last executing test programs: 8.0639811s ago: executing program 0 (id=116): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) write$vga_arbiter(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="6465636f64657320c6ba6df03155c971d7696f00ab66a050e5f76d05c86e99ca54f5aa1572536ac483c3ea72f165b188"], 0xb) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x8000) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0505405, &(0x7f0000000000)={{0x3, 0x0, 0x1, 0x1, 0x401}, 0x0, 0x0, 'id0\x00', 'timer0\x00'}) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="010000db01000000000000fdffffffffffffff7655581c64b84ee07c2d650b92c3a87b872cf5855aefba188d71c95258aa13"]) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3, 0x12, r1, 0x4d75d000) 7.883798153s ago: executing program 0 (id=120): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000200)=0x1) close(0x3) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) read(r2, &(0x7f0000000080)=""/22, 0x16) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000000080)=0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000480)={0x54, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000580)={@fd={0x66642a85, 0x0, r0}, @flat=@handle={0x73682a85, 0xb, 0x2}, @ptr={0x70742a85, 0x1, &(0x7f0000000740)=""/147, 0x93, 0x0, 0x37}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}}, @request_death], 0xe1, 0x0, &(0x7f0000000380)="dfeba82fb6ed24fd98fb43d04b613972b71df373b02dc3f599647151ccedb4ca3ca7ecc804aac4eee69f7c4c0e522badff57f79aeea34478a8ebc6d46d6b3dc3f368c8c7d189c927bd1c080aa7cfd5ab1ef03d956270fb8bca705276680c085db22c1b673f5cfdcdf56a43913ecf7f309cb1c722bb324bae9d3645aefde3bd665b93783ab858ce53aa89e9451b71db4c7bcbc29cbc01020cd935f03354017f88ce0e0401c4d4ed80fc75c5e95fcba59837091c3a482e02ca0c893d39cf050e5ba995a0520fcbfa4fd5108821b8e2b68a4023bc6caa5e256ca9b3b9ca345908626c"}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$FIGETBSZ(r5, 0x2, &(0x7f0000000000)) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x123280, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000500)={'gretap0\x00', 0x8000}) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0xfffffffffffffffd) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000000000000f2000023980000000000000000ebffff5c2f3c0fc0652864dc90a78b519a389d7b69528c6aef25e217e7fde39385a98cc4b10b19f3cbca6ba48cf65ff1b1e78cc03a487d1baf5a4ed80366c86c9f90451c77e20a0c9247cad395826eae279b2bc103577aeb90ebaf692858c16fc4006410422bfcb1646cdf460b1c305f47ab1bb7e3c6f842b7089205fddf36e3753f607a53056bc38432e68ae81dac639a6f6cd67f7b6be77ba54a1882abecfbb5d63c3cbe5621cc51686f"]) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f00000000c0)={0xdddd0000}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x400000000031}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000540)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$F2FS_IOC_DECOMPRESS_FILE(r1, 0xf517, 0x0) 7.322535171s ago: executing program 0 (id=129): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x519f82, 0x0) read(r0, &(0x7f0000000080)=""/82, 0xffffffd0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r2, 0x4188aec6, &(0x7f0000000040)) close_range(r1, r2, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x408140, 0x0) (async) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x408140, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x10001, 0x3, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$BLKBSZSET(r3, 0x40081271, &(0x7f0000000040)=0x2c06) 7.178168933s ago: executing program 0 (id=133): mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, 0xffffffffffffffff, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max']) 7.091881444s ago: executing program 0 (id=134): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x5ad200, 0x0) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x5ad200, 0x0) getpid() ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'pimreg0\x00', 0x1001}) ioctl$TUNSETOFFLOAD(r1, 0x400454ce, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) (async) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0x40047705, 0x2) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000280)=0x10) write$cgroup_int(r2, &(0x7f0000000140)=0x10000, 0x12) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'pimreg0\x00', 0x1}) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'pimreg0\x00', 0x1}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCVHANGUP(r4, 0x5437, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, 0x0) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x10508c0, &(0x7f00000001c0)=ANY=[@ANYBLOB="636f79424c0d56a72201008edd1994c3f9d26e746578743d73797374656d5f752c5c010f63da892bb49545484e464dc6c47190e1d16e04964120e75d0ebbd02dcd50fd31c8e1b6385aeefcf9233452c035f4d6748103e77ebd355be996ea9cdbc68907c5a99b462fbf82125daed85450c362128edfedc49ba7c0801b3f0398b8e0b8b09d3bc1f47e3b5afefd4fb16cd02434612e350be62a1c03a00900000000000000b80edd49764c57bcf8aece51be8df80eb54ef5232a0d072b2ec4235faf"]) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) 7.064508955s ago: executing program 0 (id=135): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000040)) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000080)={[{0x2d, 'cpu'}, {0x2b, 'cpu'}]}, 0xa) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000b80), 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETCARRIER(r5, 0x400454e2, &(0x7f0000000200)=0x1) close(0x3) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0}) r9 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0xe0, 0x0, &(0x7f0000000580)=[@request_death={0x400c630e, 0x2}, @free_buffer, @increfs={0x40046304, 0x2}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000140)={@ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/233, 0xe9, 0x0, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/221, 0xdd, 0x1, 0x2b}, @fd={0x66642a85, 0x0, r8}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000280)={@fda={0x66646185, 0x6, 0x0, 0x11}, @fd={0x66642a85, 0x0, r9}, @fda={0x66646185, 0x7, 0x2, 0xf}}, &(0x7f0000000540)={0x0, 0x20, 0x38}}}, @increfs={0x40046304, 0x2}, @release={0x40046306, 0x1}, @dead_binder_done, @enter_looper, @increfs_done], 0x1000, 