last executing test programs: 1.643395555s ago: executing program 2 (id=321): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0) r1 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000080)={0x80001, 0x0, [0x5, 0x6, 0x1, 0x3, 0x7, 0x81, 0x1, 0x10001]}) ioctl$BLKRRPART(r0, 0x125f, 0x0) 1.576675226s ago: executing program 2 (id=324): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000800), 0x8000, 0x0) ioctl$FICLONE(r0, 0x40049409, r1) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x420400, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x0, 0xfc}], 0x0, 0x0, 0x0}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x1}}) read(r5, &(0x7f00000013c0)=""/4089, 0xff9) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x400000b0}]}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r10, 0x8010aebb, &(0x7f0000000280)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x40}], 0x5}) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'xfrm0\x00', 0x1c10}) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, 0x0) 1.30832889s ago: executing program 0 (id=331): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)=',\x00') ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000040)) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)=',\x00') (async) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000040)) (async) 1.29387701s ago: executing program 0 (id=332): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x400000ff, 0x0, 0x1000}]}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x4, &(0x7f00000001c0)=""/64, 0x40, 0x0, 0x32}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x400000ff, 0x0, 0x1000}]}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x4, &(0x7f00000001c0)=""/64, 0x40, 0x0, 0x32}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async) 1.083655023s ago: executing program 0 (id=335): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x75) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3f) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs2\x00', 0x0, 0x0, &(0x7f0000001100)=ANY=[@ANYRESHEX=r2, @ANYBLOB="518239ddcbeecd5208da12db4d4a77b61616bccd1944b8581cf9b9804bcb6dc6a92efeb852324bf2391e174da591d75cbd91d755e890088a9950bca6b0b20883451ad30372e2e15a0a3def09aa3b1e5dbd4020ca2da843eb7c9364465a325049b32fe902d7d0c08ee08e9f8537ecc17c303b18c9c2e60a0d29edf7f75e92208eccbd4a95dfa64febced4495ed3ca80eb48017da04ca31ad13f88ca4e5a3798ebfb04242f8901e1f4bdbc1e4998953d444567585a06b9244c3702ec0217c296467d9ec780418f0f8da2e2630d5730a29433c1c9f56a2a644b783974c755f82336378baa9fe066b47ba293f2f46ca02fb14523714385f2f3d5f621f83519b44ce7a8b08c6dbd191d7a0a254a2d5f5861be813b2f746947123e66cbd36aca1f0fb858e44090ad3edb9f22ad0226bae27b9b04227d64c7237c2db4335635ced4d8b4f2e524e9494fcc4c26b2892b3ec435d7fe1d707680ba183fed72d1528bb9d122b3bda1bfc835386bc3569ac1b9aad0d47fe7874cd1f4971ef920494fb8a8e4142b79d63aaaf5b924930348f7c516f5e13bfa41a25c95d1cf7871b460a16f5f58bdfb30673d0b471bff3e72bafeae577e79cda5283f049108b35f9127a4b64f4eaab3c8879374cc839de5c40d395325632c248f581661e15a06a3e527d440ebd63a8d0105318e19039e79ae454600f021e90651f317080e620d5097a32a3eee572bfc7bc816670da9bc1585056fd81593af9403b080fbf20a1958feb1a6fc7603ccadc4addef157e4658437ce3c185ba11a50c0d73ffab7f8958860e78ac59c1d34a2a11c8c70ae007aedc1c772afb870053e8a1bec087c816d24b1d8538302865937fb3b644e0d2119004e1f9d0370e738708bbb04808d55647cd7e58c277179027e9fd97f1de7d13c116eeee19005a1a503cebfcbb280527550a9f9a9cd993afc0ffdb4853df0dc0c687a5f9bbfcc1c98ddc65e1081f7c4ae6385cced4ef70aad62cf7df90093719652e5c81465338089c37c8b6e9d82f57095dc239f5ae1f12177ba6efe664caf2f4f01b9f2542c33d7b82e4ea84b60598b69c8087ddfecec260d35dbf4f9fccb1f2c9a2f39678233bf835781823bb445aba9189dc8051f9331771545408f8995ec7c6555e14891a9c595a32fd8423ccf1dda4b8dc65f4e922dc5efa03df375598b877dcc87b977e241a6e5270e8046a5227222db7bbf96612091ab4734098286a7b7521130b54283c289ac6482778c74eced6a183eacbbc9cc790038fae020b00267a391c808c2769c7fe267fcfc4a9b0493463cc2b945f887caec180e98fea604fe7ce8bddfa498586d857e6f9d7dde4edebb06186ce180da3a9d8e9348edbb1a49243e76be2277f235afa071911e8d92dfa29d71f8795ffa60fe278027c216f8b88ca139953b1deb621a1604d035c521e3afa22851ade92f081f6c59f0665f98fe24c6b7d45d65b9cc3675df8601af2bb0533ee589b52de7870beaf64ebe522a70b652f1ed694bb7c0cf2ba622ea8f38d2a43996cc1fcb37c69ad4bef146db48cc1f928db78037987fb906a84b5683aa222ba70b7611a2dfbc6ffb8f1c2902bba87892b4915246f524412c4326149cdea568f80ea6b90f3186368a56d95cf2f824bba7309a4dd6198c503f33b1d8b538634e2d576526f7183e9c6fd8abfcc589c65ab8ec7b294a3611e5d9218a196bcbb6d6cf6cbf65fecf53a8eacd7dbf97de9cfd5809895319f066f5a10e219e5238f22fb165e83825f5910e2fbd58625a9e00ce832e769a1f62c91fc9d901793766a2b1366fd3d0372ce9179f54f4ac412d9c424b62f56e46c6f5662fee51b415c21dcb1115aedf0bc788492f7572f79802107867a418093ff06412798778432ee7079356acd3df8ac2722ece92f2d219de398b968ec200f6846514431f1e4bd14410d59d717aa3a744ce5aae00a51775af4451640f8daad126363ef1364361d5acd4454198d32483bd0a6981bbccbc011844fb4a419f4f7ea4d4b60fcd93a97acc44b182067e2c7b9c092c8e33a80b633cb530d6e7cf47679dfd65abef1e511f37aba1d67783dd4adbe25919e3a311c0231dc70784ae4328877cb82b615af1ac8548b43c04c5532093f19ef0812fd1a0badc84f7ba275ed5a5d8f90b2b08f466eee53d913d736f21e94fe12e62d7a87e35e28a6e15146b28a5b268863cd2d2fb20e8a35bb8447549806484fa78db0dcf5ee75b42cf3826d1407729bbc093008978a4aeea601e7803a0ef8b93a04a8e3ce674a9cdebe7f0cbeddc88339ec7b7f3fd8edcb4e73cac30fea3d26e33867de3d068d68c72cedf5d737a43393401544226038237edc4ba915831203440f5968c456226362e021fdc448c360fa3a65bf5d3bd7e9117606b87443fa97400136ff146ecd63f3a87b6c5fa550fd5da8a2bb585675d3b4cf97126240df9f4c718210cc7b03e5568cac9d26e1c0e9c40f73fef658c15d5ae3dbd75aebe060e05be4dead040efe5d6529b6cace430d1a159e40a030909db5ce11e76134147d1b628cd7d2d499e2a0c66bda533cf280203fc69b0981d40ace50c5e66af7606931b162e46c18d99c12a085d1c634fa6e71423ee9f8a4628dc60fa3ddacdbfb864951a81f5df98aa18a0bb1f1db4057cdd274b08e49040d93fa95682722565d3c0c0e79c40009b7aec3b52d9a7e6bdaab9ac2b9956539f6a2750f704abf66baba8ad84237d93d9b9d2090e8de24e735ac80275bf392f5f530d541857efec5982c9924be5b3021b8a48b9de2efa935503107af2ffdbf9d6cc6cc8f7ca975c62fe303829edcde00cf1d7288d4e86ddd89eca68fdf9583361d75775febc624a65cdd4a1ae381a2e82c3f66402cd3875d972647aacbc21c033dff1aaa348bc7478ec37f007470529ce1f16adeab198888de80ca6ca3c6791fc1436a672a39ab73379fe90f5a8eef94d5a4472382cf1584e6787c2edb7e822458553e988dd02f45d5ad1ef088adc84c7d7654fd01c272aaeee1b3c3d98b7d86a07c02d0ce3c4cf1d8cb9b0fa4728cd339c92831fa003d7a95f4b9cceb7fb275cdd4a2461231a1e10786a4dadb512fa0189cb45c8fba49a81ff4bf23cc00af23ca6a4bafad97bbfd7a6f98fb969bdc80b133b4900485692bec8b5500f2fb61cd9a7fd17993ba275d78f3711cf3426de7c0db931838823c97c963e25ceb6332f064320d94869931314e84270c4f2cc15b2f3eeb7e08501a1f3d9cee810a07e0705c1fd7d1ac7c88d85af4deea66242891d6f2cea1cca6cc96e6cb44f11140eb5672488e077bc20b5962a2903e5baa2f3a7d2c27463e75259be417fbcdddf792fe93230970ea5d8d5891f08e1a6f7bbf12c21e23407fff0443c2f11fabd86b72622f1e4cc0c7650f653b1a79780b0cdc48a61363b40485e126c5390b519aadf460de0819ee1864f79dd3c7b62ca147889c11e0752817d876ac5f78d8e3b4c3f5822ddeac682a3c86453e694667432a0a29c554760d9188e803bb5ce44989efafda24abd92cb736dbb667f889dec4f305197c5e250f140215f1f913b63ab2587c549a35db0362f7f8e742544c2494c490ce9d94d2e662ab8066ddceab830fd212c69bf47060fcf715a24bc6c1acec4a39a924e7bdbac155b1d9095293fee815b19558a3823b4b426cfc89ea4de3ddef51ba73f4d152efe9af854619327fd3eee03cafe47c030c631b72793e32ef4f70efcf3df963364461bb248ed9ab59ec7b7efd01dcc857dc4736830731f1941c2b08546389fce7da5fedddf5f5872d3e741cad8c107a8dfda00928b6ae3855e08a42ca05252bacad2de9de064fe6819b237be0e1407902f8472e4c497e7951818d0062f882cbae2a9cd77526e23d1fe2b0b0aa95c8354449ee8ab0cf465c88bc16c2d9934cddc32ce4b171bb11b5755e7778c2fe1e944740b5f31d78adee919bd20884e14e826acdaca008ec0178183533e86b38e934807e2e990ad666ca422edc62d3fa408484f65623023da0c7c4a84e17c428f6514174e8a33adc8a7f8741460d8270ebcbbacd77ea36506c47394710efb5ec718957fc211aee096d25719ca54a0f6b9b6284631682591f57bf4ce73ff14bdf05db1fb2dd3a16195dc4017e051d55efc08e950ea8ee1d5e5c3312e507818aace18168b9e5a950709633e2c75dbe99d9b366b903134bfd30b27c165d7388e5ed1e9605fa3a767bde946a560d4a363e0f0490f8f1fc8ae13d691a41ccf3ef2f81354393032a02129fa06a482ccf0956be097c39ca3b154ff9ca97f736a087a0e1bd2af63814828549613e56bcd7138ab36336bc1fb752429641819355816436639da6bc9743f1de723268cb323f6dadcfbee6d60966224457bab05431ceb6877fd36d4bcbc20c8b0ac77f9cb7ad5784125df565439adaac4e82c531efcd9a97c84bff2eb2b66f2c8aac90dbfdd7df7d5abf67fbf37c87f8acb4f02553af6bd5f3ec0c5f7b88c8ce1fd1049b9710d916239cc09c6574b64378ad5cac273f9a6609620bd9d76b9568079c3010f236b1f57f7e347142596aff79a30607c1a79a6e7e55b6631c2e95b52b7391bb974d42b6ef5044ea77b55ef55579fe46d17c37481ac76c7d30388f92133f0d366cc55842a97e2d2de2f107f80816cd98cc497c8577388779e9d353dbfe22207881897a9cc61d69d81411f298d53fe2d98a28c7f4db2c763f033e03abb10fa3032055f45cb93f3bd1597eb928c0bf425b8be2ea0375f4f320c48426f18ab4437c7af4a859c45d968a207d43b7acb03cce1430704592b695361b46b8534a2d245113f8528be64ab6ccdb52cf5b2e02b4d61fe64318569f4fd61a8c876e6f76f71f01b67366268870f2a5ae8af66ee795ace9aed5021c74de457518af82ddf834adf224b20b51c52cc951b191f5d45ec57721e1fcae66f8c620926d37745c9f2492ad0ba6f609d0da1989ae77a50ceac078fb889921ccba6007c7a1cb7853198b6c5beed22718995c6b161e55ddee5641e23dee4ff5243ae6d7039c51888e4bf994f67ad34638dde19a8d25c0948e6a488dfc0a6f57ab6c2364128a9dc12d3f85f013c066c7097c15783b8e2f3114cb5170071f858591fcc24f0b5b8148c92af77f1a8549980cf22ecd6bd9d410bc22ab8a2cf2958a16ff43ceaeb3028d28eb16f9a527bb23b8d972b4fd7d894e94cbc079e2782eb6198d074e00dd31318d96cde7157d9402c74d65494c3cc0df191fcb38edb83df33983c44cc4b23985bdde745d4a3122f75001da21d04fb4fe15932a246b9ccc7a5750f3df7fc0ee2c92653ac35f016f476dcee4b9ad2a65e4295cb4784208d1aae2062055a2426c978611865799d49ebcbe9d56d57c7df54425bfb5b2abf644db89147333d6bb866d7a2e674418ffe3bf7368bc29307e8bcb2b9443bb3c80e9519bff410dc912dafc081025dfdb4ec14eb7f0569b19718fe34b1b86677c5b08819e75e955a0bb2032601201be455f523ef3bf1ab5400353995f96c3b3b8970ab0d0946c1890bfa5c242ecab2d03978f6b9770d767e0914bd7bd0bb4a1127d1c96403f1875e2f1194a5e47def0dfe6c4d7e5556e50bcc9f601f0dfe249d9ff710a07ba7e29cd633e5b936c9c362d86020250d01df4ca0869d645eaac888dba86c5bde547f5688892ff1b39f43e1cbe18a2c51e1dcf323f1c1c2f574b4aa9a219b5d6ada50f462488c56b207bb62eb57ef82352f8d5f42d48cb7f1bbe60067ed6ab318cd2cbee1c00c33c5a5da7d76df1a6a0a5ddc4e578a00"/4096, @ANYRESDEC=r2, @ANYRES64=r3, @ANYRES64=r0, @ANYRES16=0x0]) 