc, 0x0) r12 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r12, 0x40087703, 0xfffffffa) 7.787392441s ago: executing program 3 (id=781): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_user(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) read(0xffffffffffffffff, &(0x7f00000000c0)=""/70, 0x46) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x400c6314, {0x1, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 7.779187981s ago: executing program 3 (id=782): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xe05, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda65083404bd7ab227f68e18cd87541bf069bde649a0b9ef1346a748d794685339973d6b59dcbe74a3caf48f4628eedfcd6900c56746f017f0845fea8c95ac7b2a4ff90940f98a163afc082ef6de72f5fddf056e5fe2d42a173f7fd5f6100933a38fad6"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000100)={0x4b29241a6eaffd29, 0x8080000, 0x401, 0x1, 0x8001}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 7.643083464s ago: executing program 3 (id=783): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x54, 0x0, 0x0, 0x8}, {0x6}]}) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0xfffd, 0x8, 0x13, 0x893}, {0x5, 0x6, 0xc, 0x2}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000) syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 6.810453896s ago: executing program 3 (id=794): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000180)) (async) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x8001, 0x7, 0x0, 0x1c, 0x5, 0x2, 0xd, 0x2, 0xf9, 0x2, 0x80, 0x9, 0x1}, {0x6, 0x80, 0x8, 0xc4, 0x8, 0x7, 0x8, 0x9, 0x7, 0xff, 0x0, 0x4}, {0xe2a5, 0xd, 0x1, 0x9, 0x2, 0x6, 0x9, 0x8, 0x7f, 0x9, 0x56, 0xc, 0x100}], 0x4}) (async) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000}) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0) 3.31718002s ago: executing program 32 (id=604): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000006600), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"]) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1}) (async) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r4, 0x40046210, &(0x7f0000000000)=0x1) r6 = getpid() ioctl$BINDER_FREEZE(r5, 0x400c620e, &(0x7f0000000040)={r6, 0x0, 0x100}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xb0, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac1"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f00000000c0)='notify_on_release\x00', 0x2, 0x0) write$cgroup_int(r8, &(0x7f0000000100), 0x12) (async) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom1\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async) read(r5, &(0x7f00000003c0)=""/238, 0xee) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r10, 0x400c55cb, &(0x7f0000000280)={0xc, 0x3a53, 0x1}) (async) r11 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) ioctl$TCSETAF(r11, 0x5408, &(0x7f00000007c0)={0x0, 0x0, 0xf440, 0x0, 0x0, "95bff5627804ada2"}) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.542718867s ago: executing program 0 (id=842): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0) 1.439069148s ago: executing program 0 (id=844): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x63761469321c3ff0, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xaa, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000080)={0x2020}, 0x2020) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f00000020c0)) read$FUSE(r1, &(0x7f0000002100)={0x2020}, 0x2020) openat$binderfs(0xffffffffffffff9c, &(0x7f0000004140)='./binderfs2/binder0\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r1, &(0x7f00000061c0)={0x2020}, 0x2020) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, &(0x7f0000000040)={0x3}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 1.438695858s ago: executing program 0 (id=845): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000180)={[0x1000, 0x6000, 0x0, 0xffff1000], 0x3}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_GET_FROZEN_INFO(r3, 0xc00c620f, 0x0) 1.35019787s ago: executing program 0 (id=847): r0 = openat$kvm(0x0, &(0x7f0000000180), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r2, 0x45809000) (async, rerun: 64) ioctl$BLKRRPART(r2, 0x125f, 0x0) (rerun: 64) r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f0000001280)={0x42800100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) 1.248683721s ago: executing program 2 (id=849): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x54, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000040)=""/23, 0x17, 0x0, 0x1}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x2, &(0x7f0000000240)=""/13, 0xd, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}, 0x10}, @release={0x40046306, 0x3}], 0xa4, 0x0, &(0x7f0000000100)="1920ff09471b1099c74e1fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5be8d760a46066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f3770a0e585841eef7a9573c3b7b763b89e69e76a52d2f89534bf9ee4f32894432ce58b74fbff98a5afea399b9b851d4c5c49a455d97780510a8e5211e6c667ba692e7bdd91281b1951f879"}) 1.211887602s ago: executing program 2 (id=850): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40800) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x4}}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x1, 0x18}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r5, 0x400454cd, 0x6) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r6, &(0x7f0000000040), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r7, 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r7, 0xc2a4a000) 998.159995ms ago: executing program 0 (id=853): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) mkdirat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x1ff) write$cgroup_pid(r2, &(0x7f0000000080), 0x12) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r3 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x480, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000c80)=ANY=[@ANYBLOB="01000000000000ef9a000040"]) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0xb4, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x58, 0x18, &(0x7f00000003c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/152, 0x98, 0x0, 0x15}, @flat=@weak_binder={0x77622a85, 0x100}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}, @release={0x40046306, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000440)={@flat=@binder={0x73622a85, 0x1014, 0x3}, @fda={0x66646185, 0x1, 0x2, 0x10}, @flat=@handle={0x73682a85, 0xa}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}}, @increfs_done={0x40106308, 0x2}], 0x5a, 0x0, &(0x7f0000000180)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac25dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) 806.856118ms ago: executing program 0 (id=855): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2400, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2400, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, 0x7cd}) (async) ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, 0x7cd}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x84}, {0x6}]}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000024"]) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000024"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f47"]) r7 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) (async) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000021000040"]) ioctl$KVM_RUN(r6, 0xae80, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) mkdirat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x1ff) write$cgroup_pid(r2, &(0x7f0000000080), 0x12) (async) write$cgroup_pid(r2, &(0x7f0000000080), 0x12) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x78, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1001, 0x2}, @fd={0x66642a85, 0x0, r0}, @flat=@weak_binder}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}, @clear_death={0x400c630f, 0x1}, @increfs_done={0x40106308, 0x1}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac25dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x78, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1001, 0x2}, @fd={0x66642a85, 0x0, r0}, @flat=@weak_binder}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}, @clear_death={0x400c630f, 0x1}, @increfs_done={0x40106308, 0x1}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac25dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) 743.307939ms ago: executing program 2 (id=856): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000140)=0x3) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000001c0)=[@release={0x40046306, 0x1}, @acquire], 0x51, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7"}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs2/binder1\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008002"]) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000002680)="adf45fd3c9041419d3c495caf0dcc96b1da49de20ace86050e76c688e4d7e5e6d26fa679d831f9648c9592da140e42ea7b2688bc1f24936c22aed3f625ad67fe1e43bc437f3b66e0d121873e884397f8be5f307c5cda8c2ec03ffed285e09326dc1c4b6580b26bb1d1eeb5882ddd7f7f69607ead63573cc07977f90b256967bd28251793252ab78c0657b85af2308d7d2eae554fe01587f7f9884d4fe389ba7fddeea68b923b04219f0743887cf751e944e5aca4840fb0f1decdc144464a95f515490bfa3a77f0a0aba382a07ff9d504a14826c79ed50c0352b2b967c56792d68ebe6699a0e8cb00518de7119171d99787896bde13051d8af3de83cce69be5b9b0422a48cd3dd8ad628175574e6265016749780b9c997b19a7fe0e86a473f6b3135a07fcbd5c2a6f7033af7943443d9ea17034fc3c6dccec7fee103ea8b2d2a2a608df4a27e8237774a0fde0b9c899221e6f798970a8ffd418509835cb5c9e65bbed1164b1c78315eb3f118d0fdb494ec6b6df302622882a15446464767e2f18cf0a5714e6bb46b0282911f38539e41c586027659dac3093103cf74c5c995954fd", 0x1a1) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) read(r7, &(0x7f0000000280)=""/4096, 0x1000) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r6, 0xf503, 0x0) prctl$PR_GET_KEEPCAPS(0x7) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x800000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, &(0x7f0000000080)) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000001280)="44532037f3d86316d3c89c80ad88927fab80ba8db9f70c9bca6c6132ca2e06367c08bf6ae53831f2d3110e17820f9599be378a37d8c6fa4dadda42108bf0904839a391873567d9c2825ebaccb5d9ea865381501ebce9f35c4ea641fa2f80ab1e39196d328dd37b86b25b600a797029dd16bbe21ee8acd04a90d593f91a39512248b2a6842f1ca17be26ad451c22349ac23f8b164e3dd7a71e4dd52c218007ca5c59c81c15c780a2a3b10850082b9214106fc895f26c89fddbdc9956a7920e9428ba0350905bbb2dc2889b0b04d80", 0xce) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r10, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0) r11 = openat(0xffffffffffffff9c, &(0x7f0000002140)='./file1\x00', 0x42, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r11) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r10, 0x1000001, 0x11, r9, 0x0) syz_clone3(&(0x7f0000000280)={0x243012400, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58) 412.608304ms ago: executing program 4 (id=858): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0) read$FUSE(r2, &(0x7f0000001440)={0x2020}, 0x2020) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@binder={0x73622a85, 0x1101, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x10}, @fda={0x66646185, 0x8, 0x1, 0x40}}, &(0x7f0000000280)={0x0, 0x18}}, 0x10}], 0x0, 0x0, 0x0}) 323.085846ms ago: executing program 4 (id=859): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x489}]}) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0) write$snapshot(r4, &(0x7f0000000040)="0700655f88", 0x5) write$snapshot(r4, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0xb03cdf087638818c, 0x3}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0xa8, 0x0, &(0x7f0000000680)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000140)={@flat=@handle={0x73682a85, 0x90a}, @fda={0x66646185, 0x6, 0x0, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f00000002c0)=""/222, 0xde, 0x1, 0x1c}}, &(0x7f0000000080)={0x0, 0x18, 0x38}}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x4, 0x2, 0x21}, @ptr={0x70742a85, 0x1, &(0x7f00000003c0)=""/105, 0x69, 0x2, 0x3f}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/245, 0xf5, 0x2, 0x35}}, &(0x7f00000001c0)={0x0, 0x20, 0x48}}}, @acquire={0x40046305, 0x1}, @acquire, @decrefs={0x40046307, 0x2}, @release={0x40046306, 0x2}], 0x4c, 0x0, &(0x7f0000000740)="8cf2f2c6da81907ab9b7e2340a743f9f3717875ba4aa2a774089caaab38f8c59c4541822af211a579876e9ae4595f8360e4c51bb9130a414a6ab704560e82e2e48e9825c4f8b1d8d11dd2582"}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000007c0)={0x73622a85, 0xa, 0x3}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0xfffffffe, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x2, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 301.055506ms ago: executing program 2 (id=860): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64) ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) (async, rerun: 64) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x80401, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(0x3) (async) ioctl$BLKRRPART(r1, 0x125f, 0x0) 219.044807ms ago: executing program 2 (id=861): mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext']) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001640)={0x56, 0x0, 0x0, 0x50, 0x0, &(0x7f00000015c0)="2e872ecf9feef474253f5f8361fb437bb53b9b904de0dbbdbb5d04df0c089fb5576056b4d0daffff29ed2e37765f6a0656665130f1deefc02ba1984f0ed5a3f68c6db7b7889ed9f103b66ac40eb3dad6"}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2881, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x418001, 0x0) openat$cgroup_ro(r3, &(0x7f0000000080)='rdma.current\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0xfffffffffffffffc, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x2004c8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020000000, 0x6011, 0x0, 0x200000], 0x6000, 0x12002}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0x8090ae81, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0f00007f0000000000010000000000000000002000000000"]) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f00000000c0), 0xa00004, &(0x7f0000000140)=ANY=[@ANYRES64=r3]) 79.13657ms ago: executing program 4 (id=862): r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000040)={0x41d, 0x2, 0xfe, 0x99f8}) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$PTP_PIN_SETFUNC2(r1, 0x40603d10, &(0x7f0000000140)) mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={[{}]}) 78.39697ms ago: executing program 4 (id=863): openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x88602, 0x0) 78.13075ms ago: executing program 4 (id=864): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000240)={0x2, 0x0, [{0x400000b4}, {0x1a7, 0x0, 0x8}]}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async) r4 = ioctl$TUNGETDEVNETNS(r3, 0xff05, 0x0) ioctl$NS_GET_USERNS(r4, 0xb701, 0x0) (async) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x3000, 0x0, 0x1, 0x0, 0x64}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000}, {0x0, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x0, 0xc, 0x9, 0x3, 0x1, 0x0, 0x0, 0x1}, {0xf000, 0x10000, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x6}, {0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3a, 0x2}, {0x0, 0xeeee8000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, 0xddf8ffdb, 0x0, 0x0, 0x3400b0, 0x8000000000000a, 0x8000, 0x3000, [0x0, 0x0, 0x2]}) (async) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x10000, 0x0) ioctl$ASHMEM_SET_SIZE(r5, 0x40087703, 0xfffffffe) (async) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x28001, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r8 = openat$cgroup_freezer_state(r7, &(0x7f0000000080), 0x2, 0x0) write$cgroup_freezer_state(r8, &(0x7f00000000c0)='FROZEN\x00', 0x7) ioctl$SNAPSHOT_FREE(r6, 0x3305) (async) close(r2) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r5, 0x0) ioctl$ASHMEM_SET_NAME(r5, 0x41007701, &(0x7f0000000000)='/de\x94/a3hmem\x00') 72.434199ms ago: executing program 2 (id=865): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close_range(r2, r2, 0x2) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x402001, 0x0) ioctl$TUNSETDEBUG(r4, 0x400454c9, &(0x7f0000000040)=0x7fffffff) (async) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f00000015c0)="2e872ecf9feef474253f5f8361fb437bb53b9b904de0dbbdbb5d04df0c089fb5576056b4d0dab2f029ed2e37765f6a0656665130f1deefc02ba1984f0ed5a3f68c6db7b7889ed9f103b66ac40eb3dad6"}) (async) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r6, 0x401c5504, &(0x7f00000002c0)={0x3f}) (async) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x3) (async) write$uinput_user_dev(r6, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0xfffffffc]}, 0x45c) (async) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, 0x0) (async) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r7, 0xc0f85403, &(0x7f0000000000)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) (async) ioctl$TUNSETPERSIST(r8, 0x400454cc, 0x0) (async) ioctl$TUNSETOFFLOAD(r8, 0x400454d0, 0x1) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, 0x0, 0x2000008, 0x12, 0xffffffffffffffff, 0x0) (async) r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r9, 0x4008af03, &(0x7f0000002cc0)={0x8, 0x0, [{0xeeef0000, 0x1000, &(0x7f0000000300)=""/4096}, {0x1, 0x8e, &(0x7f00000001c0)=""/142}, {0xdddd0000, 0x7b, &(0x7f0000001300)=""/123}, {0xdddd1000, 0x1000, &(0x7f0000001bc0)=""/4096}, {0xdddd0000, 0x41, &(0x7f0000001380)=""/65}, {0x6000, 0xe9, &(0x7f0000001400)=""/233}, {0x1000, 0x81, &(0x7f0000001500)=""/129}, {0x5000, 0xc3, &(0x7f0000002bc0)=""/195}]}) (async) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000004, 0x4010, r6, 0x786c0000) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r5, 0x50009418, 0x0) 0s ago: executing program 4 (id=866): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) getpid() ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x1d9, 0x0, 0x3}]}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x18, 0x0, &(0x7f00000001c0)=[@decrefs, @clear_death], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts. [ 25.026115][ T36] audit: type=1400 audit(1750366957.609:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.027174][ T281] cgroup: Unknown subsys name 'net' [ 25.048888][ T36] audit: type=1400 audit(1750366957.609:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.076141][ T36] audit: type=1400 audit(1750366957.649:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.076349][ T281] cgroup: Unknown subsys name 'devices' [ 25.262442][ T281] cgroup: Unknown subsys name 'hugetlb' [ 25.268075][ T281] cgroup: Unknown subsys name 'rlimit' [ 25.421003][ T36] audit: type=1400 audit(1750366958.009:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.444285][ T36] audit: type=1400 audit(1750366958.009:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.469094][ T36] audit: type=1400 audit(1750366958.009:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 25.477150][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 25.501013][ T36] audit: type=1400 audit(1750366958.089:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.526417][ T36] audit: type=1400 audit(1750366958.089:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.564328][ T36] audit: type=1400 audit(1750366958.149:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.590006][ T36] audit: type=1400 audit(1750366958.149:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.590082][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.321727][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.328895][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.350589][ T288] bridge_slave_0: entered allmulticast mode [ 26.357009][ T288] bridge_slave_0: entered promiscuous mode [ 26.372680][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.379739][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.386892][ T288] bridge_slave_1: entered allmulticast mode [ 26.393176][ T288] bridge_slave_1: entered promiscuous mode [ 26.491200][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.498255][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.505436][ T293] bridge_slave_0: entered allmulticast mode [ 26.511714][ T293] bridge_slave_0: entered promiscuous mode [ 26.519220][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.526308][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.533480][ T293] bridge_slave_1: entered allmulticast mode [ 26.539678][ T293] bridge_slave_1: entered promiscuous mode [ 26.588961][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.596073][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.603245][ T295] bridge_slave_0: entered allmulticast mode [ 26.609498][ T295] bridge_slave_0: entered promiscuous mode [ 26.615892][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.622998][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.630055][ T295] bridge_slave_1: entered allmulticast mode [ 26.636491][ T295] bridge_slave_1: entered promiscuous mode [ 26.659330][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.666443][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.673882][ T294] bridge_slave_0: entered allmulticast mode [ 26.680099][ T294] bridge_slave_0: entered promiscuous mode [ 26.687767][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.694825][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.701920][ T294] bridge_slave_1: entered allmulticast mode [ 26.708094][ T294] bridge_slave_1: entered promiscuous mode [ 26.759289][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.766547][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.773842][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.780967][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.836294][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.843402][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.850840][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.857861][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.883583][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.890690][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.897973][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.905165][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.915688][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.923136][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.930789][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.937936][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.945203][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.952550][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.976647][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.983728][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.991405][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.998425][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.032142][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.039187][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.053589][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.060709][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.068341][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.075397][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.083168][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.090194][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.103562][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.110608][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.131840][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.138891][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.169168][ T288] veth0_vlan: entered promiscuous mode [ 27.185839][ T295] veth0_vlan: entered promiscuous mode [ 27.195150][ T294] veth0_vlan: entered promiscuous mode [ 27.203629][ T288] veth1_macvtap: entered promiscuous mode [ 27.216308][ T293] veth0_vlan: entered promiscuous mode [ 27.227447][ T295] veth1_macvtap: entered promiscuous mode [ 27.240845][ T293] veth1_macvtap: entered promiscuous mode [ 27.259090][ T294] veth1_macvtap: entered promiscuous mode [ 27.287152][ T295] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 27.324197][ T307] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 27.651138][ T333] ======================================================= [ 27.651138][ T333] WARNING: The mand mount option has been deprecated and [ 27.651138][ T333] and is ignored by this kernel. Remove the mand [ 27.651138][ T333] option from the mount to silence this warning. [ 27.651138][ T333] ======================================================= [ 27.655282][ T332] binder: Unknown parameter 'defcontext01777777777777777777777' [ 27.715842][ T332] kvm: kvm [330]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x3032 [ 27.967132][ T341] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 27.969139][ T339] rust_binder: Write failure EFAULT in pid:5 [ 27.978890][ T341] rust_binder: Write failure EINVAL in pid:5 [ 28.056561][ T349] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 28.073762][ T349] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 28.083051][ T356] binder: Bad value for 'defcontext' [ 28.098589][ T349] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:14 [ 28.238578][ T378] rust_binder: Error while translating object. [ 28.248124][ T378] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 28.254358][ T378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:16 [ 28.269450][ T380] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 28.479610][ T399] rust_binder: Error while translating object. [ 28.479631][ T399] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 28.486343][ T399] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:21 [ 28.565127][ T401] rust_binder: Error while translating object. [ 28.574759][ T401] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 28.581248][ T401] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:23 [ 28.637361][ T405] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.637440][ T405] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 28.714333][ T417] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.723816][ T419] SELinux: security_context_str_to_sid () failed with errno=-22 [ 28.742314][ T416] rust_binder: Failed to allocate buffer. len:64, is_oneway:false [ 28.836005][ T427] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.873104][ T429] input: syz1 as /devices/virtual/input/input8 [ 28.989345][ T440] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:29 [ 29.007416][ T436] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.058561][ T456] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.085832][ T463] __vm_enough_memory: pid: 463, comm: syz.2.47, bytes: 281474976845824 not enough memory for the allocation [ 29.121531][ T465] rust_binder: Write failure EINVAL in pid:43 [ 29.155027][ T470] rust_binder: Error while translating object. [ 29.161280][ T470] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 29.167571][ T470] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:46 [ 29.178173][ T471] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.199734][ T473] binder: Unknown parameter 'nXI' [ 29.800725][ T512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:50 [ 29.828991][ T516] random: crng reseeded on system resumption [ 29.898102][ T516] SELinux: failed to load policy [ 29.906281][ T516] binder: Unknown parameter 'stats ' [ 29.988855][ T530] rust_binder: Write failure EINVAL in pid:56 [ 30.032636][ T537] input: syz1 as /devices/virtual/input/input11 [ 30.071555][ T539] kvm: Disabled LAPIC found during irq injection [ 30.084294][ T539] rust_binder: Got transaction with invalid offset. [ 30.084325][ T539] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.091108][ T539] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:56 [ 30.225155][ T541] binder: Bad value for 'stats' [ 30.291020][ T36] kauditd_printk_skb: 87 callbacks suppressed [ 30.291036][ T36] audit: type=1400 audit(1750366962.879:161): avc: denied { read } for pid=543 comm="syz.1.84" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 30.444336][ T557] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.447522][ T557] cgroup: fork rejected by pids controller in /syz1 [ 30.521574][ T561] rust_binder: Write failure EFAULT in pid:61 [ 30.591624][ T565] binder: Unknown parameter '' [ 30.642628][ T567] binder: Unknown parameter 'non' [ 30.728849][ T573] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 30.741494][ T13] bridge_slave_1: left allmulticast mode [ 30.747166][ T13] bridge_slave_1: left promiscuous mode [ 30.761087][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.772600][ T13] bridge_slave_0: left allmulticast mode [ 30.778307][ T13] bridge_slave_0: left promiscuous mode [ 30.785389][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.926645][ T582] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.933875][ T582] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.941097][ T582] bridge_slave_0: entered allmulticast mode [ 30.947306][ T582] bridge_slave_0: entered promiscuous mode [ 30.957442][ T582] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.966477][ T582] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.973676][ T582] bridge_slave_1: entered allmulticast mode [ 30.979887][ T582] bridge_slave_1: entered promiscuous mode [ 31.022197][ T592] rust_binder: Write failure EINVAL in pid:61 [ 31.022496][ T592] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 4096) [ 31.028610][ T592] rust_binder: Error while translating object. [ 31.028764][ T13] veth1_macvtap: left promiscuous mode [ 31.039753][ T592] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.045810][ T13] veth0_vlan: left promiscuous mode [ 31.053198][ T592] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:61 [ 31.084076][ T596] rust_binder: Failed to allocate buffer. len:4232, is_oneway:true [ 31.105217][ T596] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 31.113426][ T596] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:63 [ 31.123049][ T596] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 31.132258][ T596] rust_binder: Read failure Err(EFAULT) in pid:63 [ 31.173679][ T36] audit: type=1400 audit(1750366963.759:162): avc: denied { create } for pid=582 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 31.178742][ T582] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.200611][ T36] audit: type=1400 audit(1750366963.759:163): avc: denied { write } for pid=582 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 31.207556][ T582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.207647][ T582] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.235273][ T36] audit: type=1400 audit(1750366963.759:164): avc: denied { read } for pid=582 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 31.242099][ T582] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.291188][ T582] veth0_vlan: entered promiscuous mode [ 31.301670][ T582] veth1_macvtap: entered promiscuous mode [ 31.339883][ T608] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.339949][ T608] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.347072][ T609] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.365019][ T613] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 31.371569][ T613] rust_binder: Read failure Err(EFAULT) in pid:9 [ 31.396179][ T617] SELinux: policydb string does not match my string SE Linux [ 31.412967][ T617] SELinux: failed to load policy [ 31.526505][ T624] PM: Enabling pm_trace changes system date and time during resume. [ 31.526505][ T624] PM: Correct system time has to be restored manually after resume. [ 31.968024][ T647] rust_binder: Write failure EFAULT in pid:74 [ 31.968243][ T647] SELinux: policydb magic number 0x40086315 does not match expected magic number 0xf97cff8c [ 31.984909][ T647] SELinux: failed to load policy [ 32.218985][ T674] rust_binder: Write failure EINVAL in pid:81 [ 32.235111][ T680] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:107 [ 32.249093][ T682] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 32.249322][ T679] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:86 [ 32.268893][ T682] rust_binder: Error while translating object. [ 32.279837][ T682] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.286316][ T682] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:75 [ 32.298041][ T682] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:75 [ 32.322952][ T687] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:31 [ 32.385336][ T694] rust_binder: Write failure EINVAL in pid:31 [ 32.499191][ T698] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.505735][ T698] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:82 [ 32.532248][ T703] binder: Bad value for 'max' [ 32.583089][ T36] audit: type=1326 audit(1750366965.169:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=713 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d28b8e929 code=0x7ffc0000 [ 32.608080][ T36] audit: type=1326 audit(1750366965.169:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=713 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d28b8e929 code=0x7ffc0000 [ 32.633567][ T36] audit: type=1326 audit(1750366965.169:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=713 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9d28b8e929 code=0x7ffc0000 [ 32.650363][ T707] tap0: tun_chr_ioctl cmd 1074812118 [ 32.656800][ T36] audit: type=1326 audit(1750366965.169:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=713 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d28b8e929 code=0x7ffc0000 [ 32.688937][ T707] SELinux: security_context_str_to_sid () failed with errno=-22 [ 32.689525][ T36] audit: type=1326 audit(1750366965.169:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=713 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9d28b8e929 code=0x7ffc0000 [ 32.720112][ T36] audit: type=1326 audit(1750366965.169:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=713 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d28b8e929 code=0x7ffc0000 [ 32.909872][ T721] rust_binder: Write failure EFAULT in pid:99 [ 32.955686][ T727] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:99 [ 32.963232][ T727] rust_binder: Error while translating object. [ 32.972356][ T727] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.978581][ T727] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:99 [ 33.001674][ T731] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:105 [ 33.034910][ T738] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:104 [ 33.047007][ T738] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.056468][ T738] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:104 [ 33.280859][ T760] binder: Bad value for 'max' [ 33.346069][ T775] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:37 [ 33.382022][ T777] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 33.391209][ T777] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:120 [ 33.412070][ T779] binder: Bad value for 'max' [ 33.450902][ T784] binder: Unknown parameter 'stat' [ 33.476406][ T788] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 136, size: 89) [ 33.476426][ T788] rust_binder: Error while translating object. [ 33.487048][ T788] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.493287][ T788] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:124 [ 33.514905][ T791] rust_binder: Write failure EINVAL in pid:127 [ 33.524738][ T791] rust_binder: Write failure EFAULT in pid:127 [ 33.525246][ T792] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 33.538526][ T792] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:44 [ 33.583242][ T793] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:127 [ 33.897228][ T795] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 34.212601][ T807] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 34.315283][ T814] rust_binder: Write failure EINVAL in pid:47 [ 34.323282][ T817] rust_binder: Error in use_page_slow: ESRCH [ 34.329494][ T817] rust_binder: use_range failure ESRCH [ 34.335617][ T817] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 34.341115][ T817] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 34.352583][ T817] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:49 [ 34.371911][ T820] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.381590][ T820] rust_binder: Error while translating object. [ 34.388056][ T820] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.396755][ T820] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:130 [ 34.397208][ T824] rust_binder: Error while translating object. [ 34.415730][ T822] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.421689][ T824] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.426184][ T822] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.428258][ T824] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:130 [ 34.574873][ T836] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.581442][ T833] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:137 [ 34.584513][ T836] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 34.608482][ T836] rust_binder: Write failure EINVAL in pid:56 [ 34.650857][ T847] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.657623][ T847] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:67 [ 34.670587][ T847] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:67 [ 34.683144][ T850] rust_binder: Write failure EINVAL in pid:140 [ 34.713965][ T856] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 34.727462][ T856] rust_binder: Write failure EINVAL in pid:147 [ 34.754434][ T862] SELinux: failed to load policy [ 35.410325][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 35.451079][ T877] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 35.451108][ T877] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:125 [ 35.465108][ T875] input: syz0 as /devices/virtual/input/input16 [ 35.466154][ T877] rust_binder: Failed to allocate buffer. len:18446744073709551544, is_oneway:false [ 35.481637][ T36] kauditd_printk_skb: 22 callbacks suppressed [ 35.481651][ T36] audit: type=1400 audit(1750366968.069:193): avc: denied { read } for pid=94 comm="acpid" name="event3" dev="devtmpfs" ino=439 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.491365][ T877] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 35.500342][ T36] audit: type=1400 audit(1750366968.069:194): avc: denied { open } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=439 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.519699][ T877] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:125 [ 35.554662][ T877] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 35.564816][ T877] rust_binder: Read failure Err(EFAULT) in pid:125 [ 35.645916][ T881] binder: Unknown parameter 'nXI' [ 35.717580][ T893] rust_binder: Write failure EINVAL in pid:141 [ 35.742872][ T36] audit: type=1326 audit(1750366968.329:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=897 comm="syz.1.203" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6ac6d8e929 code=0x0 [ 35.839359][ T903] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 35.839377][ T903] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 35.847505][ T903] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 35.857060][ T905] kvm: user requested TSC rate below hardware speed [ 35.907317][ T36] audit: type=1400 audit(1750366968.489:196): avc: denied { write } for pid=911 comm="syz.0.207" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.948063][ T36] audit: type=1400 audit(1750366968.489:197): avc: denied { remove_name } for pid=911 comm="syz.0.207" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.958605][ T918] rust_binder: Error while translating object. [ 35.975939][ T36] audit: type=1400 audit(1750366968.489:198): avc: denied { unlink } for pid=911 comm="syz.0.207" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 35.979572][ T918] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.006618][ T918] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:151 [ 36.045557][ T922] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 36.060860][ T36] audit: type=1326 audit(1750366968.649:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=924 comm="syz.2.212" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7a0978e929 code=0x0 [ 36.065299][ T922] SELinux: failed to load policy [ 36.145788][ T929] rust_binder: Write failure EINVAL in pid:133 [ 36.162701][ T931] rust_binder: Error while translating object. [ 36.168961][ T931] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.175339][ T931] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:153 [ 36.277490][ T933] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 36.286759][ T933] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:181 [ 36.318169][ T935] SELinux: policydb string does not match my string SE Linux [ 36.335091][ T935] SELinux: failed to load policy [ 36.527017][ T957] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:205 [ 36.560277][ T963] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 36.659099][ T977] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 36.713856][ T983] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 36.909276][ T1003] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.915096][ T1000] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:156 [ 36.948613][ T1007] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.068993][ T1018] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 37.080856][ T1017] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 37.101557][ T1018] rust_binder: Error while translating object. [ 37.101633][ T1018] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 37.107812][ T1018] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:141 [ 37.293626][ T1049] block device autoloading is deprecated and will be removed. [ 37.302111][ T1051] rust_binder: Write failure EINVAL in pid:148 [ 37.351094][ T1053] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.363212][ T1053] rust_binder: Error in use_page_slow: ESRCH [ 37.369746][ T1053] rust_binder: use_range failure ESRCH [ 37.375977][ T1057] rust_binder: Write failure EFAULT in pid:150 [ 37.380719][ T1053] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 37.393315][ T1053] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 37.401588][ T1053] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:111 [ 37.467425][ T1061] SELinux: unknown common r [ 37.481321][ T1061] SELinux: failed to load policy [ 37.539514][ T1072] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.539624][ T1072] rust_binder: Error in use_page_slow: ESRCH [ 37.549904][ T1072] rust_binder: use_range failure ESRCH [ 37.557839][ T1072] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 37.563918][ T1076] binder: Unknown parameter '0xffffffffffffffff' [ 37.578388][ T1072] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 37.578415][ T1072] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:114 [ 37.664173][ T1084] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:259 [ 37.698985][ T1090] rust_binder: Write failure EINVAL in pid:156 [ 37.701302][ T36] audit: type=1400 audit(1750366970.279:200): avc: denied { block_suspend } for pid=1088 comm="syz.3.262" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 37.826190][ T1101] kvm: user requested TSC rate below hardware speed [ 37.835602][ T36] audit: type=1400 audit(1750366970.419:201): avc: denied { remount } for pid=1099 comm="syz.1.267" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 37.860711][ T1101] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:158 [ 37.861072][ T1101] rust_binder: Error while translating object. [ 37.870362][ T1101] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 37.876701][ T1101] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:158 [ 37.930094][ T1106] tap0: tun_chr_ioctl cmd 1074025678 [ 37.945898][ T1106] tap0: group set to 0 [ 37.967941][ T1108] random: crng reseeded on system resumption [ 38.032055][ T1119] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.041119][ T1119] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 38.041152][ T1119] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:126 [ 38.051429][ T1122] binder: Bad value for 'stats' [ 38.087869][ T1123] binder: Bad value for 'stats' [ 38.108226][ T36] audit: type=1400 audit(1750366970.689:202): avc: denied { write } for pid=1125 comm="syz.3.273" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 38.232063][ T1131] kvm: vcpu 5: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 38.260561][ T1134] binder: Unknown parameter '‰w<' [ 38.307182][ T1140] rust_binder: Failed to allocate buffer. len:96, is_oneway:false [ 38.307219][ T1140] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 38.316919][ T1140] rust_binder: Read failure Err(EFAULT) in pid:130 [ 38.337770][ T1136] PM: Enabling pm_trace changes system date and time during resume. [ 38.337770][ T1136] PM: Correct system time has to be restored manually after resume. [ 38.375406][ T1146] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 38.512108][ T1161] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 38.536212][ T1163] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:189 [ 38.647343][ T1173] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 38.656891][ T1173] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:194 [ 38.708811][ T1175] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 38.804288][ T1192] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.813551][ T1192] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 38.911117][ T1196] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 38.918429][ T1196] rust_binder: Write failure EINVAL in pid:182 [ 38.936525][ T1199] rust_binder: Write failure EINVAL in pid:185 [ 39.028500][ T1213] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 39.079123][ T1220] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.079190][ T1219] rust_binder: Read failure Err(EAGAIN) in pid:187 [ 39.091699][ T1218] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.100016][ T1219] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 39.109935][ T1218] rust_binder: Error while translating object. [ 39.117995][ T1218] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 39.124243][ T1218] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:179 [ 39.168677][ T1228] rust_binder: Failed to allocate buffer. len:184, is_oneway:true [ 39.281189][ T1235] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.292333][ T1235] rust_binder: Error in use_page_slow: ESRCH [ 39.298789][ T1235] rust_binder: use_range failure ESRCH [ 39.304881][ T1235] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 39.310427][ T1235] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 39.318463][ T1235] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:181 [ 39.971744][ T1296] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 39.999039][ T1296] rust_binder: Write failure EINVAL in pid:196 [ 40.107712][ T1298] random: crng reseeded on system resumption [ 40.113093][ T1300] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:198 [ 40.132049][ T1302] binder: Bad value for 'stats' [ 40.193105][ T1306] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 40.254711][ T1319] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 40.262985][ T1319] rust_binder: Write failure EINVAL in pid:209 [ 40.333561][ T1322] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.340342][ T1322] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 40.355809][ T1322] rust_binder: Write failure EINVAL in pid:211 [ 40.364643][ T1322] rust_binder: Error in use_page_slow: ESRCH [ 40.364664][ T1322] rust_binder: use_range failure ESRCH [ 40.371407][ T1326] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.371620][ T1322] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 40.386773][ T1322] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 40.395824][ T1322] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:211 [ 40.433470][ T1336] binder: Unknown parameter '0x0000000000000000' [ 40.450229][ T1330] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 40.450477][ T1330] rust_binder: Error while translating object. [ 40.461272][ T1330] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 40.467469][ T1330] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:214 [ 40.672049][ T1366] rust_binder: Error while translating object. [ 40.682485][ T1366] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 40.688683][ T1366] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:219 [ 40.698533][ T1366] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.798461][ T1378] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 40.841240][ T36] kauditd_printk_skb: 6 callbacks suppressed [ 40.841254][ T36] audit: type=1400 audit(1750366973.429:209): avc: denied { compute_member } for pid=1384 comm="syz.2.358" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 40.918816][ T1390] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 40.927876][ T1390] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 41.093390][ T36] audit: type=1400 audit(1750366973.679:210): avc: granted { setsecparam } for pid=1409 comm="syz.0.364" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 41.135714][ T1415] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.140398][ T1415] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 41.141118][ T1407] input: syz0 as /devices/virtual/input/input21 [ 41.151272][ T1415] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:223 [ 41.166119][ T36] audit: type=1400 audit(1750366973.749:211): avc: denied { ioctl } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=442 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 41.203172][ T1413] SELinux: security_context_str_to_sid (system_uÝGй ‰:ÿßù) failed with errno=-22 [ 41.216667][ T1419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:223 [ 41.319740][ T1422] rust_binder: Write failure EINVAL in pid:230 [ 41.342866][ T1425] rust_binder: Write failure EINVAL in pid:230 [ 41.350416][ T1424] kvm: user requested TSC rate below hardware speed [ 41.371650][ T1424] SELinux: failed to load policy [ 41.557627][ T1434] input: syz0 as /devices/virtual/input/input22 [ 41.568695][ T36] audit: type=1400 audit(1750366974.159:212): avc: denied { validate_trans } for pid=1432 comm="syz.2.370" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 41.594946][ T36] audit: type=1326 audit(1750366974.159:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.2.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a0978e929 code=0x7ffc0000 [ 41.621369][ T36] audit: type=1326 audit(1750366974.159:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.2.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f7a0978e929 code=0x7ffc0000 [ 41.644713][ T36] audit: type=1326 audit(1750366974.159:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.2.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a0978e929 code=0x7ffc0000 [ 41.668437][ T36] audit: type=1326 audit(1750366974.159:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1435 comm="syz.2.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7a097c11e5 code=0x7ffc0000 [ 41.730604][ T36] audit: type=1326 audit(1750366974.179:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.2.