0x0, &(0x7f0000001300)="6957f846901e61c701dee1841026d297a66374824d6fc6d8a792cd856dff11d42fc3f9a00954dd8e41bc31209c983ddaf89ef2d1b55641a8b48dbeb625fa6a391b1aeea21f2965893067118781ce7d14ba8ff9d9c303e966d5fc8c1a73e7e3e191b4651d3f33c1ba4030f85a8d53c9deb9122053f6858fa6bd07639e6ad4ecaa3b33e9d4cc5dcbc627779cf7f42b3c4b6dcc594830dcc98adacf06cae80425ee74f4e196ef0ab3232ded79290c25c106fbf77406dca0027c085c08a6665e947473c821dc6db9d3d1700370f3f61663516d7ae07f01af45ab4bc18ba4f062e1783ce6e2e3be15548f0ab5013bad716506917fd8a9da6189461afd43fbfe1d2144104636a538b724978c6374b254d3a6208414e12545f65a0f46546431aeb3b4987a7451f3cb7ae20e081bc444923518f77bfc431c5e7b6a16a486b9ecb8d017a9c3d9321ea1a5b6fb596a5f888f5dc6929ac45dc5587315a8c23d4fdfbd2d34655bc1ad8e75aecda79f178a86f46ba81f206f09be26ae18c4a877a092fa610feb4027f799777e108fccd10b31595eba5e38a2ad931a0722e453156a94871ac12fa5550d73f9da9d4a2a1872e7cae0d7c1e84e348eaccde9ac83d75691fcbe3d5065a4f2483a21e829cb99419790168107a1cd66075e8052870dcbd40f3329316afa4c5772d1dbfce1ac0907abcb667bdd04b1518b20f7a587518d379fc3b8f423d6efebaa7c9ba644d02edf04913ac118e8f72b832e4782567f91ac0d142add18df418e141e7bc87f09ec49a0a3c830b2fe5f94982e8e4aa07b325c1815ba8c1a5e40d6c2ff859a0a88f0710de189ac9c78502389c59c6b44c2f233dba783f52fea920beee3b93b1686a3c25f0690c5dac8d043fbfe3c87743a6d9cf7850640d7e21a101313043c5a81d9973d2a373b078932f9adf0b927c51c8a87312bc498d5782644cdbc8091524b659deb63052f7bbe9e2fd176e2407247b633e5ceadc269764d6b74c16d872add7c32e3e4c69df66285f8e8cdc9c8a5312e38ac6b7dc1bc3b8ba132642a4779ffaac3c93a6f749f375494874f9a66d7b0b2d3efaff155efd2e5474096d31bd275cbb744c485bfef1b4bf5c74a7f17aea1d9d5466325ae35e10ad4983c0119f25aef85a323777b4a92bfc18fc3642713409591390384416d99e14253ad821e54557d6d09897bc11e9a36e9b02488cbb407cceb702a03cdbce3aef65b40e934f8a837a587af4ea37a43cbb750e53dc9816aebd57013bb293f4e19c40f76e14a8f90feb12e2c9dfdbbd425366e8f7d1ae0e03ac6500e42e1fee1bc509a52a7b481307b12168ef256329ad6eb9c40d22853909a445b18976a8b3c6c2da47f438adf89d13d275177cde2d8800c9222da322fa17e0e2d45f4b1dd1e5a1f7067de5894763d60910a26dbf95ee81ebc3a860f9b8e693e4ae3fb9e19f444c78e62ece590ef239a9ed087b33e3d0773f40d80809faacb5db30201d624940d932fe833a9e347e370655de42d5002471133198e8927bd2efeb9cc55e17696e932926bc045d31c48405da07e62451eea6d634b520a70e28d1c31c27d9e970d85e1664bcacd9ce3e6d07daaeb1bb6b40e3224a3c23fb38a5444b9b28d6683bbd2dfd6ccadbdd26eb48c7839436d289ee3b2f29dc081c6c1ec16c6e8b9b85cfcabe835f42988a3d15247a8d9badf5a4f05451637beeb77746357ba9a842140c5a5c4cf567ce8aff652fa4becde71335b7f682be106b8c54c25c9c22d924faffce8941f965f35b30939bc396580fc3b10170710298ea4751ffe6e8b56a3fb5320a3b5db3ccbd95a002b54a25013765db824153d71a25e2d472209694c92f02a8ba87b356294aa5d1bddaf427aa0f839aa8df661f9b1d8da127f8fdce21ea168dba37a765e600889d281f7382940f418ca2b71812dd297f586f038f04ff66e352a662a043667247f3b99d2e1b6816cbae2034c2ce663796e75b92d33a25920fdc189a76f26bdb499a310f768312ed7f8427c61a33af4c0fd67ffed8ffd7ab1070ae1365f74bb15d7432ff6a041a9d75393e65b0dbebfde8f6fbdc272aba777c309456185ff6bb694ae1aeb07083dfe650c7df6aa0d1ffd539accc30d06151dc04c1f8ede0c2b9648c4fd54f6602b4d23d53357249db14015eed089ca7b467edef760b25ab7de10d4f03215fd7eadd5952a0c40f6ad651f6af545876d39ba9eb2c9e5c99581fb81e7fe844a5ae01974c9ab983b9d1095c44cdb290af4362c7d1693cafd5d4051464f1772119a02be170051f95fb5fd6dfb96f211ccdb34c75ae95d92b9d36d13628718208e08770234ab3c9e5b3784b606ce4b984dd4e38ca600c77633355f8f46c151e61e8a18d0a92244d3bcc0feafe472c8a2c9c3bd12a46ee2750fcd637fc7dd46a85d8d0e60bfcff1774582b27e2cf7656060b81de041e4d8744da7d78b5cc2763f3a6d5ec75d2cd13b6905473f1f41e8f3d49e946ec0ba37eb53c357caf26c072745fc51743ebca3fe112c9f8ef15835dac43caf19874acfbe694b4e25541268357863845ba1cde43d76ea18a355843748ecaf829fee9a3befdb9672961415bdef90734babedfa323111aa9c3ac1ce0dc84678ec2fc871b140b8d1fd4548ce8597636f7533688d2e9bda27ece4c6654d86fe683dfd1138a306d49c81d7c7fbc247b31ceeaa24130e73d02a76cc40a9aa2289da9a682dc054b7d3bdcb2f1421acfadbc874dbc5518dbed82ce6376a5840e1c301a8ba3984c6bf491b210638b7f3bfdaf204b22b6f9a54f63d9ffb754dcd7e99ac837c95ea361b7b7be9d7fe67913741163a899b24e725a0330a51f9d27ba373ddc67fc41fb579aa8fc2fbd9c251e05c05cc6c670337998e8db718c85a6cf4b74276027b489eda5e86e8b46635872b7a06e6876c1a302acb270b2cb5c4cf2aa8230bfc1eaa1345c27655cf37049f234ff4ed8105fa183199e8b670e9afe280fd9789696b3a19c0101ed6328385cc61bea7a33a539ea4096455823d5b379e0f61dfb6f3125feee1f59205fcb8b79863837c1513933c44e3fc8201a041bd414ab5ecd78d5ceef8d7095126f8b43f2ef47d6af30f31d9588f55e452907bef4bb6ef12f4f2f2591c8b1b187d2c8781ca527cc5bfc0ba8a7e267447881d9c2bc8bf9b0eba5f9c89015427645102838d6e5b8611afb828d28891530032efa64900df0c24a3e18a639a1a5bffc351124bb89a2e8cae6fa209f2723aa83fa76ea1641aa41a1871db49794767f20d7ff50e03c982c5a236d26cc0e35c100414accb95e7e498e7276c458f7dd2a3b267ee2c040a9807ea6928f0e57c4a0ab6751020f873c1e363ae3b3ce56bf5f0b3a9dcf0d6277c4f0bc7260f392bedafacc78bb860919e6ec02b84225c0d54b27bd74fc36c1672e63a58c1f69d65cb0e355b81f0008413051c03aece2b207a6f1815b6ffadd1bd0197c4878f1f0981a58ce7c6c107756c6a99bc80e319106153299b5e0187af2664455c8020f4f6b307fc4492d508c8babac3d1f85e9052c2f61e50195f727bdc89b9de72aafdd17e9e3192ac2db0f7362179dc787c8a5c4f1e3046115244dba7810069331821724741372daa532d7c9cd646e7f468c83c8d5bae785e61613f0ca9cd43e0759d6f8507ee82ccc28d9c750642382008883b5f46e8027c3e03d7fe1f22824c536a2fb0ddf4ac3a6acf77e85e86af88dd69900c0c058f37610054788d4fcab273d674f9ac097b0449e58d69f351870fc4e997b1d56413fd12e4da9884f52d46b44d273460df309b1fee153a7ee25802d43c5fdc21de6d5f20135079008721fdc600c40931df02c5987faa68466a02ffa14f2f2858d80f6d9322c61c10a4ec5a24ec7d65e49185d2fc10e98edc5858bc6e02ea89b904b5fc2a388b45d0cd570e3d428dd5c396600d5aa92867b31616cd6b810623a596e5d1da222d612930aab6d00ce040a1afab365d0834ed9b73f2c34fa43c8ac46ebeaf75a5a9415c970071728f3d8315784ba32621fc4ec70869cde2c9c5d4d60972103b1e13ad25be6a0ba89adb3c91368e4c7d1e0ffca200ade5e66ec62f732e06f7f304fd0396ce28b87a50a3384bb474319b7ca56e90fe2b142bba3d67072bfe8a071268530c2924f3d0a846a8b6ea11df93fac8737fac6172d6321fcae6c8ce5c9f29861c24e70b48e85186699296ee8d5794d434dcafc25ee332f5b5bcdabcf39cbffcf9740e901238cc3ddfd51f63c8cd24c134dd3c290eb7314130e1bbe0483f1383cfc8341a4e59d4cdf9be1486a5fdaf4b9161d37b25395dbdfceed94c5fba2b6729ff789ea5ec7503abaf8d5da6d94f8e97fbe6b18ecfe06d336a3d0dacbe0c2e9933f8f313b846584487090093b73e6063052e905f02c55134a26692ab16a1fe8507a67b13cab448640568b69fc0325435270236e79504e9fa6cd847e09059c590fc0b33c50658b50766a1d959246fa0d44a7dc39181b7ddffe7c312d592db894e3cd4dfa0b29b3f445689f8c117a3886e9545492d7c0b078d90b8664fe26af8e79502f8b5dd05e3fcbf9202382c1712e5a2d46fe9b2785d936f21ce508eac0c6184a7613634572ba2be38de05d82a29ef4bfb1e55fcd07d1243e81d76aca8bc452a0a83dd5cde66a10f11570036554d01b22137ef8bb8b0efd72b74a6b84d284c1882d04226fe66eedbf09ee5df6594ad9402773ff51c9d5b83bffaf0c99f6c9e3be840d57b4d4651c4ef0f0abda79a0bf18bb46215a2cf11483d062bcb428330315c3ccda18f9a15ca0374ec553e09b19c1d73e695d0d7edfaeb3a91c1ed947e66d2b807f375458ba9180fa5e9c5476104efcf826a43e37a7625504effceb1fc6b4bef3520be3bf378326638f78f295057a5a2c1697870164ec89933df2b51ad2dff50f2c7574899c31e05e36df1669be842e8df24a335572bc58af53c2a1ba8b4cb8cea3955b1a848e35369cd331b9d60afbc8df171bf32cebdc2e618417d36196feeeefd427834fc54c7b070751b3cf28c7d59107ba94d69dd6ef72abd7172e8bd691f4112224286c6b9cb3a8d8205fbdbe0b3741cb322c997e33aa5db5e08bb2414b00b32fb727be787c7148ad449db65f7f707bc7d270da5384f1d407763400cda0d36e39b8e26cee203da17d4e404ac82752b5e8b89ee17632f18bc67082a3bc2605b997c877a589214e050859064176087e861a8afc8b6c5cdb1175e7a59f70287c9c2876b8477b8078c6032b62afcaaf1fb72f2dd590ade7ddaf51531f6d3b96c75b2dc767f04685a66346078af64e7e5f7b151b5710aff963c338263a71c08ef37daab9cf8041faf64ddff6526775d0da11655986c5ab9e645568257723f4f6e2830b515bcc67eda89a0b0127c639d6af904d009ec63a4a91b695db03eea415b5ff37868df6c159b0f3ca2144658a61c989ea592645416477747ee06ad5d12140ba0be725ba79dbc64cfcbaa03d97a108089443f5a995d3370d1d0fe545e4353d66e5e8d3965a56fa46a412a8577fc65c6e7d373ba9a759b510364ed66d5efa973914c67798cfd4294ac6afb0aa27ab77cf8f5004675485cb44defc178a5eddbd52eb26d9fd7c082754c2350060e5a182a98d4d0a88aa2844a0f91631367ca4b819687bde1cdf633bbe3a7b14e69ba4f3c4d9fd761ba952a48fbb2c64a686bdb5b3c3cfacd81afe85b83948652769f72321b5421c148531f7e16da6ab015ad7dccdc09cdcbd393b0756ea7dafc1401b9e7984703de55fa5d05db4edd12cc5665c2429e9328f246119a820445f326c966ff"}) ioctl$BINDER_THREAD_EXIT(r6, 