938.839095ms ago: executing program 0 (id=338): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000140)=0x3) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x408002, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000300)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000180)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x8, 0x0, 0xe}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000100)={0x0, 0x18, 0x38}}, 0x400}], 0x51, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7"}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) syz_clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {0x17}, 0x0, 0x0, 0x0, 0x0}, 0x58) 906.064726ms ago: executing program 0 (id=339): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0x4018aee3, &(0x7f0000000180)=""/216) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x60, 0x0, &(0x7f0000000140)=[@register_looper, @clear_death, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000040)={@flat=@handle={0x73682a85, 0xa, 0x2}, @fda={0x66646185, 0x4, 0x2, 0x40}, @flat=@weak_binder={0x77622a85, 0x1}}, &(0x7f0000000100)={0x0, 0x18, 0x38}}, 0x400}], 0x0, 0x0, 0x0}) 825.984837ms ago: executing program 0 (id=341): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x40000) (async, rerun: 64) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) (rerun: 64) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) (async) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000200)={0x0, 0x1, 0x0, &(0x7f0000000100)=""/47, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000000500)=""/69, 0x0}) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2042, 0x0) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7) (async, rerun: 32) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (rerun: 32) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000e00)='cpuset.mems\x00', 0x2, 0x0) read(r5, 0x0, 0xb) (async) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f0000000280)) (async, rerun: 32) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000d00)) (async, rerun: 32) r8 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETGROUP(r8, 0x400454ce, 0x0) r9 = openat$tun(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000340)=&(0x7f00000001c0)) ioctl$BTRFS_IOC_START_SYNC(r4, 0x80089418, &(0x7f00000002c0)) (async) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x1) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async, rerun: 32) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async, rerun: 32) r10 = openat$selinux_policy(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r10, 0x0) 675.20653ms ago: executing program 3 (id=348): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000140)=0xfffffdfb) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5c6f135252ce000800006f00"}) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x1, 0x7c1, 0x8001, 0x0, 0x13, "4cb8b210acdc716f64cf76062d59e56f2584c4"}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000200)=[@acquire, @enter_looper], 0x53, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x67, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x0, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r4, 0x40485404, &(0x7f00000000c0)={{0x1, 0x0, 0x0, 0x3, 0xfffffffd}}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x18, 0x0, &(0x7f0000000100)=[@clear_death={0x400c630f, 0x2}, @increfs={0x40046304, 0x2}], 0x1e, 0x0, &(0x7f0000000180)="56b9962993514b5b439cbf8474e97548ff48570628425800fbbfbbfc1344"}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x40000, 0x0) ioctl$BLKCRYPTOIMPORTKEY(r5, 0xc0401289, &(0x7f0000000300)={&(0x7f0000000280)="95fd66ea0585a40119618cfc9c6dde2f", 0x10, &(0x7f00000002c0)=""/59, 0x3b}) 526.427562ms ago: executing program 3 (id=349): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x3014, 0x100000000000}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x18, 0x0, &(0x7f0000000180)=[@increfs, @clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0}) 525.998742ms ago: executing program 3 (id=350): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0xa, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x52, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0xe21e}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0xa, 0x2}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x52, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0xe21e}) (async) 516.765102ms ago: executing program 2 (id=351): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x40000097}]}) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000100)={0x6, 0x6, 0x7, 0xfff, 0x5}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x3}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r4, 0xc00caee0, &(0x7f0000000140)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x2000001, 0x0, 0x2004cb, 0x0, 0x0, 0x68ff, 0x9, 0x0, 0x3], 0x1, 0x2c0203}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000280)={[{0xb, 0x4, 0x9, 0x2, 0xb, 0x4, 0x6, 0x91, 0x40, 0x1, 0x4, 0xb, 0xbe5}, {0xae48, 0x9, 0x2, 0xff, 0x92, 0x4, 0x74, 0x2, 0xf3, 0x5, 0x4, 0x8, 0x7}, {0x7, 0x8, 0xc, 0x9, 0x5, 0x9, 0x0, 0x8, 0x3, 0x1, 0x55, 0x81, 0x6a}], 0xfffff805}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max']) 424.231973ms ago: executing program 3 (id=355): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x3, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r2, 0x4018aee2, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) 415.179684ms ago: executing program 1 (id=356): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = openat(r1, &(0x7f0000000180)='./cgroup\x00', 0x102, 0x35) read$FUSE(r2, &(0x7f0000002a40)={0x2020}, 0x2020) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) read$FUSE(r4, &(0x7f0000002080)={0x2020}, 0x2020) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x183442, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42a02, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r7, 0x4068aea3, &(0x7f0000000700)={0xcc, 0x0, 0x1}) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x5460, &(0x7f0000000540)={'veth0_macvtap\x00', @remote}) r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) read$FUSE(r10, 0x0, 0x0) ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f00000000c0)=0xc4030a4) ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f00000002c0)) write$ppp(r5, &(0x7f00000003c0)='\x00!', 0x100000) ioctl$KVM_GET_MSR_INDEX_LIST(r9, 0xc004ae02, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00e000000000000000000000000017000000000000000300"/44]) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) 254.287786ms ago: executing program 3 (id=357): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) (async) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) ioctl$TCXONC(r1, 0x540a, 0x2) (async) ioctl$TCXONC(r1, 0x540a, 0x2) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) 237.222716ms ago: executing program 1 (id=358): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/image_size', 0x10b902, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0x12) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000000)=ANY=[@ANYBLOB='context=sy\"te', @ANYBLOB="d4212214270bf0813f40000000000000008a31789af3d57b"]) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) read$FUSE(r2, &(0x7f0000000440)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$binderfs(&(0x7f00000000c0), &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000180), 0x880, &(0x7f0000000280)=ANY=[@ANYBLOB='subj_type=io,dont_hash,smackfsfloor=@-],fowner<', @ANYRESDEC=r3, @ANYBLOB="2c61707072616973652c61707072656973655f747970653d696d617369672c6673757569643d630c3130613763632d653638332d353000662d006138362d346a3337346632352c686173682c66736e616d653d2c666f776e65723e42677430d6b0077a492eaa131c1417c27be36f18f4f7dad77b572ca20d9bfb5ac536ceb8ee63dce149dfce080abb3ae8fdb80fc879e0e4631cc21a97a86f7c97a60a77b83e59292a0cf44151c423b73197cb7b5080786e0b4878fc18e707f2a79dbde144420815bac74988dab28ba16e5fe6def1786e2e13bf29e59a34bbbaed1370842a3c706143af1b047608ae91f6abe741074d2fce058d2267e6ae70a8d9", @ANYRESDEC=r3, @ANYBLOB=',\x00']) write$cgroup_subtree(r2, &(0x7f0000000040)={[{0x2d, 