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f7a0978e929 code=0x7ffc0000 [ 41.755290][ T36] audit: type=1326 audit(1750366974.179:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.2.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a0978e929 code=0x7ffc0000 [ 41.780847][ T1448] rust_binder: Write failure EFAULT in pid:243 [ 42.146141][ T1469] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.152869][ T1469] rust_binder: Error while translating object. [ 42.159408][ T1469] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.166016][ T1469] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:233 [ 42.246029][ T1472] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.262107][ T1474] rust_binder: Error while translating object. [ 42.269461][ T1474] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 42.279353][ T1474] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:235 [ 42.376531][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 42.395883][ T1480] SELinux: truncated policydb string identifier [ 42.402517][ T1478] Bluetooth: hci0: Frame reassembly failed (-90) [ 42.404348][ T1480] SELinux: failed to load policy [ 42.415221][ T1478] input: syz1 as /devices/virtual/input/input23 [ 42.431463][ T1480] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 42.441410][ T1480] SELinux: failed to load policy [ 42.502913][ T1494] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 43.066815][ T1523] SELinux: security_context_str_to_sid () failed with errno=-22 [ 43.180543][ T1527] input: syz1 as /devices/virtual/input/input24 [ 43.364711][ T1536] rust_binder: Error while translating object. [ 43.364732][ T1536] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 43.371144][ T1536] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:264 [ 43.531709][ T1538] binder: Unknown parameter '' [ 43.668376][ T1545] random: crng reseeded on system resumption [ 43.814581][ T1555] rust_binder: Error in use_page_slow: ESRCH [ 43.814594][ T1555] rust_binder: use_range failure ESRCH [ 43.822225][ T1555] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 43.827740][ T1555] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 43.835625][ T1555] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:273 [ 43.874303][ T1558] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 43.883670][ T1558] rust_binder: Error while translating object. [ 43.893278][ T1558] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 43.899584][ T1558] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:282 [ 43.929395][ T1563] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 43.940512][ T1563] rust_binder: Error while translating object. [ 43.949316][ T1563] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 43.955816][ T1563] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:284 [ 43.981478][ T9] hid-generic C98F:0003:0000.0001: unknown main item tag 0x0 [ 43.999204][ T9] hid-generic C98F:0003:0000.0001: unknown main item tag 0x0 [ 44.020429][ T9] hid-generic C98F:0003:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 44.056696][ T1572] SELinux: security_context_str_to_sid () failed with errno=-22 [ 44.184042][ T1578] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 44.184068][ T1578] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:291 [ 44.222437][ T1580] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 44.450462][ T772] Bluetooth: hci0: command 0x1003 tx timeout [ 44.465197][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 44.491578][ T1596] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.492005][ T1596] rust_binder: Write failure EINVAL in pid:241 [ 44.508437][ T1596] rust_binder: Error while translating object. [ 44.529800][ T1596] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 44.536571][ T1596] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:241 [ 44.546695][ T1596] rust_binder: Write failure EINVAL in pid:241 [ 44.566183][ T1596] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 44.590836][ T1596] SELinux: failed to load policy [ 44.647167][ T1601] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:311 [ 44.647245][ T1601] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:311 [ 44.672639][ T1605] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1024 [ 44.692512][ T1605] rust_binder: Write failure EINVAL in pid:243 [ 44.750640][ T1609] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 44.785669][ T1609] SELinux: failed to load policy [ 44.872527][ T1616] SELinux: truncated policydb string identifier [ 44.879193][ T1616] SELinux: failed to load policy [ 44.968929][ T1628] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 44.990286][ T1628] rust_binder: Write failure EINVAL in pid:257 [ 45.048216][ T1635] tap0: tun_chr_ioctl cmd 1074025677 [ 45.072840][ T1635] tap0: linktype set to 774 [ 45.085937][ T1635] tap0: tun_chr_ioctl cmd 1074812117 [ 45.174876][ T1638] tap1: tun_chr_ioctl cmd 1074812118 [ 45.263131][ T1646] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 45.285519][ T1648] rust_binder: Write failure EINVAL in pid:291 [ 45.547552][ T1670] SELinux: security_context_str_to_sid (system_uÝGй ‰:ÿß) failed with errno=-22 [ 45.576336][ T1676] rust_binder: Write failure EFAULT in pid:273 [ 45.610351][ T1685] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.623463][ T1685] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.632977][ T1685] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.637608][ T1683] rust_binder: Write failure EINVAL in pid:325 [ 45.639535][ T1685] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.710683][ T1695] KVM: debugfs: duplicate directory 1695-4 [ 45.724091][ T1698] rust_binder: Write failure EFAULT in pid:328 [ 45.763953][ T1700] binder: Unknown parameter 'rw' [ 45.855312][ T1709] binder: Unknown parameter 'fscontext?}' [ 45.919354][ T36] kauditd_printk_skb: 11 callbacks suppressed [ 45.919369][ T36] audit: type=1400 audit(1750366978.499:230): avc: denied { append } for pid=1714 comm="syz.2.462" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 46.015440][ T1706] rust_binder: Read failure Err(EFAULT) in pid:283 [ 46.103978][ T1721] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.140721][ T36] audit: type=1400 audit(1750366978.729:231): avc: denied { read } for pid=1725 comm="syz.2.465" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 46.148359][ T1728] kvm: kvm [1726]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0xa1a9 [ 46.171553][ T1727] deleting an unspecified loop device is not supported. [ 46.193066][ T36] audit: type=1400 audit(1750366978.729:232): avc: denied { open } for pid=1725 comm="syz.2.465" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 46.208180][ T1733] binder: Bad value for 'stats' [ 46.217719][ T36] audit: type=1400 audit(1750366978.769:233): avc: denied { ioctl } for pid=1725 comm="syz.2.465" path="/dev/loop-control" dev="devtmpfs" ino=48 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 46.299928][ T36] audit: type=1400 audit(1750366978.879:234): avc: denied { map } for pid=1740 comm="syz.1.469" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 46.326593][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.334409][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.341843][ T36] audit: type=1400 audit(1750366978.929:235): avc: denied { ioctl } for pid=1740 comm="syz.1.469" path="/dev/uhid" dev="devtmpfs" ino=199 ioctlcmd=0x662c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 46.342327][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.374399][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.386196][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.393938][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.405523][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.413183][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.420748][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.428138][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.435785][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.443224][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.450667][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.458121][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.465571][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.473025][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.480915][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.488315][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.495885][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.503343][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.510816][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.518202][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.525681][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.533085][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.540578][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.549998][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.558353][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.566260][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.574095][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.581634][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.589073][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.602969][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.612965][ T1748] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:350 [ 46.615786][ T1748] rust_binder: Error while translating object. [ 46.625011][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.625266][ T1748] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 46.631463][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.638937][ T1748] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:350 [ 46.648233][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.657007][ T1748] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 46.664739][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.672280][ T1748] rust_binder: Read failure Err(EFAULT) in pid:350 [ 46.680115][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.701505][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.708912][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.716377][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.723803][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.731458][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.738883][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.746362][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.753840][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.761405][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.768816][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.776444][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.783963][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.791538][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.799117][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.806558][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.814016][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.821481][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.828925][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.836385][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.843849][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.851342][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.858778][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.866204][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.873761][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.881418][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.889050][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.896667][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.905681][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.913808][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.921503][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.921601][ T1752] binder: Bad value for 'stats' [ 46.928899][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.928927][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.928947][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.964227][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.982024][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 46.996954][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 47.004776][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 47.013866][ T31] hid-generic 0003:0001:0005.0002: unknown main item tag 0x0 [ 47.026991][ T1762] kvm: Disabled LAPIC found during irq injection [ 47.030575][ T31] hid-generic 0003:0001:0005.0002: hidraw0: USB HID v4.00 Device [syz0] on syz1 [ 47.036222][ T1764] rust_binder: Write failure EFAULT in pid:319 [ 47.133799][ T1785] binder: Unknown parameter '0x0000000000000004' [ 47.143337][ T1792] binder: Bad value for 'max' [ 47.149729][ T1789] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 47.166091][ T1789] input: syz0 as /devices/virtual/input/input25 [ 47.177069][ T1789] rust_binder: Write failure EINVAL in pid:330 [ 47.256964][ T1797] syz.1.491 (1797) used obsolete PPPIOCDETACH ioctl [ 47.271529][ T1797] SELinux: security_context_str_to_sid () failed with errno=-22 [ 47.276714][ T1804] rust_binder: Write failure EINVAL in pid:335 [ 47.280578][ T1804] rust_binder: Write failure EINVAL in pid:335 [ 47.287034][ T1804] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.293651][ T1804] rust_binder: Failed to allocate buffer. len:128, is_oneway:true [ 47.316529][ T1807] binder: Unknown parameter 'processor : 0 [ 47.316529][ T1807] vendor_id : GenuineIntel [ 47.316529][ T1807] cpu family : 6 [ 47.316529][ T1807] model : 79 [ 47.316529][ T1807] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 47.316529][ T1807] stepping : 0 [ 47.316529][ T1807] microcode : 0xffffffff [ 47.316529][ T1807] cpu MHz : 2200.150 [ 47.316529][ T1807] cache size : 56320 KB [ 47.316529][ T1807] physical id : 0 [ 47.316529][ T1807] siblings : 2 [ 47.316529][ T1807] core id : 0 [ 47.316529][ T1807] cpu cores : 1 [ 47.316529][ T1807] apicid : 0 [ 47.316529][ T1807] initial apicid : 0 [ 47.316529][ T1807] fpu : yes [ 47.316529][ T1807] fpu_exception : yes [ 47.316529][ T1807] cpuid level : 13 [ 47.316529][ T1807] wp : yes [ 47.316529][ T1807] flags : fpu vme de pse tsc msr pae mce cx8 apic se/dev/kvm' [ 47.626560][ T1826] rust_binder: Write failure EINVAL in pid:342 [ 47.634185][ T1828] binder: Binderfs stats mode cannot be changed during a remount [ 47.649321][ T1830] binder: Binderfs stats mode cannot be changed during a remount [ 47.685720][ T1840] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=io+mem:owns=io+mem [ 47.696295][ T1840] binder: Bad value for 'max' [ 47.755736][ T1850] input: syz0 as /devices/virtual/input/input26 [ 47.772224][ T1850] binder: Bad value for 'defcontext' [ 47.799991][ T1860] SELinux: security_context_str_to_sid () failed with errno=-22 [ 47.892246][ T36] audit: type=1326 audit(1750366980.479:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1869 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 47.905699][ T1870] binder: Unknown parameter 'context' [ 47.915669][ T36] audit: type=1326 audit(1750366980.479:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1869 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 47.944756][ T36] audit: type=1326 audit(1750366980.499:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1869 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 47.968151][ T36] audit: type=1326 audit(1750366980.519:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1869 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 48.193284][ T1896] rust_binder: Write failure EFAULT in pid:327 [ 48.193716][ T1886] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 48.203895][ T1899] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 48.207922][ T1886] rust_binder: Error in use_page_slow: EBUSY [ 48.223004][ T1886] rust_binder: use_range failure EBUSY [ 48.230187][ T1886] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 48.236087][ T1886] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 48.244924][ T1886] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 48.245059][ T1905] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 48.278156][ T1886] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:368 [ 48.364962][ T1910] input: syz1 as /devices/virtual/input/input27 [ 48.406475][ T1913] rust_binder: Error in use_page_slow: ESRCH [ 48.406492][ T1913] rust_binder: use_range failure ESRCH [ 48.412677][ T1913] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 48.418140][ T1913] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 48.426182][ T1913] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:375 [ 48.477169][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 48.582846][ T1931] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 48.617642][ T1934] binder: Bad value for 'max' [ 48.635441][ T1936] input: syz1 as /devices/virtual/input/input28 [ 48.695793][ T1937] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:442 [ 48.696791][ T31] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 48.714111][ T31] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 48.814120][ T1946] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.369559][ T1999] rust_binder: Write failure EFAULT in pid:428 [ 49.423733][ T2001] binder: Unknown parameter '18446744073709551615' [ 49.618286][ T2022] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 49.618319][ T2022] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:434 [ 49.628455][ T2022] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.700283][ T2034] kvm: user requested TSC rate below hardware speed [ 50.304145][ T2064] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 50.311976][ T2064] SELinux: failed to load policy [ 50.386723][ T2069] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 50.386742][ T2069] rust_binder: Error while translating object. [ 50.397776][ T2069] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 50.404110][ T2069] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:390 [ 50.470852][ T2076] input: syz0 as /devices/virtual/input/input29 [ 50.486585][ T2077] binder: Unknown parameter 'dont_hash' [ 50.498551][ T2076] binder: Bad value for 'max' [ 50.530304][ T772] Bluetooth: hci0: command 0x1003 tx timeout [ 50.530320][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 50.580492][ T2088] random: crng reseeded on system resumption [ 50.792829][ T2115] rust_binder: Write failure EINVAL in pid:405 [ 50.941904][ T2124] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 50.980177][ T2128] binder: Unknown parameter 'statobaâ4Ëå<˜P¦' [ 51.133433][ T2138] rust_binder: Error in use_page_slow: ESRCH [ 51.133455][ T2138] rust_binder: use_range failure ESRCH [ 51.134208][ T2137] rust_binder: Error in use_page_slow: ESRCH [ 51.139712][ T2138] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 51.145230][ T2137] rust_binder: use_range failure ESRCH [ 51.151062][ T2138] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 51.160634][ T2137] rust_binder: Failed to allocate buffer. len:136, is_oneway:true [ 51.166511][ T2138] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:456 [ 51.181669][ T2137] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 51.192094][ T2137] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:456 [ 51.221948][ T36] kauditd_printk_skb: 47 callbacks suppressed [ 51.221964][ T36] audit: type=1326 audit(1750366983.809:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2141 comm="syz.0.598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 51.260517][ T36] audit: type=1326 audit(1750366983.849:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2141 comm="syz.0.598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 51.260645][ T2142] binder: Unknown parameter '' [ 51.285045][ T36] audit: type=1326 audit(1750366983.849:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2141 comm="syz.0.598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 51.313402][ T36] audit: type=1326 audit(1750366983.879:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2141 comm="syz.0.598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 51.337197][ T36] audit: type=1326 audit(1750366983.879:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2141 comm="syz.0.598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x7ffc0000 [ 51.627178][ T2163] SELinux: failed to load policy [ 51.634313][ T2163] rust_binder: Error in use_page_slow: ESRCH [ 51.634335][ T2163] rust_binder: use_range failure ESRCH [ 51.640579][ T2163] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 51.646046][ T2163] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 51.656794][ T2163] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:461 [ 51.701728][ T2163] rust_binder: Error in use_page_slow: ESRCH [ 51.710915][ T2163] rust_binder: use_range failure ESRCH [ 51.711966][ T2178] random: crng reseeded on system resumption [ 51.716902][ T2163] rust_binder: Failed to allocate buffer. len:48, is_oneway:false [ 51.716924][ T2163] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 51.735709][ T2179] SELinux: security_context_str_to_sid () failed with errno=-22 [ 51.739031][ T2163] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:461 [ 51.771958][ T2183] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 51.781145][ T2183] rust_binder: Error while translating object. [ 51.791852][ T2183] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 51.798029][ T2183] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:517 [ 51.845727][ T2186] binder: Unknown parameter 'processor : 0 [ 51.845727][ T2186] vendor_id : GenuineIntel [ 51.845727][ T2186] cpu family : 6 [ 51.845727][ T2186] model : 79 [ 51.845727][ T2186] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 51.845727][ T2186] stepping : 0 [ 51.845727][ T2186] microcode : 0xffffffff [ 51.845727][ T2186] cpu MHz : 2200.150 [ 51.845727][ T2186] cache size : 56320 KB [ 51.845727][ T2186] physical id : 0 [ 51.845727][ T2186] siblings : 2 [ 51.845727][ T2186] core id : 0 [ 51.845727][ T2186] cpu cores : 1 [ 51.845727][ T2186] apicid : 0 [ 51.845727][ T2186] initial apicid : 0 [ 51.845727][ T2186] fpu : yes [ 51.845727][ T2186] fpu_exception : yes [ 51.845727][ T2186] cpuid level : 13 [ 51.845727][ T2186] wp : yes [ 51.845727][ T2186] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 51.845727][ T2186] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 52.028414][ T2205] binder: Unknown parameter '00000000000000000000004' [ 52.245485][ T2207] binder: Binderfs stats mode cannot be changed during a remount [ 52.290301][ T2209] rust_binder: Error in use_page_slow: ESRCH [ 52.290319][ T2209] rust_binder: use_range failure ESRCH [ 52.296430][ T2209] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 52.301952][ T2209] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 52.309986][ T2209] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:400 [ 52.490903][ T2223] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 52.491167][ T2222] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:464 [ 52.500153][ T2223] rust_binder: Write failure EINVAL in pid:464 [ 52.594340][ T2233] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 52.600600][ T2233] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:539 [ 52.610015][ T2233] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 52.619190][ T2233] rust_binder: Read failure Err(EFAULT) in pid:539 [ 52.627450][ T2234] rust_binder: Write failure EINVAL in pid:539 [ 52.644359][ T2236] rust_binder: Write failure EFAULT in pid:542 [ 52.848522][ T2260] rust_binder: Write failure EINVAL in pid:475 [ 53.059852][ T2277] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 53.066343][ T2277] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:483 [ 53.196003][ T2297] rust_binder: Write failure EINVAL in pid:498 [ 53.206611][ T36] audit: type=1400 audit(1750366985.789:292): avc: denied { map } for pid=2295 comm="syz.2.651" path="/dev/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1 [ 53.290004][ T2301] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:501 [ 53.323131][ T2311] rust_binder: Failed copying remainder into alloc: EFAULT [ 53.343884][ T2311] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 53.351253][ T2311] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 53.359765][ T2311] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:511 [ 53.389237][ T2318] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 53.446894][ T2322] block device autoloading is deprecated and will be removed. [ 53.456614][ T2322] syz.0.660: attempt to access beyond end of device [ 53.456614][ T2322] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 53.486796][ T2326] rust_binder: Write failure EINVAL in pid:517 [ 53.565526][ T2336] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 53.600346][ T2337] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 53.680938][ T2329] input: syz1 as /devices/virtual/input/input31 [ 53.810044][ T2343] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:523 [ 53.897899][ T2346] binder: Bad value for 'max' [ 54.107255][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 54.122583][ T2356] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 54.592151][ T2359] random: crng reseeded on system resumption [ 54.712985][ T36] audit: type=1326 audit(1750366987.299:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2361 comm="syz.2.672" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7a0978e929 code=0x0 [ 55.812253][ T2379] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 2 [ 55.819393][ T2379] rust_binder: Write failure EINVAL in pid:420 [ 55.882915][ T2384] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 55.889090][ T2384] rust_binder: Error while translating object. [ 55.898109][ T2384] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 55.904331][ T2384] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:424 [ 56.041699][ T2386] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 56.050907][ T2386] rust_binder: Error while translating object. [ 56.059525][ T2386] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 56.065767][ T2386] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:538 [ 56.130299][ T772] Bluetooth: hci0: command 0x1003 tx timeout [ 56.130329][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 56.178196][ T2392] binder: Unknown parameter 'processor : 0 [ 56.178196][ T2392] vendor_id : GenuineIntel [ 56.178196][ T2392] cpu family : 6 [ 56.178196][ T2392] model : 79 [ 56.178196][ T2392] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 56.178196][ T2392] stepping : 0 [ 56.178196][ T2392] microcode : 0xffffffff [ 56.178196][ T2392] cpu MHz : 2200.150 [ 56.178196][ T2392] cache size : 56320 KB [ 56.178196][ T2392] physical id : 0 [ 56.178196][ T2392] siblings : 2 [ 56.178196][ T2392] core id : 0 [ 56.178196][ T2392] cpu cores : 1 [ 56.178196][ T2392] apicid : 0 [ 56.178196][ T2392] initial apicid : 0 [ 56.178196][ T2392] fpu : yes [ 56.178196][ T2392] fpu_exception : yes [ 56.178196][ T2392] cpuid level : 13 [ 56.178196][ T2392] wp : yes [ 56.178196][ T2392] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 56.178196][ T2392] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 56.237271][ T2398] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 56.520979][ T2413] binder: Unknown parameter '€/W†iüÑùÊ%õ…©Ù×ØhX"•5õed>ße@Ž×&_Wm×' [ 56.697162][ T2418] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 56.697185][ T2418] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:430 [ 56.824396][ T2429] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 56.991634][ T2440] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 56.991659][ T2440] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:452 [ 57.003297][ T2440] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 57.012505][ T2440] rust_binder: Read failure Err(EFAULT) in pid:452 [ 57.021055][ T2441] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 57.034388][ T2442] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 57.034415][ T2442] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:452 [ 57.043866][ T2442] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 57.053033][ T2442] rust_binder: Read failure Err(EFAULT) in pid:452 [ 57.077727][ T604] hid-generic 0000:0000:0000.0004: item fetching failed at offset 0/1 [ 57.092694][ T604] hid-generic 0000:0000:0000.0004: probe with driver hid-generic failed with error -22 [ 57.245338][ T2452] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 57.254096][ T2452] rust_binder: Write failure EINVAL in pid:555 [ 57.606470][ T36] audit: type=1326 audit(1750366990.189:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2465 comm="syz.0.705" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fad50f8e929 code=0x0 [ 57.918351][ T2471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:462 [ 57.969981][ T2474] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:465 [ 58.071744][ T36] audit: type=1326 audit(1750366990.659:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2482 comm="syz.3.710" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d28b8e929 code=0x0 [ 58.103711][ T2485] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1024 [ 58.103843][ T2486] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:474 [ 58.111525][ T2485] rust_binder: Write failure EINVAL in pid:474 [ 58.478050][ T36] audit: type=1400 audit(1750366991.059:296): avc: denied { write } for pid=2489 comm="syz.0.712" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 59.091232][ T2511] binder: Bad value for 'defcontext' [ 59.097647][ T2511] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:497 [ 59.111046][ T2517] input: syz0 as /devices/virtual/input/input34 [ 59.159732][ T2519] kvm: kvm [2518]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x4000000000000001 [ 59.171335][ T2519] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551310) [ 59.171424][ T2519] rust_binder: Error while translating object. [ 59.183521][ T2517] rust_binder: Write failure EFAULT in pid:564 [ 59.189757][ T2519] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 59.196016][ T2519] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:503 [ 59.206476][ T2519] rust_binder: Write failure EINVAL in pid:503 [ 59.335303][ T2525] binder: Bad value for 'stats' [ 59.343375][ T2524] binder: Bad value for 'stats' [ 59.351825][ T2528] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 59.351840][ T2528] rust_binder: Error while translating object. [ 59.362454][ T2528] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 59.368673][ T2528] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:505 [ 59.385925][ T2531] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 59.395120][ T2531] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:508 [ 59.412748][ T2535] rust_binder: Error while translating object. [ 59.422010][ T2535] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 59.428213][ T2535] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:512 [ 59.456786][ T2540] input: syz1 as /devices/virtual/input/input35 [ 59.466110][ T2539] rust_binder: Write failure EINVAL in pid:570 [ 59.512833][ T2549] serio: Serial port ttynull [ 59.516048][ T2547] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.520837][ T2547] rust_binder: Error in use_page_slow: ESRCH [ 59.527340][ T2547] rust_binder: use_range failure ESRCH [ 59.533888][ T2547] rust_binder: Failed to allocate buffer. len:1232, is_oneway:false [ 59.539687][ T2547] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 59.547892][ T2547] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:574 [ 59.618661][ T2558] random: crng reseeded on system resumption [ 59.703324][ T2567] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:647 [ 59.742868][ T2570] SELinux: security_context_str_to_sid (sytem_uÝGй ‰:ÿß) failed with errno=-22 [ 59.897370][ T2578] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 59.897403][ T2578] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:525 [ 59.944445][ T2581] rust_binder: Error while translating object. [ 59.953657][ T2581] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 59.959904][ T2581] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:528 [ 59.970351][ T2582] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.996756][ T2584] cgroup: fork rejected by pids controller in /syz3 [ 60.024415][ T2584] rust_binder: inc_ref_done called when no active inc_refs [ 60.024529][ T2584] rust_binder: Write failure EINVAL in pid:531 [ 60.175964][ T13] bridge_slave_1: left allmulticast mode [ 60.205474][ T13] bridge_slave_1: left promiscuous mode [ 60.217692][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.225586][ T13] bridge_slave_0: left allmulticast mode [ 60.231813][ T13] bridge_slave_0: left promiscuous mode [ 60.237586][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.346876][ T36] audit: type=1400 audit(1750366992.929:297): avc: denied { mounton } for pid=2588 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 60.401487][ T13] veth1_macvtap: left promiscuous mode [ 60.407145][ T13] veth0_vlan: left promiscuous mode [ 60.498757][ T2588] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.516404][ T2588] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.530429][ T2588] bridge_slave_0: entered allmulticast mode [ 60.538504][ T2588] bridge_slave_0: entered promiscuous mode [ 60.551083][ T2588] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.558135][ T2588] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.566112][ T2588] bridge_slave_1: entered allmulticast mode [ 60.572774][ T2588] bridge_slave_1: entered promiscuous mode [ 60.653992][ T36] audit: type=1326 audit(1750366993.239:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2592 comm="syz.0.745" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fad50f8e929 code=0x0 [ 60.682102][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.689266][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.699390][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.706476][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.742023][ T2588] veth0_vlan: entered promiscuous mode [ 60.757248][ T2588] veth1_macvtap: entered promiscuous mode [ 60.801713][ T36] audit: type=1400 audit(1750366993.389:299): avc: denied { mounton } for pid=2588 comm="syz-executor" path="/root/syzkaller.QpRExc/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 60.829017][ T36] audit: type=1400 audit(1750366993.389:300): avc: denied { unmount } for pid=2588 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 60.849482][ T2600] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:591 [ 60.953042][ T2608] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 60.966995][ T2608] rust_binder: Error while translating object. [ 60.980357][ T2608] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 60.990316][ T2608] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:596 [ 61.002180][ T2616] kvm: kvm [2615]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x7fffffffffffffff [ 61.127845][ T2627] binder: Bad value for 'stats' [ 61.180500][ T2631] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:19 [ 61.180853][ T2631] rust_binder: Error while translating object. [ 61.190035][ T2631] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 61.198639][ T2631] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:19 [ 61.304914][ T2636] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 61.336674][ T2635] input: syz1 as /devices/virtual/input/input36 [ 61.345948][ T2640] rust_binder: Failed to allocate buffer. len:64, is_oneway:false [ 61.346060][ T2639] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:607 [ 61.371359][ T2642] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:610 [ 61.383119][ T2642] rust_binder: Error while translating object. [ 61.392419][ T2642] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 61.398595][ T2642] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:610 [ 61.528347][ T2660] binder: Bad value for 'stats' [ 61.568825][ T2662] binder: Unknown parameter 'defcontext01777777777777777777777' [ 61.806432][ T2696] binder: Unknown parameter 'dont_hash' [ 62.111430][ T2705] kvm: apic: phys broadcast and lowest prio [ 62.177546][ T36] audit: type=1326 audit(1750366994.759:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2706 comm="syz.3.783" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0bc0b8e929 code=0x0 [ 62.515681][ T2718] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 62.515708][ T2718] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:631 [ 63.016654][ T36] audit: type=1400 audit(1750366995.599:302): avc: denied { setattr } for pid=2588 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 63.338439][ T2756] serio: Serial port ttynull [ 63.834274][ T2780] SELinux: policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c [ 63.851164][ T2780] SELinux: failed to load policy [ 65.059067][ T2810] binfmt_misc: register: failed to install interpreter file ./cgroup [ 65.070586][ T2810] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 65.519601][ T2821] SELinux: failed to load policy [ 66.376052][ T2843] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 66.687856][ T289] bridge_slave_1: left allmulticast mode [ 66.693818][ T289] bridge_slave_1: left promiscuous mode [ 66.699432][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.715416][ T289] bridge_slave_0: left allmulticast mode [ 66.721124][ T289] bridge_slave_0: left promiscuous mode [ 66.726830][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.851710][ T2855] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.859289][ T2855] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.866811][ T2855] bridge_slave_0: entered allmulticast mode [ 66.873467][ T2855] bridge_slave_0: entered promiscuous mode [ 66.880748][ T289] veth1_macvtap: left promiscuous mode [ 66.886675][ T289] veth0_vlan: left promiscuous mode [ 66.993266][ T2860] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 67.003276][ T2855] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.010708][ T2860] SELinux: failed to load policy [ 67.015842][ T2855] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.029188][ T2855] bridge_slave_1: entered allmulticast mode [ 67.035760][ T2855] bridge_slave_1: entered promiscuous mode [ 67.127881][ T36] audit: type=1326 