0x40046208, 0x0) openat$cgroup_ro(r4, &(0x7f0000000bc0)='io.stat\x00', 0x0, 0x0) syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 2.610159421s ago: executing program 2 (id=199): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) write$cgroup_subtree(r1, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x42082) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r3, 0xc0f85403, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000500)={0x44, 0x0, &(0x7f0000000400)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.311600496s ago: executing program 2 (id=204): prctl$PR_SET_VMA(0x2a, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) (async) openat$ttynull(0xffffffffffffff9c, 0x0, 0x2002, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) (async) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/pm_async', 0x1, 0x2) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000002580)={0x30, 0x5, 0x0, {0x0, 0x3, 0x5, 0x8000000}}, 0x30) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async, rerun: 32) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) (rerun: 32) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_VDPA_SET_STATUS(r1, 0x4001af72, &(0x7f00000001c0)=0x40) syz_clone(0x10200000, &(0x7f0000000000)="8d8c8fdf6d45d1383a0b52acbed114b6", 0x10, &(0x7f00000000c0), &(0x7f0000000200), 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async, rerun: 32) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) (rerun: 32) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async, rerun: 64) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@flag='rw'}]}) 1.211832032s ago: executing program 3 (id=215): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x28011, r1, 0xaae46000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0xb0012, r2, 0xac25d000) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) read(r0, &(0x7f0000000280)=""/112, 0x70) 1.115967784s ago: executing program 3 (id=218): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3314) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xda6, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda6508340"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000200)=0x1) close(0x3) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200a82, 0x0) 1.101926304s ago: executing program 2 (id=219): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x4, 0x7, 0xd, 0xb9, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0xff, 0x0, 0x4, 0x4, 0x7b, 0x20c}, {0x1, 0x6, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x7}], 0xfbffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x5ffffffffff, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0x1, 0x202}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r3, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x4, 0x7, 0xd, 0xb9, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0xff, 0x0, 0x4, 0x4, 0x7b, 0x20c}, {0x1, 0x6, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x7}], 0xfbffffff}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x5ffffffffff, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0x1, 0x202}) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r3, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) (async) close_range(r4, 0xffffffffffffffff, 0x0) (async) 897.839107ms ago: executing program 3 (id=223): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x480001) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x1}}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000200)=0x4000000) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000002600)={0x1, 0x0, [{0xf2f6866abe0147ab, 0xb5, &(0x7f0000000f80)=""/181}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x5423, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000400)={@flat=@weak_handle={0x77682a85, 0x100, 0x3}, @fd, @fda={0x66646185, 0x3, 0x1, 0x34}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) 796.251548ms ago: executing program 3 (id=226): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000100)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x491, 0x0, 0x2}]}) (async) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 720.93825ms ago: executing program 3 (id=228): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x82013, r0, 0x81c5e000) mount$binderfs(0x0, &(0x7f0000000180)='./binderfs2\x00', &(0x7f0000000040), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max']) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r1, 0x5412, &(0x7f0000000040)=0x15) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x4b564d05, 0x0, 0x9}]}) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x880, 0x0) ioctl$ASHMEM_SET_NAME(r5, 0x81007702, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000100)={0x1000, 0x3000, 0x3, 0x0, 0x96}) 600.940791ms ago: executing program 2 (id=229): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0xc3b6, 0xad5, &(0x7f0000000440)="92676e", 0x0, 0x3}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0xb, 0x401, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe, 0x200, 0x2], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f0000000000)=')}%!:\xb9+\x00') r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f0000000040)) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x8000000000000001, 0x1004, 0x804, 0x4, 0xf, 0x120000, 0xff, 0xffffffffffffffff, 0x9, 0x7, 0x4, 0x0, 0x101, 0x400000000000006, 0x9], 0xdddd1000, 0x141200}) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xb, 0x9, 0x5, '\x00', 0x381d5667}) ioctl$KVM_RUN(r6, 0xae80, 0x0) mmap(&(0x7f0000701000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) 547.924812ms ago: executing program 3 (id=230): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x13) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x6, 