'memory'}, {0x2d, 'net'}, {0x2b, 'io'}, {0x2b, 'cpu'}, {0x2d, 'freezer'}, {0x2b, 'cpuset'}, {0x2d, 'hugetlb'}, {0x2d, 'net_cls'}, {0x2b, 'cpu'}]}, 0x3e) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/image_size', 0x10b902, 0x0) (async) write$cgroup_int(r0, &(0x7f0000000000), 0x12) (async) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000000)=ANY=[@ANYBLOB='context=sy\"te', @ANYBLOB="d4212214270bf0813f40000000000000008a31789af3d57b"]) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) (async) read$FUSE(r2, &(0x7f0000000440)={0x2020}, 0x2020) (async) mount$binderfs(&(0x7f00000000c0), &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000180), 0x880, &(0x7f0000000280)=ANY=[@ANYBLOB='subj_type=io,dont_hash,smackfsfloor=@-],fowner<', @ANYRESDEC=r3, @ANYBLOB="2c61707072616973652c61707072656973655f747970653d696d617369672c6673757569643d630c3130613763632d653638332d353000662d006138362d346a3337346632352c686173682c66736e616d653d2c666f776e65723e42677430d6b0077a492eaa131c1417c27be36f18f4f7dad77b572ca20d9bfb5ac536ceb8ee63dce149dfce080abb3ae8fdb80fc879e0e4631cc21a97a86f7c97a60a77b83e59292a0cf44151c423b73197cb7b5080786e0b4878fc18e707f2a79dbde144420815bac74988dab28ba16e5fe6def1786e2e13bf29e59a34bbbaed1370842a3c706143af1b047608ae91f6abe741074d2fce058d2267e6ae70a8d9", @ANYRESDEC=r3, @ANYBLOB=',\x00']) (async) write$cgroup_subtree(r2, &(0x7f0000000040)={[{0x2d, 'memory'}, {0x2d, 'net'}, {0x2b, 'io'}, {0x2b, 'cpu'}, {0x2d, 'freezer'}, {0x2b, 'cpuset'}, {0x2d, 'hugetlb'}, {0x2d, 'net_cls'}, {0x2b, 'cpu'}]}, 0x3e) (async) 235.703196ms ago: executing program 2 (id=359): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x88200, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"]) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r4, 0x4018aee3, &(0x7f0000000180)=""/216) mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x7) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) 175.624937ms ago: executing program 1 (id=360): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x5b) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) mmap(&(0x7f00007d4000/0xd000)=nil, 0xd000, 0x2000006, 0x13, 0xffffffffffffffff, 0x25fea000) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x8ae9b000) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000000c0)={0x1, 0x0, [{0x1, 0x3b8, 0x8002, 0x3e60, 0x1}]}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x486, 0x0, 0x40000000}]}) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 98.471719ms ago: executing program 2 (id=361): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000"]) openat$ttynull(0xffffffffffffff9c, &(0x7f00000008c0), 0x40000, 0x0) 84.874959ms ago: executing program 1 (id=362): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r0, 0x0) (async) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000140)) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000380)="ec5879bcae4ebf1dcf85134d8b5e05505209abff506d2f73957fa39fbdbc84a722e85b7aa2dd37976eaa5b831df72f213796242fbd571621cc5d7cdf0257b01ea7a5119e8f9d6ed2b82920a14886fc0c"}) 61.267459ms ago: executing program 1 (id=363): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0x2020) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001500)={0x44, 0x0, &(0x7f0000001380)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 930.03µs ago: executing program 2 (id=364): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1800001, 0x28011, r0, 0x77c08000) 433.64µs ago: executing program 1 (id=365): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0xffffffc1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r0, 0x0) mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r0, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x9f) r5 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0) close(r5) ioctl$KVM_SET_TSS_ADDR(r3, 0xae47, 0x566afa30a48730) write$selinux_load(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e7578629bd2a803c88ebcc05eda30de038dc91fe3195fe003d33dfd71336bf3f0f79b7aeb3176be8de47d07fac8d01b6ab46571ca907baf99c1642eedab38f69013931dfb7b70c161a3faa5cd8108da1764efb2e403ada19363f1666b8789dafd3acc553370357930a92281f09f76f66307bb8d89097f8b67eb274a0e16"], 0x8b) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f00000007c0)={"f8997c89fed77bbc3e6fe91bf95453d7550e0db08b5e6b307cb7e25dc636dc3b6a20285c2526eab5b631e0953d9bb2494cee041b2838943236d867f178e2aced21bb90d452f4f8269c68402270a334bd46c9e450bf611065a2116dbdd7a7b66bdecf96f83bb281596aca0b10868dfc8cb7cadd1080a222c8173690aa964a3a2c2cd7ea4d40ba6045e0de9a161846b613a674fc0584d84c80adf0425f319e4cea0838278b0fbb023c3191c04e15d23284b05828b343c44a2e1d9f316fa88bd585127b7d6bb8452ec7b657902694b35fbc9d7e414f4fd0fa41bc528a08ce1abeb00f54efb359b3352c5a968e80a9e63986dbfd473650f8fba3642c8961eda5b48d090525872d7fde829c245a1f9af58727d2b85304f12fd898f7b3b6aa92f2ca8ac7dabecf92f3a061fc1264cf77082f195797537e0610050c3f10279e0c686a0d2e063906bc43b7d6f6918a8fa7014b7682027c30d58e7138e1b4e511f4349e51de0141e40b89abf55f7a15a807ed1c5ba1ae8451dfbe7cb2d9e83dfc2fe111e928af261f865a32323e7e99cf6870a49b970d09292e34377fdb42d91ffbf6afe33f0e3b0a0b7d80e40818a26e45e116cc75059487a47648a5e03548dfc544ca600fee08aa0f1878c0550630c37682c68a3bd581728b8d457c2838d740da9fc7ab49baf22732eadfe5a029d64c04bbbaccf84bec68acbf1ba7d7157be23550e9e05fc52f9b7d4fb7e2773e1ee2d15fae939e633f30a6e98a8e30d0effea83e4d8d60074723db222f8564332320bf55ff2ad25c3a5e27003d5878d3321cac6edb967a8b8b7986d50c688c4bbc3970cc66db0d2d680aa7b76785a4233988b60299440fff8b7b07514aafa7cacfde65470cf360ebb2cc4277b928ad42d7dbdfe429867cc90ba978ca7432e4ba7d7b97e22a5dd72dcb4f581b8d690ba67011b1145ec55628e15c1d265bd3e81b6549c22fb4f6ac245ffb6b1ce222f575d67915fc4df49b0bfed03a25cfb270eb46cf6cc1d1812aedff894c32e190f7e6b0c60db1aef2612523c22debd3265ac24eef8790b36e2046c077007e6a8dd5e38907eb50a6c2041fd6fb24affb4c38986490b568d499398779735fc77ed482a8aec76da7e4c10e1ccef876d4b040e6c0f683b107fbea0ca15797f4d663ecd8ee3bf13b7e060e7ec11093125d2c97ef0654db03e6f5b793c2c2db728278719415adaade245a70e033b5968a863904aafe42d37e3e296bfc62037caae0e942635e7562d030d2d4cd1ebb44c0e3d8b53a11114fe40efd801ecf4812ba7dd6b4420b598ae302ef5863113388930ff283fb95351712fc8ae1c7d358b7ea8e5f3c87cd2c597d618092f7ed086a851711429d0a1ede673257eea3205dde8fb6d8a99bade876b07eabf931510d86e47f65200e90b51837b14c46006b4e51f6656aaf6933e249e63774f2"}) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext=']) openat$cgroup_procs(r9, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) 0s ago: executing program 3 (id=366): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async, rerun: 32) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) (rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000700)={0xffffffffffffffff, 0x3, 0x3, 0x0, 0x7}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r5, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000034d484b00000000feff000000000000"]) (async, rerun: 64) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (rerun: 64) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000004000000080000040"]) (async, rerun: 64) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (rerun: 64) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 32) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) (async, rerun: 32) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="cf00000000555c0000000000000000a79200000000080000ccf7ae7d55"]) (async, rerun: 32) ioctl$KVM_RUN(r10, 0xae80, 0x0) (async, rerun: 32) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap(&(0x7f0000050000/0x3000)=nil, 0x3000, 0x0, 0x6832, 0xffffffffffffffff, 0xffffe000) (async, rerun: 32) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32) mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r0, 0x0) kernel console output (not intermixed with test programs): [ 30.345979][ T13] sched: DL replenish lagged too much Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. [ 34.130275][ T36] audit: type=1400 audit(1750357208.660:64): avc: denied { mounton } for pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 34.131880][ T280] cgroup: Unknown subsys name 'net' [ 34.154784][ T36] audit: type=1400 audit(1750357208.660:65): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 34.185311][ T36] audit: type=1400 audit(1750357208.700:66): avc: denied { unmount } for pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 34.185537][ T280] cgroup: Unknown subsys name 'devices' [ 34.349967][ T280] cgroup: Unknown subsys name 'hugetlb' [ 34.356319][ T280] cgroup: Unknown subsys name 'rlimit' [ 34.511321][ T36] audit: type=1400 audit(1750357209.040:67): avc: denied { setattr } for pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 34.538617][ T36] audit: type=1400 audit(1750357209.040:68): avc: denied { mounton } for pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 34.553272][ T282] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 34.566303][ T36] audit: type=1400 audit(1750357209.040:69): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 34.602481][ T36] audit: type=1400 audit(1750357209.110:70): avc: denied { relabelto } for pid=282 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 