audit(1750366999.709:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2861 comm="syz.2.832" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a0978e929 code=0x0 [ 67.163150][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.170213][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.229669][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.236748][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.240716][ T2871] input: syz1 as /devices/virtual/input/input38 [ 67.269213][ T2855] veth0_vlan: entered promiscuous mode [ 67.274852][ T2871] input: failed to attach handler leds to device input38, error: -6 [ 67.282842][ T2875] rust_binder: Write failure EFAULT in pid:724 [ 67.285484][ T2855] veth1_macvtap: entered promiscuous mode [ 67.818998][ T2889] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 67.829421][ T2889] rust_binder: Write failure EINVAL in pid:734 [ 68.213810][ T2891] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 68.238772][ T2891] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 68.749424][ T2930] rust_binder: Write failure EFAULT in pid:26 [ 68.770774][ T2930] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:26 [ 68.945019][ T2938] rust_binder: Write failure EINVAL in pid:31 [ 68.954328][ T2938] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:31 [ 69.073740][ T36] audit: type=1326 audit(1750367001.659:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2942 comm="syz.0.855" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad50f8e929 code=0x0 [ 69.157352][ T2953] random: crng reseeded on system resumption [ 69.462408][ T2957] rust_binder: Got transaction with invalid offset. [ 69.462452][ T2957] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 69.471290][ T2957] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:42 [ 69.517183][ T2959] random: crng reseeded on system resumption [ 69.570821][ T2959] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:44 [ 69.570932][ T2959] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 69.652275][ T2966] rust_binder: Write failure EFAULT in pid:750 [ 69.688900][ T2966] binder: Unknown parameter 'ÿÿÿÿÿÿÿÿ' [ 69.800695][ T2975] KVM: debugfs: duplicate directory 2975-5 [ 69.878444][ T2983] rust_kernel: panicked at drivers/android/binder/node.rs:877:13: [ 69.878444][ T2983] attempt to subtract with overflow [ 69.892189][ T2983] ------------[ cut here ]------------ [ 69.897664][ T2983] kernel BUG at rust/helpers/bug.c:7! [ 69.904002][ T36] audit: type=1400 audit(1750367002.489:305): avc: denied { read } for pid=91 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 69.928898][ T2983] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 69.935882][ T2983] CPU: 1 UID: 0 PID: 2983 Comm: syz.4.866 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 69.949352][ T2983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 69.957312][ T36] audit: type=1400 audit(1750367002.489:306): avc: denied { search } for pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.959404][ T2983] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 69.985918][ T2983] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 4e 4c 98 29 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 04 88 d1 a5 90 90 90 90 90 90 90 90 90 [ 70.000329][ T36] audit: type=1400 audit(1750367002.489:307): avc: denied { write } for pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 70.005614][ T2983] RSP: 0018:ffffc9000d24da90 EFLAGS: 00010246 [ 70.005633][ T2983] RAX: 0000000000000061 RBX: 1ffff92001a49b54 RCX: 7a8874e838552400 [ 70.005645][ T2983] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 70.048870][ T2983] RBP: ffffc9000d24da90 R08: ffffc9000d24d787 R09: 1ffff92001a49af0 [ 70.056848][ T2983] R10: dffffc0000000000 R11: fffff52001a49af1 R12: 0000000000000000 [ 70.057343][ T36] audit: type=1400 audit(1750367002.489:308): avc: denied { add_name } for pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 70.064823][ T2983] R13: dffffc0000000000 R14: ffffc9000d24dac0 R15: ffffc9000d24daf0 [ 70.064837][ T2983] FS: 00007fbdbc83a6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 70.064851][ T2983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.064862][ T2983] CR2: 00007fbdbc818f98 CR3: 00000001346a6000 CR4: 00000000003526b0 [ 70.110290][ T36] audit: type=1400 audit(1750367002.489:309): avc: denied { create } for pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.116861][ T2983] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff [ 70.116876][ T2983] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.116887][ T2983] Call Trace: [ 70.116893][ T2983] [ 70.116901][ T2983] _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160 [ 70.166921][ T2983] ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10 [ 70.167902][ T36] audit: type=1400 audit(1750367002.489:310): avc: denied { append open } for pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.174913][ T2983] ? _RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x401/0x810 [ 70.174951][ T2983] ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10 [ 70.221568][ T2983] ? __cfi__RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x10/0x10 [ 70.228256][ T36] audit: type=1400 audit(1750367002.489:311): avc: denied { getattr } for pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 70.232175][ T2983] ? __kasan_check_write+0x18/0x20 [ 70.232200][ T2983] ? _raw_spin_lock+0x8c/0x120 [ 70.232218][ T2983] ? __cfi__raw_spin_lock+0x10/0x10 [ 70.269694][ T2983] _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90 [ 70.276910][ T2983] ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10 [ 70.284825][ T2983] _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0xb2/0xc0 [ 70.294828][ T2983] ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0x10/0x10 [ 70.305808][ T2983] _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x17e5/0x1860 [ 70.315852][ T2983] ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x10/0x10 [ 70.325946][ T2983] ? __kasan_check_write+0x18/0x20 [ 70.331083][ T2983] ? _raw_spin_lock+0x8c/0x120 [ 70.335870][ T2983] ? __cfi__raw_spin_lock+0x10/0x10 [ 70.341087][ T2983] ? __kasan_check_write+0x18/0x20 [ 70.346220][ T2983] _RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x278d/0x9d20 [ 70.355830][ T2983] ? __cfi__RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x10/0x10 [ 70.365850][ T2983] ? unwind_next_frame+0x3c2/0x750 [ 70.370975][ T2983] ? kvm_vm_ioctl+0x729/0xb80 [ 70.375675][ T2983] ? kvm_vm_ioctl+0x729/0xb80 [ 70.380368][ T2983] ? __kernel_text_address+0x11/0x40 [ 70.385662][ T2983] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 70.391830][ T2983] ? arch_stack_walk+0x12a/0x170 [ 70.396782][ T2983] ? kvm_vm_ioctl+0x729/0xb80 [ 70.401470][ T2983] ? stack_depot_save_flags+0x38/0x800 [ 70.406968][ T2983] ? stack_depot_save+0x12/0x20 [ 70.412072][ T2983] ? save_stack+0x11c/0x1f0 [ 70.416600][ T2983] ? __kasan_check_read+0x15/0x20 [ 70.421661][ T2983] ? read_word_at_a_time+0x12/0x20 [ 70.426784][ T2983] ? sized_strscpy+0x9f/0x2a0 [ 70.431472][ T2983] ? __kasan_check_write+0x18/0x20 [ 70.436600][ T2983] ? __update_page_owner_handle+0x318/0x370 [ 70.442519][ T2983] ? cgroup_rstat_updated+0x132/0x7f0 [ 70.447905][ T2983] ? __x64_sys_ioctl+0x7f/0xa0 [ 70.452703][ T2983] ? __cfi_cgroup_rstat_updated+0x10/0x10 [ 70.458435][ T2983] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 70.464599][ T2983] ? arch_scale_cpu_capacity+0x1c/0xb0 [ 70.470082][ T2983] ? update_cfs_group+0x260/0x260 [ 70.475122][ T2983] ? update_curr_dl_se+0x10c/0xb20 [ 70.480343][ T2983] ? update_curr+0x949/0xc60 [ 70.484961][ T2983] ? detach_entity_load_avg+0x7b0/0x7b0 [ 70.490697][ T2983] ? __kasan_check_write+0x18/0x20 [ 70.495823][ T2983] ? _raw_spin_lock+0x8c/0x120 [ 70.500597][ T2983] ? __cfi__raw_spin_lock+0x10/0x10 [ 70.505811][ T2983] ? reweight_entity+0xf5/0xbd0 [ 70.510682][ T2983] ? _raw_spin_unlock+0x45/0x60 [ 70.515647][ T2983] ? rust_helper_spin_unlock+0x19/0x30 [ 70.521118][ T2983] ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x934/0x1440 [ 70.531635][ T2983] ? update_load_avg+0x506/0x19a0 [ 70.536760][ T2983] ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x10/0x10 [ 70.547713][ T2983] ? kvm_sched_clock_read+0x15/0x30 [ 70.552947][ T2983] ? sched_clock_noinstr+0xd/0x30 [ 70.557998][ T2983] ? sched_clock+0x44/0x60 [ 70.562448][ T2983] ? sched_clock_cpu+0x75/0x400 [ 70.567341][ T2983] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 70.573432][ T2983] ? sched_clock+0x44/0x60 [ 70.577865][ T2983] ? xfd_validate_state+0x68/0x150 [ 70.582986][ T2983] ? save_fpregs_to_fpstate+0x196/0x230 [ 70.588647][ T2983] ? __cfi___switch_to+0x10/0x10 [ 70.593605][ T2983] _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x411/0x2c20 [ 70.602814][ T2983] ? finish_task_switch+0x13a/0x780 [ 70.608117][ T2983] ? __switch_to_asm+0x3d/0x70 [ 70.612899][ T2983] ? avc_has_extended_perms+0x7c7/0xdd0 [ 70.618460][ T2983] ? __asan_memcpy+0x5a/0x80 [ 70.623061][ T2983] ? avc_has_extended_perms+0x921/0xdd0 [ 70.628611][ T2983] ? __cfi__RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x10/0x10 [ 70.638177][ T2983] ? do_vfs_ioctl+0xeda/0x1e30 [ 70.642964][ T2983] ? __futex_queue+0x19a/0x340 [ 70.647745][ T2983] ? __ia32_compat_sys_ioctl+0x850/0x850 [ 70.653389][ T2983] ? __cfi___futex_queue+0x10/0x10 [ 70.658512][ T2983] ? futex_wait_setup+0x1bc/0x260 [ 70.663549][ T2983] ? __futex_wait+0x218/0x2a0 [ 70.668235][ T2983] ? ioctl_has_perm+0x384/0x4d0 [ 70.673099][ T2983] ? has_cap_mac_admin+0xd0/0xd0 [ 70.678065][ T2983] ? futex_wake+0x63a/0x900 [ 70.682576][ T2983] ? futex_setup_timer+0xb4/0xd0 [ 70.687529][ T2983] ? futex_wait+0x288/0x540 [ 70.692157][ T2983] ? __cfi_futex_wait+0x10/0x10 [ 70.697069][ T2983] ? selinux_file_ioctl+0x6e0/0x1360 [ 70.702364][ T2983] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 70.707915][ T2983] ? kfree+0x156/0x400 [ 70.711970][ T2983] ? do_futex+0x309/0x500 [ 70.716298][ T2983] ? __cfi_do_futex+0x10/0x10 [ 70.720975][ T2983] ? anon_inode_getfile+0xfb/0x190 [ 70.726174][ T2983] ? __fget_files+0x2c5/0x340 [ 70.730862][ T2983] _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100 [ 70.739476][ T2983] ? __se_sys_ioctl+0x114/0x1b0 [ 70.744331][ T2983] ? __cfi__RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0x10/0x10 [ 70.754109][ T2983] __se_sys_ioctl+0x132/0x1b0 [ 70.758807][ T2983] __x64_sys_ioctl+0x7f/0xa0 [ 70.763403][ T2983] x64_sys_call+0x1878/0x2ee0 [ 70.768101][ T2983] do_syscall_64+0x58/0xf0 [ 70.772509][ T2983] ? clear_bhb_loop+0x35/0x90 [ 70.777182][ T2983] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 70.783067][ T2983] RIP: 0033:0x7fbdbb98e929 [ 70.787572][ T2983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.807164][ T2983] RSP: 002b:00007fbdbc83a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.815570][ T2983] RAX: ffffffffffffffda RBX: 00007fbdbbbb5fa0 RCX: 00007fbdbb98e929 [ 70.823529][ T2983] RDX: 0000200000000640 RSI: 00000000c0306201 RDI: 0000000000000004 [ 70.831483][ T2983] RBP: 00007fbdbba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 70.839631][ T2983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.847587][ T2983] R13: 0000000000000000 R14: 00007fbdbbbb5fa0 R15: 00007ffc06bc2d88 [ 70.855546][ T2983] [ 70.858550][ T2983] Modules linked in: [ 70.862640][ T2983] ---[ end trace 0000000000000000 ]--- [ 70.869279][ T2983] RIP: 0010:rust_helper_BUG+0x8/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 70.875095][ T2983] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 4e 4c 98 29 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 04 88 d1 a5 90 90 90 90 90 90 90 90 90 [ 70.926666][ T36] audit: type=1400 audit(1750367003.479:312): avc: denied { write } for pid=281 comm="syz-executor" path="pipe:[2978]" dev="pipefs" ino=2978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 70.988162][ T2983] RSP: 0018:ffffc9000d24da90 EFLAGS: 00010246 [ 70.994350][ T2983] RAX: 0000000000000061 RBX: 1ffff92001a49b54 RCX: 7a8874e838552400 [ 71.003387][ T2983] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 71.011464][ T2983] RBP: ffffc9000d24da90 R08: ffffc9000d24d787 R09: 1ffff92001a49af0 [ 71.019547][ T2983] R10: dffffc0000000000 R11: fffff52001a49af1 R12: 0000000000000000 [ 71.040300][ T2983] R13: dffffc0000000000 R14: ffffc9000d24dac0 R15: ffffc9000d24daf0 [ 71.048314][ T2983] FS: 00007fbdbc83a6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 71.060319][ T2983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.066972][ T2983] CR2: 0000563fb95deb98 CR3: 00000001346a6000 CR4: 00000000003526b0 [ 71.075452][ T2983] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff [ 71.084275][ T2983] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.092936][ T2983] Kernel panic - not syncing: Fatal exception [ 71.099262][ T2983] Kernel Offset: disabled [ 71.103572][ T2983] Rebooting in 86400 seconds..