0x20010, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x5c, 0x5, 0x46}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x14, 0x0, 0x1, 0xfffffffc}, {0x6}]}) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x6c0000, 0x0) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r5, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r6, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) r7 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x288000, 0xa) write$cgroup_subtree(r7, &(0x7f0000000280)=ANY=[@ANYBLOB='1-2:5/'], 0x31) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r5, 0x0) 530.348652ms ago: executing program 1 (id=231): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$FIOCLEX(r0, 0x5451) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_INPUT(r1, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1100}) mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2020e1, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0xff, 0x9}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101200, 0x160) r4 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r4, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x42040, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2000000000) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x202081, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f0000000040)) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000400)={0x0, 0x0, @pic={0x1, 0x1, 0x8, 0xf8, 0x8, 0x5, 0x68, 0x2, 0x3, 0x9c, 0xfd, 0xa6, 0x91, 0x1, 0x2, 0x5}}) ioctl$KVM_SET_PIT(r8, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xff}, {0x0, 0x4}]}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x440, 0x821, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], 0x0, 0x200306}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"]) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 492.126443ms ago: executing program 1 (id=232): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0xe2402, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000180)=""/98) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000000, 0x12, r0, 0x9cc6d000) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000940)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\xadP\x1c2\xb8H\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&`<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\x02\x00\x00\x00\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x87K\rU\x926\xdf\xda\x99\x0e5\xc6s\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6#M\"\x87\x05W\f0b(p\xb4;\x0e\x18\xf7/A\xfd8\\\x99\xc7Dp\x98\xa4o\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12KL\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00\xfe\x8c\x87\x0f\x99\xc3E\xcfc\x8cX\xa3\xf5&}\a\xbf\xf8N\"C!\x1f\x96\xd7\xe9\xa5tw\'\x8f,_\xa0\xea\x90\"\x19i\f\xd5\x02\xe2+\xc1\x8e\xfb@\xc56\xb5\xe4\x91\xbc\xbf\xf7\xea\x01]\xd8\xf8.\x99\x82\x89\x9a\x97\x8b\xdd\xcf\xe6\xb4\xad\xda\x7f\xc8\xd0(Q\x8dP\xd9\xd8(){\xca\x84\xd3(\xb6\xd5\xd4\x94\xdf\xde\x05B\"\xa3L\xc9t\xd4]\x95.\x02\x97\xb5\xc5E\xc7H\x84d\xe6I\xd8\\&\xc6\x81t\xa38u\xc0\xa3\x9b\b,4-\x8a\x9fo:\x86J?\xac\xd1\xa8\x02\xb6\xc5m\x85,\x97\xbe\xba\x0eWnW\xdd,\x1eT\x9c\xde\x9e{;\xb2X\x89\xdc\xcfO6\xba\xcbK\xb5\xfbD\xc9\xc4D\x04BT\xe1\xe9]s\x18$F\x9b\xe5<\xdb\x03\b\xfc\xe9\x19E\x8b\x83\xa6\x84Y\xab\x85\xea\x1f^K\xd6I\x10G<@n\x9e\x81\xc6\x1d\xbc\x1a\xc1GXa\xd3Icj6l+T\xd8YY\xe1\x1b\xf9\xd3\xd9\xa2`\xb5\x83\xcdr') r1 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext=']) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="020000000000000068020000000000000500", @ANYRES32=r2, @ANYRESOCT]) ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0) 347.960485ms ago: executing program 1 (id=233): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x88000, 0x0) close(r1) ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc0046209, &(0x7f0000001340)) 346.965105ms ago: executing program 1 (id=234): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) close(r1) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,st']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000004"]) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000000440)=""/190, &(0x7f0000000140)=""/83, 0x3000}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008404"]) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) prctl$PR_MCE_KILL(0x35, 0x0, 0x1) 346.394355ms ago: executing program 2 (id=235): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001bc0), 0x0, 0x0) (rerun: 32) ioctl$TCSBRK(r1, 0x5409, 0x0) read(r0, &(0x7f00000004c0)=""/92, 0x5c) (async) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) (async) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$RTC_ALM_SET(r2, 0x40247007, 0xfffffffffffffffe) (async) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x9a443, 0x96) r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0x745200, 0x101) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000040)={0x2, 0x4000}) 310.169746ms ago: executing program 2 (id=236): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$KDSIGACCEPT(r0, 0x400455cb, 0x2e) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000080)={0x5, 0xdb}) openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, &(0x7f0000000300)={0x1100, 0x0, 0x5, 0x2a40}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000}) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000140)={@fda={0x66646185, 0x3, 0x1, 0x1e}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fd={0x66642a85, 0x0, r1}}, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 149.630928ms ago: executing program 1 (id=237): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000098}]}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000001300)=""/92, 0x80a0000}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSBRK(r3, 0x5427) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x6, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000ffe000/0x1000)=nil}) ioctl$BLKGETDISKSEQ(r0, 0x80081280, &(0x7f00000000c0)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_int(r8, &(0x7f0000000140), 0x12) r9 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) openat$cgroup_ro(r9, &(0x7f00000001c0)='cpu.stat\x00', 0x300, 0x0) write$cgroup_subtree(r9, &(0x7f0000000440)=ANY=[@ANYBLOB="2b6e65745f636c73202d726c696d6974202d64657669636573202d68756765746c62205858632f93539f0fd89b9526839050f146f6451f251370a26e12ce85644e81074c3a1c5e3256a7da037c702c08863b56e669c4755e2df2e76c7ad51da2d79245e9d8e01cab3512e2b8db7c922d915ca5de89c3e1675ac55751e16d1b8dde646b21e0f3200f98e16b261f9d3f48d45653feebd67044207d8364aa4952d9402433300d891eb2a0868589020395"], 0x23) r10 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r10, 