34.631221][ T36] audit: type=1400 audit(1750357209.110:71): avc: denied { write } for pid=282 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 34.635022][ T280] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 34.660021][ T36] audit: type=1400 audit(1750357209.170:72): avc: denied { read } for pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 34.701597][ T36] audit: type=1400 audit(1750357209.170:73): avc: denied { open } for pid=280 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 35.570825][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.578526][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.586985][ T287] bridge_slave_0: entered allmulticast mode [ 35.593657][ T287] bridge_slave_0: entered promiscuous mode [ 35.602384][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.610910][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.619691][ T287] bridge_slave_1: entered allmulticast mode [ 35.626707][ T287] bridge_slave_1: entered promiscuous mode [ 35.722503][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.730106][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.737734][ T288] bridge_slave_0: entered allmulticast mode [ 35.744580][ T288] bridge_slave_0: entered promiscuous mode [ 35.753301][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.761239][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.769666][ T288] bridge_slave_1: entered allmulticast mode [ 35.776291][ T288] bridge_slave_1: entered promiscuous mode [ 35.782825][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.791009][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.799129][ T290] bridge_slave_0: entered allmulticast mode [ 35.806459][ T290] bridge_slave_0: entered promiscuous mode [ 35.813446][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.821729][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.829969][ T290] bridge_slave_1: entered allmulticast mode [ 35.836631][ T290] bridge_slave_1: entered promiscuous mode [ 35.993134][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.001789][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.009966][ T289] bridge_slave_0: entered allmulticast mode [ 36.016823][ T289] bridge_slave_0: entered promiscuous mode [ 36.026567][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.034238][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.042179][ T289] bridge_slave_1: entered allmulticast mode [ 36.049259][ T289] bridge_slave_1: entered promiscuous mode [ 36.103330][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.110647][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.118899][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.126506][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.154629][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.163286][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.172892][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.181702][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.223105][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.230521][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.238849][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.246285][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.294068][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.302733][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.312283][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.321553][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.329387][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.337664][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.350454][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.358547][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.370436][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.379096][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.396810][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.404075][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.412232][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.420589][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.456838][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.464524][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.489072][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.498361][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.514205][ T290] veth0_vlan: entered promiscuous mode [ 36.539569][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.547498][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.558741][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.567178][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.580120][ T287] veth0_vlan: entered promiscuous mode [ 36.597236][ T290] veth1_macvtap: entered promiscuous mode [ 36.646521][ T287] veth1_macvtap: entered promiscuous mode [ 36.660307][ T288] veth0_vlan: entered promiscuous mode [ 36.669756][ T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 36.719276][ T288] veth1_macvtap: entered promiscuous mode [ 36.731965][ T289] veth0_vlan: entered promiscuous mode [ 36.782624][ T289] veth1_macvtap: entered promiscuous mode [ 36.867846][ T321] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 36.925191][ T329] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 36.925228][ T329] rust_binder: Error while translating object. [ 36.952524][ T329] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.960125][ T329] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:4 [ 37.043365][ T337] rust_binder: Write failure EFAULT in pid:12 [ 37.130332][ T342] SELinux: unknown common r [ 37.146039][ T342] SELinux: failed to load policy [ 37.147551][ T343] binder: Unknown parameter '0x0000000000000004000000000000000000040x0000000000000003' [ 37.164209][ T345] binder: Unknown parameter 'defcontext01777777777777777777777' [ 37.201779][ T345] random: crng reseeded on system resumption [ 37.272042][ T351] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 37.272068][ T351] rust_binder: Read failure Err(EFAULT) in pid:8 [ 37.379369][ T358] binder: Bad value for 'defcontext' [ 37.513287][ T367] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1531215282 (3062430564 ns) > initial count (1473793136 ns). Using initial count to start timer. [ 37.578159][ T372] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 37.578181][ T372] rust_binder: Error while translating object. [ 37.592665][ T372] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 37.599974][ T372] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:21 [ 37.632564][ T375] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:16 [ 37.783969][ T387] binder: Bad value for 'max' [ 37.983386][ T393] rust_binder: Write failure EINVAL in pid:24 [ 38.284907][ T424] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:38 [ 38.346133][ T427] input: syz1 as /devices/virtual/input/input4 [ 38.387849][ T427] rust_binder: Error in use_page_slow: ESRCH [ 38.387874][ T427] rust_binder: use_range failure ESRCH [ 38.395584][ T427] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 38.402453][ T427] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 38.411693][ T427] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:38 [ 38.461893][ T430] random: crng reseeded on system resumption [ 38.665515][ T443] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.786589][ T446] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.823931][ T455] rust_binder: Read failure Err(EAGAIN) in pid:47 [ 39.185296][ T36] kauditd_printk_skb: 74 callbacks suppressed [ 39.185316][ T36] audit: type=1400 audit(1750357213.710:148): avc: denied { read write } for pid=475 comm="syz.2.55" name="fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 39.226709][ T36] audit: type=1400 audit(1750357213.710:149): avc: denied { open } for pid=475 comm="syz.2.55" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 39.254586][ T36] audit: type=1400 audit(1750357213.710:150): avc: denied { ioctl } for pid=475 comm="syz.2.55" path="/dev/fuse" dev="devtmpfs" ino=23 ioctlcmd=0xe502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 39.411893][ T484] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 39.412463][ T484] rust_binder: Write failure EINVAL in pid:37 [ 39.424414][ T485] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 39.431377][ T485] rust_binder: Read failure Err(EFAULT) in pid:65 [ 39.614857][ T499] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 39.630875][ T505] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.631583][ T505] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.638358][ T499] rust_binder: Write failure EINVAL in pid:45 [ 39.835174][ T522] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 39.862956][ T523] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 39.862987][ T523] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62 [ 39.987399][ T531] ======================================================= [ 39.987399][ T531] WARNING: The mand mount option has been deprecated and [ 39.987399][ T531] and is ignored by this kernel. Remove the mand [ 39.987399][ T531] option from the mount to silence this warning. [ 39.987399][ T531] ======================================================= [ 40.043845][ T531] binder: Binderfs stats mode cannot be changed during a remount [ 40.096831][ T36] audit: type=1400 audit(1750357214.630:151): avc: denied { map } for pid=533 comm="syz.1.74" path="/proc/sys/net/ipv4/tcp_congestion_control" dev="proc" ino=6103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_net_t tclass=file permissive=1 [ 40.128513][ T36] audit: type=1400 audit(1750357214.630:152): avc: denied { execute } for pid=533 comm="syz.1.74" path="/proc/sys/net/ipv4/tcp_congestion_control" dev="proc" ino=6103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_net_t tclass=file permissive=1 [ 40.159447][ T539] rust_binder: Error in use_page_slow: ESRCH [ 40.159445][ T538] rust_binder: Error in use_page_slow: ESRCH [ 40.159466][ T539] rust_binder: use_range failure ESRCH [ 40.159480][ T539] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 40.168880][ T538] rust_binder: use_range failure ESRCH [ 40.179005][ T539] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 40.199772][ T538] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 40.206163][ T410] Bluetooth: hci0: command 0x1003 tx timeout [ 40.217651][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 40.236535][ T538] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 40.244069][ T538] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:61 [ 40.248468][ T539] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:61 [ 40.375452][ T561] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:73 [ 40.406260][ T566] binder: Unknown parameter 'subj_type' [ 40.603978][ T588] binder: Unknown parameter '00000000000000000000' [ 40.642691][ T596] SELinux: security_context_str_to_sid (system_uGй :) failed with errno=-22 [ 40.749796][ T36] audit: type=1400 audit(1750357215.280:153): avc: denied { execute } for pid=603 comm="syz.0.95" path="/selinux/avc/hash_stats" dev="selinuxfs" ino=26 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1 [ 40.781373][ T36] audit: type=1400 audit(1750357215.310:154): avc: denied { append } for pid=606 comm="syz.1.96" name="pfkey" dev="proc" ino=4026532455 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 40.808609][ T36] audit: type=1400 audit(1750357215.310:155): avc: denied { associate } for pid=606 comm="syz.1.96" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 40.839716][ T609] input: syz0 as /devices/virtual/input/input5 [ 40.849766][ T609] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:76 [ 40.959859][ T612] SELinux: policydb version 75628561 does not match my version range 15-33 [ 40.982387][ T612] SELinux: failed to load policy [ 41.013657][ T627] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.052369][ T630] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 41.060534][ T630] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:87 [ 41.090197][ T632] rust_binder: Write failure EFAULT in pid:81 [ 41.188604][ T635] SELinux: security_context_str_to_sid () failed with errno=-22 [ 41.277765][ T636] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 41.331365][ T649] binder: Unknown parameter '4847201 nsecs [ 41.331365][ T649] [ 41.331365][ T649] cpu: 0 [ 41.331365][ T649] clock 0: [ 41.331365][ T649] .base: ffff8881f6e2cf00 [ 41.331365][ T649] .index: 0 [ 41.331365][ T649] .resolution: 1 nsecs [ 41.331365][ T649] .get_time: ktime_get [ 41.331365][ T649] .offset: 0 nsecs [ 41.331365][ T649] active timers: [ 41.331365][ T649] #0: ' [ 41.507971][ T655] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 41.508008][ T655] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:94 [ 41.511407][ T652] SELinux: failed to load policy [ 41.582339][ T662] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 41.595983][ T662] rust_binder: Write failure EINVAL in pid:99 [ 41.644549][ T670] random: crng reseeded on system resumption [ 41.645967][ T672] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.689843][ T670] rust_binder: Write failure EINVAL in pid:88 [ 41.698855][ T672] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.715425][ T673] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.851418][ T36] audit: type=1400 audit(1750357216.380:156): avc: denied { write } for pid=680 comm="syz.2.120" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 42.001596][ T36] audit: type=1400 audit(1750357216.530:157): avc: denied { write } for pid=685 comm="syz.0.121" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 42.003163][ T686] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 42.049090][ T686] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 42.049117][ T686] rust_binder: Error while translating object. [ 42.060743][ T686] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.069240][ T686] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:69 [ 42.252617][ T696] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 42.255494][ T705] kvm: kvm [703]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010003) = 0x3072 [ 42.286953][ T696] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 42.300789][ T696] kvm: requested 122361 ns i8254 timer period limited to 200000 ns [ 42.339685][ T702] input: syz1 as /devices/virtual/input/input7 [ 42.355323][ T702] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 42.355361][ T702] rust_binder: Error while translating object. [ 42.367162][ T702] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 42.387694][ T702] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:109 [ 42.399537][ T712] input: syz0 as /devices/virtual/input/input8 [ 42.525957][ T717] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:81 [ 42.645373][ T724] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:109 [ 42.663928][ T726] serio: Serial port ttynull [ 42.713218][ T728] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:104 [ 42.970827][ T740] can0: slcan on ptm0. [ 43.056356][ T739] can0 (unregistered): slcan off ptm0. [ 43.116109][ T303] Bluetooth: hci0: Frame reassembly failed (-84) [ 43.124285][ T752] Bluetooth: hci0: Frame reassembly failed (-84) [ 43.227656][ T755] SELinux: failed to load policy [ 43.428162][ T764] binder: Bad value for 'defcontext' [ 43.437502][ T764] binder: Bad value for 'defcontext' [ 43.457526][ T768] binder: Bad value for 'context' [ 43.596407][ T781] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.617149][ T776] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 43.638253][ T776] rust_binder: Error in use_page_slow: EBUSY [ 43.642059][ T786] input: syz0 as /devices/virtual/input/input9 [ 43.661401][ T776] rust_binder: use_range failure EBUSY [ 43.671997][ T787] SELinux: security_context_str_to_sid (system_uGй :) failed with errno=-22 [ 43.679271][ T786] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 43.692199][ T786] rust_binder: Error while translating object. [ 43.697117][ T776] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 43.709051][ T786] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 43.716022][ T776] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 43.725234][ T786] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:115 [ 43.737152][ T776] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 43.768120][ T776] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:129 [ 43.976605][ T813] binder: Unknown parameter '00000000000000000000000' [ 44.113045][ T824] rust_binder: Error while translating object. [ 44.113097][ T824] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 44.120506][ T824] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:117 [ 44.187154][ T36] kauditd_printk_skb: 25 callbacks suppressed [ 44.187171][ T36] audit: type=1400 audit(1750357218.720:183): avc: denied { read write } for pid=290 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 44.248170][ T36] audit: type=1400 audit(1750357218.770:184): avc: denied { open } for pid=290 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 44.277644][ T36] audit: type=1400 audit(1750357218.770:185): avc: denied { ioctl } for pid=290 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 44.311597][ T36] audit: type=1400 audit(1750357218.800:186): avc: denied { mounton } for pid=825 comm="syz.3.164" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.528468][ T36] audit: type=1400 audit(1750357219.060:187): avc: denied { read write } for pid=827 comm="syz.2.165" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 44.529530][ T828] rust_binder: Write failure EFAULT in pid:133 [ 44.571137][ T828] input: syz0 as /devices/virtual/input/input10 [ 44.583322][ T36] audit: type=1400 audit(1750357219.060:188): avc: denied { open } for pid=827 comm="syz.2.165" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 44.615597][ T36] audit: type=1400 audit(1750357219.060:189): avc: denied { ioctl } for pid=827 comm="syz.2.165" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x556d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 44.646573][ T36] audit: type=1400 audit(1750357219.060:190): avc: denied { read } for pid=827 comm="syz.2.165" name="binder1" dev="binder" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 44.675260][ T36] audit: type=1400 audit(1750357219.060:191): avc: denied { open } for pid=827 comm="syz.2.165" path="/dev/binderfs/binder1" dev="binder" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 44.712921][ T36] audit: type=1400 audit(1750357219.200:192): avc: denied { read write } for pid=830 comm="syz.3.166" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 44.787511][ T834] SELinux: failed to load policy [ 44.805511][ T834] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 44.818092][ T834] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 44.922093][ T849] rust_binder: Write failure EFAULT in pid:145 [ 44.922187][ T846] rust_binder: Write failure EFAULT in pid:145 [ 44.996887][ T851] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 45.005172][ T851] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 45.015975][ T851] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 45.042650][ T854] SELinux: security_context_str_to_sid () failed with errno=-22 [ 45.043487][ T855] SELinux: security_context_str_to_sid () failed with errno=-22 [ 45.110704][ T857] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 45.145736][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 45.146405][ T410] Bluetooth: hci0: command 0x1003 tx timeout [ 45.416948][ T875] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 45.433576][ T877] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 45.512772][ T881] rust_binder: Write failure EFAULT in pid:128 [ 45.513515][ T881] rust_binder: Failed to allocate buffer. len:168, is_oneway:true [ 45.571092][ T883] rust_binder: Write failure EINVAL in pid:131 [ 45.979745][ T915] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 45.987818][ T915] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:138 [ 46.089982][ T926] rust_binder: Read failure Err(EAGAIN) in pid:147 [ 46.137333][ T931] can0: slcan on ptm0. [ 46.152894][ T936] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.209400][ T930] can0 (unregistered): slcan off ptm0. [ 46.411374][ T964] rust_binder: Write failure EFAULT in pid:148 [ 46.434202][ T966] binder: Unknown parameter 'processor : 0 [ 46.434202][ T966] vendor_id : GenuineIntel [ 46.434202][ T966] cpu family : 6 [ 46.434202][ T966] model : 79 [ 46.434202][ T966] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 46.434202][ T966] stepping : 0 [ 46.434202][ T966] microcode : 0xffffffff [ 46.434202][ T966] cpu MHz : 2199.998 [ 46.434202][ T966] cache size : 56320 KB [ 46.434202][ T966] physical id : 0 [ 46.434202][ T966] siblings : 2 [ 46.434202][ T966] core id : 0 [ 46.434202][ T966] cpu cores : 1 [ 46.434202][ T966] apicid : 0 [ 46.434202][ T966] initial apicid : 0 [ 46.434202][ T966] fpu : yes [ 46.434202][ T966] fpu_exception : yes [ 46.434202][ T966] cpuid level : 13 [ 46.434202][ T966] wp : yes [ 46.434202][ T966] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 46.434202][ T966] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 46.602231][ T982] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 46.777393][ T982] rust_binder: Read failure Err(EFAULT) in pid:158 [ 46.787813][ T980] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 46.808051][ T980] rust_binder: Write failure EINVAL in pid:181 [ 46.987590][ T1000] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 47.001630][ T1000] rust_binder: Write failure EINVAL in pid:152 [ 47.010830][ T998] rust_binder: Write failure EINVAL in pid:188 [ 47.038461][ T1005] rust_binder: Error while translating object. [ 47.047916][ T1005] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 47.057387][ T1005] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:167 [ 47.143236][ T1013] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 47.268572][ T1030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.268605][ T1030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.277451][ T1031] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.355416][ T1037] rust_binder: Error in use_page_slow: ESRCH [ 47.355456][ T1037] rust_binder: use_range failure ESRCH [ 47.363414][ T1037] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 47.370240][ T1037] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 47.387513][ T1037] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:175 [ 47.416088][ T1043] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 47.436178][ T1041] rust_binder: Write failure EINVAL in pid:197 [ 47.460193][ T1043] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 47.493619][ T1045] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 47.493647][ T1045] rust_binder: Error while translating object. [ 47.509672][ T1045] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 47.517227][ T1045] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:181 [ 47.634343][ T1054] Restarting kernel threads ... done. [ 47.652203][ T1054] rust_binder: Write failure EFAULT in pid:162 [ 47.705346][ T1060] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:186 [ 47.805292][ T1062] random: crng reseeded on system resumption [ 47.868988][ T1062] kernel profiling enabled (shift: 8) [ 47.896731][ T1064] input: syz0 as /devices/virtual/input/input13 [ 47.916463][ T1064] binder: Unknown parameter 'non' [ 48.258191][ T1077] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 48.258241][ T1077] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:191 [ 48.301233][ T1085] SELinux: policydb string length 1168519815 does not match expected length 8 [ 48.331525][ T1086] rust_binder: Error while translating object. [ 48.331578][ T1086] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 48.332061][ T1077] kvm: kvm [1076]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x1 [ 48.349711][ T1086] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:173 [ 48.375783][ T1085] SELinux: failed to load policy [ 48.395021][ T1080] SELinux: policydb string length 1168519815 does not match expected length 8 [ 48.412774][ T1080] SELinux: failed to load policy [ 48.444550][ T1090] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.444838][ T1090] rust_binder: Error in use_page_slow: ESRCH [ 48.453059][ T1090] rust_binder: use_range failure ESRCH [ 48.473460][ T1090] rust_binder: Failed to allocate buffer. len:4264, is_oneway:false [ 48.511452][ T1090] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 48.524957][ T1090] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:176 [ 48.615078][ T1101] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 48.615106][ T1101] rust_binder: Error while translating object. [ 48.627616][ T1101] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 48.647656][ T1101] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:181 [ 48.676337][ T1105] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.712751][ T1111] rust_binder: Write failure EINVAL in pid:183 [ 48.755571][ T1116] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.771401][ T1115] rust_binder: Error in use_page_slow: ESRCH [ 48.771434][ T1115] rust_binder: use_range failure ESRCH [ 48.775476][ T1118] rust_binder: Error in use_page_slow: ESRCH [ 48.778329][ T1115] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 48.778367][ T1115] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 48.791922][ T1118] rust_binder: use_range failure ESRCH [ 48.802952][ T1115] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:185 [ 48.825202][ T1118] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 48.857843][ T1118] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 48.877232][ T1124] kvm: kvm [1122]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 48.892601][ T1118] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:212 [ 49.011916][ T1133] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 49.024381][ T1133] rust_binder: Read failure Err(EFAULT) in pid:206 [ 49.026077][ T1135] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.189605][ T1142] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 49.197313][ T1142] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:179 [ 49.276556][ T36] kauditd_printk_skb: 101 callbacks suppressed [ 49.332914][ T36] audit: type=1400 audit(1750357223.810:294): avc: denied { map } for pid=1140 comm="syz.0.251" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 49.366856][ T36] audit: type=1400 audit(1750357223.810:295): avc: denied { execute } for pid=1140 comm="syz.0.251" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 49.424671][ T1150] input: syz1 as /devices/virtual/input/input15 [ 49.442990][ T1149] rust_binder: Failed copying remainder into alloc: EFAULT [ 49.443010][ T1149] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 49.453048][ T1149] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 49.474507][ T1149] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:211 [ 49.825830][ T1171] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.827536][ T36] audit: type=1400 audit(1750357224.360:296): avc: denied { map } for pid=1169 comm="syz.2.259" path="pipe:[1807]" dev="pipefs" ino=1807 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 49.889639][ T1159] rust_binder: Read failure Err(EFAULT) in pid:224 [ 49.973633][ T1180] input input16: cannot allocate more than FF_MAX_EFFECTS effects [ 50.082588][ T1187] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 50.097686][ T1187] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.098290][ T1187] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.107423][ T1187] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 50.120752][ T1190] rust_binder: Error while translating object. [ 50.139214][ T1190] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 50.155099][ T1190] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:200 [ 50.166590][ T1192] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 50.445959][ T1214] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.482649][ T1217] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 50.492055][ T1217] rust_binder: Error while translating object. [ 50.508082][ T1217] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 50.517646][ T1217] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:194 [ 50.532617][ T1218] rust_binder: Failed to allocate buffer. len:24, is_oneway:false [ 50.561981][ T1220] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.600313][ T1220] kvm: kvm [1219]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0x3 [ 50.632525][ T1220] rust_binder: Error in use_page_slow: ESRCH [ 50.632553][ T1220] rust_binder: use_range failure ESRCH [ 50.635397][ T36] audit: type=1400 audit(1750357225.160:297): avc: denied { write } for pid=1225 comm="syz.0.278" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.641629][ T1220] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 50.653471][ T1226] rust_binder: Error in use_page_slow: ESRCH [ 50.678295][ T1220] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 50.687762][ T1226] rust_binder: use_range failure ESRCH [ 50.695501][ T1220] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:233 [ 50.709674][ T1226] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 50.727185][ T1226] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 50.735905][ T1226] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:198 [ 50.765097][ T1229] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 50.879356][ T36] audit: type=1400 audit(1750357225.410:298): avc: denied { append } for pid=1240 comm="syz.0.283" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 50.919243][ T1245] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.919595][ T1246] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.955033][ T1252] binder: Bad value for 'defcontext' [ 50.982445][ T1250] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.993170][ T36] audit: type=1400 audit(1750357225.520:299): avc: denied { append } for pid=1255 comm="syz.2.287" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 51.034506][ T1256] binder: Unknown parameter 'context' [ 51.037000][ T36] audit: type=1400 audit(1750357225.560:300): avc: denied { mounton } for pid=1255 comm="syz.2.287" path="/73/binderfs2" dev="tmpfs" ino=392 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 51.070587][ T36] audit: type=1326 audit(1750357225.560:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1255 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd6c98e929 code=0x7ffc0000 [ 51.101395][ T36] audit: type=1326 audit(1750357225.560:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1255 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efd6c98e929 code=0x7ffc0000 [ 51.131073][ T36] audit: type=1326 audit(1750357225.560:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1255 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd6c98e929 code=0x7ffc0000 [ 51.312020][ T1275] SELinux: ebitmap: truncated map [ 51.334686][ T1275] SELinux: failed to load policy [ 51.340902][ T1275] SELinux: security_context_str_to_sid (sytem_uGй_device) failed with errno=-22 [ 51.348177][ T1278] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 51.354790][ T1278] rust_binder: Read failure Err(EFAULT) in pid:234 [ 51.423748][ T1285] binder: Bad value for 'stats' [ 51.439030][ T1287] binder: Bad value for 'stats' [ 51.470821][ T1291] binder: Unknown parameter 'dont_hash' [ 51.735270][ T1310] kvm: kvm [1309]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0xa1a9 [ 51.826535][ T1310] rust_binder: Write failure EFAULT in pid:261 [ 51.826535][ T1311] rust_binder: Write failure EFAULT in pid:261 [ 51.904020][ T1318] SELinux: security_context_str_to_sid () failed with errno=-22 [ 51.931559][ T1321] __vm_enough_memory: pid: 1321, comm: syz.3.308, bytes: 281474976845824 not enough memory for the allocation [ 51.971655][ T1328] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.044465][ T1333] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.090562][ T1333] rust_binder: Write failure EINVAL in pid:252 [ 52.158610][ T1339] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:220 [ 52.189425][ T1342] rust_binder: Write failure EINVAL in pid:266 [ 52.200078][ T1342] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.216727][ T1345] rust_binder: Write failure EINVAL in pid:220 [ 52.224190][ T1342] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 52.400620][ T1355] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.410725][ T1356] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.459669][ T1360] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.500939][ T1367] rust_binder: Error while translating object. [ 52.508403][ T1367] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 52.523468][ T1367] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:266 [ 52.541869][ T1368] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.548931][ T1367] rust_binder: Error while translating object. [ 52.558202][ T1367] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 52.565196][ T1367] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:266 [ 52.592071][ T1373] binder: Bad value for 'stats' [ 52.627676][ T1376] binder: Unknown parameter 'coyBLV"i5ntext' [ 52.718205][ T1389] rust_binder: Error while translating object. [ 52.718242][ T1389] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 52.724906][ T1389] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:280 [ 52.879150][ T1399] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 53.186429][ T1416] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:292 [ 53.221795][ T1421] rust_binder: Write failure EINVAL in pid:295 [ 53.267560][ T1432] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:227 [ 53.296280][ T1427] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.308442][ T1439] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:286 [ 53.326769][ T1439] rust_binder: Read failure Err(EFAULT) in pid:286 [ 53.344421][ T1427] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.375671][ T1427] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.448206][ T1451] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.461988][ T1451] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 53.469414][ T1451] rust_binder: Read failure Err(EFAULT) in pid:291 [ 53.478700][ T1451] rust_binder: Write failure EINVAL in pid:291 [ 53.549720][ T1453] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.557449][ T1453] rust_binder: Write failure EINVAL in pid:293 [ 53.584825][ T1456] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.595814][ T1456] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.643559][ T1458] binder: Bad value for 'max' [ 53.660858][ T1468] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.661261][ T1469] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.703967][ T1474] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.716086][ T1474] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 53.724657][ T1474] rust_binder: Error while translating object. [ 53.737772][ T1474] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 53.744601][ T1474] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:300 [ 53.889976][ T1486] SELinux: security_context_str_to_sid (syte!' ?@) failed with errno=-22 [ 53.911301][ T1486] binder: Unknown parameter 'subj_type' [ 53.918874][ T1488] SELinux: security_context_str_to_sid (syte!' ?@) failed with errno=-22 [ 54.033504][ T1497] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 54.033613][ T1495] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 54.057506][ T1499] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:260 [ 54.107576][ T306] ================================================================== [ 54.130779][ T306] BUG: KASAN: null-ptr-deref in down_write+0x83/0x2a0 [ 54.138825][ T306] Write of size 8 at addr 0000000000000098 by task kworker/1:2/306 [ 54.147590][ T306] [ 54.150085][ T306] CPU: 1 UID: 0 PID: 306 Comm: kworker/1:2 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 54.150122][ T306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 54.150137][ T306] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 54.151044][ T306] Call Trace: [ 54.151053][ T306] [ 54.151064][ T306] __dump_stack+0x21/0x30 [ 54.151092][ T306] dump_stack_lvl+0x10c/0x190 [ 54.151116][ T306] ? __cfi_dump_stack_lvl+0x10/0x10 [ 54.151143][ T306] print_report+0x3d/0x70 [ 54.151163][ T306] kasan_report+0x163/0x1a0 [ 54.151194][ T306] ? down_write+0x83/0x2a0 [ 54.151217][ T306] ? down_write+0x83/0x2a0 [ 54.151238][ T306] kasan_check_range+0x299/0x2a0 [ 54.151269][ T306] __kasan_check_write+0x18/0x20 [ 54.151293][ T306] down_write+0x83/0x2a0 [ 54.151315][ T306] ? __cfi_down_write+0x10/0x10 [ 54.151337][ T306] ? _raw_spin_lock+0x8c/0x120 [ 54.151364][ T306] ? __cfi__raw_spin_lock+0x10/0x10 [ 54.151391][ T306] ? mutex_unlock+0x8b/0x240 [ 54.151411][ T306] ? __cfi_mutex_unlock+0x10/0x10 [ 54.151431][ T306] rust_binderfs_remove_file+0x6c/0x110 [ 54.151460][ T306] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 54.151500][ T306] ? update_curr_dl_se+0x65a/0xb20 [ 54.151530][ T306] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 54.151555][ T306] ? update_curr+0x60d/0xc60 [ 54.151584][ T306] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 54.151620][ T306] ? update_load_avg+0x506/0x19a0 [ 54.151642][ T306] ? detach_entity_load_avg+0x7b0/0x7b0 [ 54.151673][ T306] ? dequeue_entity+0xa9c/0x1750 [ 54.151697][ T306] ? do_activate_task+0x340/0x3d0 [ 54.151733][ T306] ? tg_unthrottle_up+0x980/0x980 [ 54.151756][ T306] ? __kasan_check_read+0x15/0x20 [ 54.151780][ T306] ? ttwu_do_activate+0x277/0x630 [ 54.151814][ T306] ? kvm_sched_clock_read+0x15/0x30 [ 54.151837][ T306] ? sched_clock_noinstr+0xd/0x30 [ 54.151859][ T306] ? sched_clock+0x44/0x60 [ 54.151881][ T306] ? sched_clock_cpu+0x75/0x400 [ 54.151907][ T306] ? sched_balance_newidle+0x845/0xe00 [ 54.151932][ T306] ? xfd_validate_state+0x68/0x150 [ 54.151957][ T306] ? save_fpregs_to_fpstate+0x196/0x230 [ 54.151998][ T306] ? __kasan_check_write+0x18/0x20 [ 54.152023][ T306] ? __switch_to+0xc7b/0x1310 [ 54.152048][ T306] ? psi_group_change+0xb44/0x1130 [ 54.152070][ T306] ? __cfi___switch_to+0x10/0x10 [ 54.152097][ T306] ? _raw_spin_unlock+0x45/0x60 [ 54.152125][ T306] ? __switch_to_asm+0x3d/0x70 [ 54.152153][ T306] ? __schedule+0x1463/0x1f10 [ 54.152184][ T306] ? kick_pool+0xb9/0x550 [ 54.152216][ T306] process_scheduled_works+0x7d2/0x1020 [ 54.152249][ T306] worker_thread+0xc58/0x1250 [ 54.152277][ T306] ? try_to_wake_up+0xdd2/0x1aa0 [ 54.152310][ T306] ? schedule+0xc6/0x240 [ 54.152339][ T306] kthread+0x2c7/0x370 [ 54.152368][ T306] ? __cfi_worker_thread+0x10/0x10 [ 54.152396][ T306] ? __cfi_kthread+0x10/0x10 [ 54.152425][ T306] ret_from_fork+0x64/0xa0 [ 54.152449][ T306] ? __cfi_kthread+0x10/0x10 [ 54.152480][ T306] ret_from_fork_asm+0x1a/0x30 [ 54.152511][ T306] [ 54.152520][ T306] ================================================================== [ 54.552319][ T306] Disabling lock debugging due to kernel taint [ 54.561109][ T306] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 54.570597][ T306] #PF: supervisor write access in kernel mode [ 54.571989][ T1503] SELinux: policydb version -1462592670 does not match my version range 15-33 [ 54.577508][ T306] #PF: error_code(0x0002) - not-present page [ 54.577528][ T306] PGD 800000010b323067 P4D 800000010b323067 PUD 0 [ 54.577555][ T306] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 54.577578][ T306] CPU: 1 UID: 0 PID: 306 Comm: kworker/1:2 Tainted: G B 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 54.589056][ T1503] SELinux: failed to load policy [ 54.598634][ T306] Tainted: [B]=BAD_PAGE [ 54.598648][ T306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 54.598663][ T306] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 54.642329][ T36] kauditd_printk_skb: 20 callbacks suppressed [ 54.642355][ T36] audit: type=1400 audit(1750357229.150:324): avc: denied { read } for pid=90 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 54.646611][ T306] [ 54.646620][ T306] RIP: 0010:down_write+0x9a/0x2a0 [ 54.646650][ T306] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 2d 34 55 fc 4c 89 f7 be 08 00 00 00 e8 20 34 55 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 54.646668][ T306] RSP: 0018:ffffc9000b71f500 EFLAGS: 00010256 [ 54.653417][ T36] audit: type=1400 audit(1750357229.150:325): avc: denied { search } for pid=90 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 54.666123][ T306] [ 54.666137][ T306] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 54.666154][ T306] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000b71f520 [ 54.666168][ T306] RBP: ffffc9000b71f598 R08: ffffc9000b71f527 R09: 1ffff920016e3ea4 [ 54.666183][ T306] R10: dffffc0000000000 R11: fffff520016e3ea5 R12: dffffc0000000000 [ 54.666209][ T306] R13: 1ffff920016e3ea0 R14: ffffc9000b71f520 R15: 0000000000000000 [ 54.733383][ T36] audit: type=1400 audit(1750357229.150:326): avc: denied { write } for pid=90 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 54.751463][ T306] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 54.751506][ T306] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.751522][ T306] CR2: 0000000000000098 CR3: 000000011f042000 CR4: 00000000003526b0 [ 54.751541][ T306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.751554][ T306] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.751576][ T306] Call Trace: [ 54.751584][ T306] [ 54.751595][ T306] ? __cfi_down_write+0x10/0x10 [ 54.751623][ T306] ? _raw_spin_lock+0x8c/0x120 [ 54.751650][ T306] ? __cfi__raw_spin_lock+0x10/0x10 [ 54.765231][ T36] audit: type=1400 audit(1750357229.150:327): avc: denied { add_name } for pid=90 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 54.784356][ T306] ? mutex_unlock+0x8b/0x240 [ 54.784394][ T306] ? __cfi_mutex_unlock+0x10/0x10 [ 54.784414][ T306] rust_binderfs_remove_file+0x6c/0x110 [ 54.784436][ T306] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 54.805831][ T36] audit: type=1400 audit(1750357229.150:328): avc: denied { create } for pid=90 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.806235][ T306] ? update_curr_dl_se+0x65a/0xb20 [ 54.815441][ T36] audit: type=1400 audit(1750357229.150:329): avc: denied { append open } for pid=90 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.825453][ T306] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 54.825491][ T306] ? update_curr+0x60d/0xc60 [ 54.825518][ T306] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 54.836581][ T36] audit: type=1400 audit(1750357229.150:330): avc: denied { getattr } for pid=90 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.862734][ T306] ? update_load_avg+0x506/0x19a0 [ 54.862773][ T306] ? detach_entity_load_avg+0x7b0/0x7b0 [ 54.862804][ T306] ? dequeue_entity+0xa9c/0x1750 [ 54.862827][ T306] ? do_activate_task+0x340/0x3d0 [ 55.141548][ T306] ? tg_unthrottle_up+0x980/0x980 [ 55.146971][ T306] ? __kasan_check_read+0x15/0x20 [ 55.153093][ T306] ? ttwu_do_activate+0x277/0x630 [ 55.158537][ T306] ? kvm_sched_clock_read+0x15/0x30 [ 55.165429][ T306] ? sched_clock_noinstr+0xd/0x30 [ 55.171556][ T306] ? sched_clock+0x44/0x60 [ 55.176367][ T306] ? sched_clock_cpu+0x75/0x400 [ 55.183126][ T306] ? sched_balance_newidle+0x845/0xe00 [ 55.191148][ T306] ? xfd_validate_state+0x68/0x150 [ 55.196474][ T306] ? save_fpregs_to_fpstate+0x196/0x230 [ 55.203096][ T306] ? __kasan_check_write+0x18/0x20 [ 55.213558][ T306] ? __switch_to+0xc7b/0x1310 [ 55.219033][ T306] ? psi_group_change+0xb44/0x1130 [ 55.225067][ T306] ? __cfi___switch_to+0x10/0x10 [ 55.232525][ T306] ? _raw_spin_unlock+0x45/0x60 [ 55.237864][ T306] ? __switch_to_asm+0x3d/0x70 [ 55.243242][ T306] ? __schedule+0x1463/0x1f10 [ 55.250045][ T306] ? kick_pool+0xb9/0x550 [ 55.254716][ T306] process_scheduled_works+0x7d2/0x1020 [ 55.262375][ T306] worker_thread+0xc58/0x1250 [ 55.268779][ T306] ? try_to_wake_up+0xdd2/0x1aa0 [ 55.276207][ T306] ? schedule+0xc6/0x240 [ 55.280958][ T306] kthread+0x2c7/0x370 [ 55.286277][ T306] ? __cfi_worker_thread+0x10/0x10 [ 55.292639][ T306] ? __cfi_kthread+0x10/0x10 [ 55.300093][ T306] ret_from_fork+0x64/0xa0 [ 55.305946][ T306] ? __cfi_kthread+0x10/0x10 [ 55.313861][ T306] ret_from_fork_asm+0x1a/0x30 [ 55.320387][ T306] [ 55.323630][ T306] Modules linked in: [ 55.329269][ T306] CR2: 0000000000000098 [ 55.333730][ T306] ---[ end trace 0000000000000000 ]--- [ 55.339970][ T306] RIP: 0010:down_write+0x9a/0x2a0 [ 55.345675][ T306] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 2d 34 55 fc 4c 89 f7 be 08 00 00 00 e8 20 34 55 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 55.371064][ T306] RSP: 0018:ffffc9000b71f500 EFLAGS: 00010256 [ 55.378680][ T306] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 55.387928][ T306] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000b71f520 [ 55.398218][ T306] RBP: ffffc9000b71f598 R08: ffffc9000b71f527 R09: 1ffff920016e3ea4 [ 55.407864][ T306] R10: dffffc0000000000 R11: fffff520016e3ea5 R12: dffffc0000000000 [ 55.416853][ T306] R13: 1ffff920016e3ea0 R14: ffffc9000b71f520 R15: 0000000000000000 [ 55.425576][ T306] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 55.435246][ T306] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.443130][ T306] CR2: 0000000000000098 CR3: 000000011f042000 CR4: 00000000003526b0 [ 55.451877][ T306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.460838][ T306] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.471065][ T306] Kernel panic - not syncing: Fatal exception [ 55.478186][ T306] Kernel Offset: disabled [ 55.483191][ T306] Rebooting in 86400 seconds..