0xfffff000) 0s ago: executing program 1 (id=238): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x800, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000240)={0x9, 0x8c7fcc07}) ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f0000000400)=""/185) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000540)) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x4040c3, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r7, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r8, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x200}) close_range(r7, r7, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x24, 0x0, &(0x7f0000000100)=[@increfs={0x40046305}, @acquire_done={0x40106309, 0x1}, @decrefs], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts. [ 25.695526][ T36] audit: type=1400 audit(1750417694.480:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.697243][ T281] cgroup: Unknown subsys name 'net' [ 25.720452][ T36] audit: type=1400 audit(1750417694.480:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.751131][ T36] audit: type=1400 audit(1750417694.520:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.751441][ T281] cgroup: Unknown subsys name 'devices' [ 25.913452][ T281] cgroup: Unknown subsys name 'hugetlb' [ 25.919232][ T281] cgroup: Unknown subsys name 'rlimit' [ 26.095626][ T36] audit: type=1400 audit(1750417694.880:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.120872][ T36] audit: type=1400 audit(1750417694.880:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.141868][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.150920][ T36] audit: type=1400 audit(1750417694.880:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 26.186117][ T36] audit: type=1400 audit(1750417694.940:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.215397][ T36] audit: type=1400 audit(1750417694.940:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 26.236655][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.244517][ T36] audit: type=1400 audit(1750417695.010:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.285777][ T36] audit: type=1400 audit(1750417695.010:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.183155][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.192037][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.199580][ T288] bridge_slave_0: entered allmulticast mode [ 27.210639][ T288] bridge_slave_0: entered promiscuous mode [ 27.223124][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.230465][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.238437][ T290] bridge_slave_0: entered allmulticast mode [ 27.245562][ T290] bridge_slave_0: entered promiscuous mode [ 27.254715][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.262436][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.270844][ T290] bridge_slave_1: entered allmulticast mode [ 27.277749][ T290] bridge_slave_1: entered promiscuous mode [ 27.289079][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.297304][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.306476][ T288] bridge_slave_1: entered allmulticast mode [ 27.314070][ T288] bridge_slave_1: entered promiscuous mode [ 27.414781][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.423277][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.431759][ T289] bridge_slave_0: entered allmulticast mode [ 27.438899][ T289] bridge_slave_0: entered promiscuous mode [ 27.446102][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.453696][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.461160][ T291] bridge_slave_0: entered allmulticast mode [ 27.468111][ T291] bridge_slave_0: entered promiscuous mode [ 27.474550][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.482573][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.490565][ T289] bridge_slave_1: entered allmulticast mode [ 27.499149][ T289] bridge_slave_1: entered promiscuous mode [ 27.510981][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.519547][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.527507][ T291] bridge_slave_1: entered allmulticast mode [ 27.534024][ T291] bridge_slave_1: entered promiscuous mode [ 27.699822][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.707032][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.714596][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.721963][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.737368][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.745150][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.753031][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.760765][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.785949][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.793225][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.800821][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.808142][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.827093][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.834551][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.842284][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.849733][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.901799][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.910056][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.918152][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.925743][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.933992][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.941824][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.949391][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.957541][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.973589][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.981066][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.989098][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.996580][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.006708][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.014123][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.036401][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.043948][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.052348][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.059586][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.068595][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.076593][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.112500][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.121884][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.142782][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.151131][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.178576][ T288] veth0_vlan: entered promiscuous mode [ 28.205204][ T289] veth0_vlan: entered promiscuous mode [ 28.227795][ T288] veth1_macvtap: entered promiscuous mode [ 28.237712][ T291] veth0_vlan: entered promiscuous mode [ 28.252453][ T290] veth0_vlan: entered promiscuous mode [ 28.273587][ T291] veth1_macvtap: entered promiscuous mode [ 28.293136][ T290] veth1_macvtap: entered promiscuous mode [ 28.302097][ T289] veth1_macvtap: entered promiscuous mode [ 28.363150][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.427829][ T310] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.494873][ T320] rust_binder: Error while translating object. [ 28.494945][ T320] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 28.502321][ T320] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:2 [ 28.674087][ T331] rust_binder: Error while translating object. [ 28.685495][ T331] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 28.691938][ T331] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:6 [ 28.712476][ T335] rust_binder: Write failure EINVAL in pid:10 [ 28.731478][ T335] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 28.738333][ T335] rust_binder: Read failure Err(EFAULT) in pid:10 [ 28.749496][ T335] rust_binder: Write failure EINVAL in pid:10 [ 28.759510][ T339] rust_binder: Write failure EFAULT in pid:8 [ 28.771316][ T340] rust_binder: Write failure EFAULT in pid:8 [ 28.790481][ T342] SELinux: security_context_str_to_sid () failed with errno=-22 [ 28.821807][ T344] rust_binder: Write failure EFAULT in pid:11 [ 28.980950][ T369] ======================================================= [ 28.980950][ T369] WARNING: The mand mount option has been deprecated and [ 28.980950][ T369] and is ignored by this kernel. Remove the mand [ 28.980950][ T369] option from the mount to silence this warning. [ 28.980950][ T369] ======================================================= [ 29.065671][ T373] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.065707][ T373] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:24 [ 29.112697][ T376] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 29.146112][ T376] binder: Unknown parameter '0x0000000000000009 cs' [ 29.746471][ T417] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 29.746510][ T417] rust_binder: Error while translating object. [ 29.761916][ T417] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.768526][ T417] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:41 [ 30.095235][ T430] rust_binder: Read failure Err(EAGAIN) in pid:21 [ 30.112630][ T430] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:21 [ 30.120264][ T432] rust_binder: Read failure Err(EAGAIN) in pid:21 [ 30.182653][ T440] rust_binder: Error while translating object. [ 30.190236][ T440] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 30.198882][ T440] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:31 [ 30.255219][ T439] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 30.262327][ T446] rust_binder: Error while translating object. [ 30.276865][ T446] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 30.286271][ T446] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:26 [ 30.359916][ T447] binder: Bad value for 'max' [ 30.382517][ T452] input: syz1 as /devices/virtual/input/input5 [ 30.549178][ T459] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:33 [ 30.557346][ T459] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 30.856542][ T36] kauditd_printk_skb: 71 callbacks suppressed [ 30.856561][ T36] audit: type=1400 audit(1750417699.640:145): avc: denied { append } for pid=470 comm="syz.3.50" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 30.892883][ T36] audit: type=1400 audit(1750417699.670:146): avc: denied { read write } for pid=473 comm="syz.3.51" name="uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 30.894756][ T474] random: crng reseeded on system resumption [ 30.920011][ T36] audit: type=1400 audit(1750417699.670:147): avc: denied { open } for pid=473 comm="syz.3.51" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 30.952097][ T36] audit: type=1400 audit(1750417699.680:148): avc: denied { read write } for pid=473 comm="syz.3.51" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 30.958658][ T474] rust_binder: Write failure EINVAL in pid:40 [ 30.979701][ T36] audit: type=1400 audit(1750417699.680:149): avc: denied { ioctl open } for pid=473 comm="syz.3.51" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 31.024895][ T36] audit: type=1400 audit(1750417699.810:150): avc: denied { append } for pid=475 comm="syz.2.52" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 31.078159][ T478] rust_binder: Write failure EFAULT in pid:50 [ 31.079709][ T480] SELinux: security_context_str_to_sid () failed with errno=-22 [ 31.130236][ T484] rust_binder: Write failure EINVAL in pid:42 [ 31.166878][ T36] audit: type=1326 audit(1750417699.950:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=479 comm="syz.3.54" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f810078e929 code=0x0 [ 31.168089][ T486] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 31.192535][ T486] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:44 [ 31.202660][ T36] audit: type=1326 audit(1750417699.950:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=479 comm="syz.3.54" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f810078e929 code=0x0 [ 31.228654][ T480] random: crng reseeded on system resumption [ 31.313637][ T36] audit: type=1400 audit(1750417700.100:153): avc: denied { write } for pid=492 comm="syz.1.58" name="pfkey" dev="proc" ino=4026532449 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 31.361799][ T480] rust_binder: Write failure EFAULT in pid:42 [ 31.481961][ T504] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.489458][ T504] rust_binder: Failed to allocate buffer. len:80, is_oneway:false [ 31.627382][ T36] audit: type=1400 audit(1750417700.410:154): avc: denied { append } for pid=509 comm="syz.2.63" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 31.801333][ T521] binder: Bad value for 'max' [ 31.870455][ T523] binder: Binderfs stats mode cannot be changed during a remount [ 31.950488][ T535] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.044931][ T537] rust_binder: Error while translating object. [ 32.086991][ T537] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 32.158521][ T537] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:47 [ 32.357577][ T568] binder: Unknown parameter 'non' [ 32.627722][ T581] binder: Bad value for 'stats' [ 33.147379][ T605] rust_binder: Write failure EINVAL in pid:65 [ 33.201639][ T605] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 33.216471][ T605] rust_binder: Read failure Err(EFAULT) in pid:65 [ 33.265693][ T608] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 33.281652][ T608] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:82 [ 33.310392][ T608] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 33.331149][ T608] rust_binder: Read failure Err(EFAULT) in pid:82 [ 33.384183][ T610] input: syz1 as /devices/virtual/input/input6 [ 33.404160][ T614] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:84 [ 33.464186][ T618] rust_binder: Error while translating object. [ 33.498658][ T618] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.532015][ T618] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:86 [ 33.546037][ T622] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:67 [ 33.565348][ T622] rust_binder: Error while translating object. [ 33.583036][ T620] binder: Bad value for 'context' [ 33.590879][ T622] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.604173][ T622] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:67 [ 33.727971][ T631] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 33.761429][ T643] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 33.792347][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 33.822385][ T631] kvm: kvm [630]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0x79a38c48ff000000 [ 33.830830][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 33.858817][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 33.872237][ T624] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.878865][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 33.901241][ T624] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 4096) [ 33.901272][ T624] rust_binder: Error while translating object. [ 33.920818][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 33.932603][ T645] rust_binder: Error while translating object. [ 33.934914][ T645] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 33.951963][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 33.978043][ T645] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:85 [ 33.980850][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.007998][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.014165][ T624] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.015889][ T624] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:73 [ 34.028056][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.047352][ T651] input: syz1 as /devices/virtual/input/input9 [ 34.056516][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.067708][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.079051][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.092108][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.102169][ T639] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.107063][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.140957][ T574] hid-generic 009C:0008:0003.0001: unknown main item tag 0x0 [ 34.151527][ T651] rust_binder: Error while translating object. [ 34.151575][ T651] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.151647][ T574] hid-generic 009C:0008:0003.0001: hidraw0: HID v0.05 Device [syz1] on syz0 [ 34.173863][ T651] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:95 [ 34.283961][ T652] fido_id[652]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 34.495006][ T660] rust_binder: Got transaction with invalid offset. [ 34.495058][ T660] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 34.522627][ T660] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:80 [ 34.552225][ T663] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.637833][ T669] rust_binder: Read failure Err(EAGAIN) in pid:83 [ 34.651632][ T663] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:82 [ 34.728514][ T675] rust_binder: Write failure EINVAL in pid:101 [ 34.778122][ T677] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 34.791919][ T679] rust_binder: Write failure EINVAL in pid:91 [ 34.794878][ T677] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 34.831853][ T681] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 34.868375][ T681] rust_binder: Write failure EINVAL in pid:93 [ 34.869563][ T681] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 35.039080][ T699] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.255753][ T702] rust_binder: Failed to allocate buffer. len:4208, is_oneway:true [ 35.255789][ T702] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 35.279420][ T702] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:91 [ 35.332864][ T721] tun0: tun_chr_ioctl cmd 1074025675 [ 35.373862][ T721] tun0: persist enabled [ 35.378435][ T721] tun0: tun_chr_ioctl cmd 1074025675 [ 35.390785][ T721] tun0: persist enabled [ 35.405978][ T721] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 35.428169][ T721] rust_binder: Write failure EINVAL in pid:105 [ 35.549435][ T730] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107 [ 35.592307][ T735] random: crng reseeded on system resumption [ 35.704409][ T726] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:112 [ 35.704456][ T726] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 35.737788][ T726] rust_binder: Read failure Err(EFAULT) in pid:112 [ 35.741318][ T742] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:114 [ 35.821137][ T750] binder: Bad value for 'max' [ 35.994951][ T764] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 36.250383][ T36] kauditd_printk_skb: 11 callbacks suppressed [ 36.250405][ T36] audit: type=1400 audit(1750417705.030:166): avc: denied { ioctl } for pid=770 comm="syz.1.142" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 36.369728][ T775] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:127 [ 36.549478][ T778] binder: Unknown parameter 'nXI' [ 36.662061][ T782] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:109 [ 36.915267][ T791] rust_binder: Error while translating object. [ 36.926402][ T9] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz1 [ 36.956047][ T791] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.956092][ T791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:134 [ 37.029357][ T800] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.055717][ T802] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 37.125115][ T804] input: syz0 as /devices/virtual/input/input10 [ 37.174106][ T36] audit: type=1400 audit(1750417705.960:167): avc: denied { execute } for pid=805 comm="syz.3.153" path="/sys/kernel/profiling" dev="sysfs" ino=1452 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1 [ 37.208334][ T806] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 37.219589][ T806] rust_binder: Write failure EINVAL in pid:124 [ 37.305188][ T810] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 37.365132][ T813] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:127 [ 37.381548][ T36] audit: type=1326 audit(1750417706.170:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=812 comm="syz.3.155" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f810078e929 code=0x0 [ 37.425112][ T36] audit: type=1400 audit(1750417706.210:169): avc: denied { read open } for pid=814 comm="syz.1.156" path="net:[4026532307]" dev="nsfs" ino=4026532307 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 37.449722][ T13] Bluetooth: hci0: Frame reassembly failed (-90) [ 37.471954][ T36] audit: type=1400 audit(1750417706.210:170): avc: denied { ioctl } for pid=814 comm="syz.1.156" path="net:[4026532307]" dev="nsfs" ino=4026532307 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 37.581600][ T822] rust_binder: Error while translating object. [ 37.581637][ T822] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 37.588437][ T822] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:130 [ 37.977605][ T836] binder: Unknown parameter '0x0000000000000004' [ 38.347571][ T36] audit: type=1400 audit(1750417707.130:171): avc: denied { execute } for pid=842 comm="syz.3.166" path="/dev/binderfs/binder0" dev="binder" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 38.452059][ T849] input: syz0 as /devices/virtual/input/input14 [ 38.469919][ T849] binder: Unknown parameter 'non' [ 38.513497][ T853] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.526239][ T855] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 38.543266][ T36] audit: type=1400 audit(1750417707.330:172): avc: denied { compute_member } for pid=852 comm="syz.3.170" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 38.852923][ T862] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 38.861427][ T862] rust_binder: Write failure EINVAL in pid:159 [ 38.876643][ T866] rust_binder: Write failure EFAULT in pid:161 [ 38.884444][ T866] rust_binder: Write failure EFAULT in pid:161 [ 38.916530][ T872] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 38.923009][ T36] audit: type=1326 audit(1750417707.710:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=869 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810078e929 code=0x7ffc0000 [ 38.989374][ T36] audit: type=1326 audit(1750417707.710:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=869 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810078e929 code=0x7ffc0000 [ 39.014310][ T36] audit: type=1326 audit(1750417707.710:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=869 comm="syz.3.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f810078e929 code=0x7ffc0000 [ 39.225415][ T889] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.242733][ T890] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:171 [ 39.253479][ T889] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.270384][ T890] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.307478][ T9] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz1 [ 39.338164][ T894] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 39.480788][ T817] Bluetooth: hci0: command 0x1003 tx timeout [ 39.482052][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 39.665171][ T912] SELinux: failed to load policy [ 39.733059][ T916] input: syz0 as /devices/virtual/input/input15 [ 39.764842][ T916] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 39.764870][ T916] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 39.798604][ T916] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:183 [ 39.920077][ T931] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:168 [ 39.966868][ T931] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 39.966886][ T935] rust_binder: Write failure EFAULT in pid:185 [ 40.005936][ T931] rust_binder: Read failure Err(EFAULT) in pid:168 [ 40.071467][ T939] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 40.089217][ T937] kvm: kvm [936]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x200000000400 [ 40.114483][ T939] rust_binder: Write failure EINVAL in pid:187 [ 40.128452][ T942] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.159084][ T937] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 40.192806][ T937] rust_binder: Error while translating object. [ 40.215733][ T937] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 40.254299][ T937] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:159 [ 40.441164][ T960] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.451672][ T961] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:191 [ 40.475188][ T960] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:187 [ 41.170985][ T983] binder: Unknown parameter 'fscontext?}' [ 41.312697][ T36] kauditd_printk_skb: 22 callbacks suppressed [ 41.312716][ T36] audit: type=1400 audit(1750417710.100:198): avc: granted { setsecparam } for pid=984 comm="syz.1.207" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 41.511360][ T993] rust_binder: Write failure EINVAL in pid:178 [ 41.573427][ T995] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.591628][ T995] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 41.611832][ T995] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:195 [ 41.828796][ T1012] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 41.839112][ T1012] rust_binder: Error while translating object. [ 41.850260][ T1012] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 41.857302][ T1013] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.868951][ T1012] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:189 [ 41.901218][ T1016] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:191 [ 41.963280][ T1013] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:202 [ 42.021967][ T1019] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.043863][ T1019] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 42.108187][ T1023] rust_binder: Error while translating object. [ 42.126947][ T1023] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 42.135070][ T1023] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:205 [ 42.221015][ T1044] rust_binder: Write failure EFAULT in pid:207 [ 42.414961][ T36] audit: type=1326 audit(1750417711.200:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1050 comm="syz.3.230" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f810078e929 code=0x0 [ 42.498525][ T1058] SELinux: security_context_str_to_sid () failed with errno=-22 [ 42.690395][ T45] Bluetooth: hci0: Frame reassembly failed (-84) [ 42.951046][ T36] audit: type=1400 audit(1750417711.740:200): avc: denied { ioctl } for pid=1076 comm="syz.1.238" path="/dev/fuse" dev="devtmpfs" ino=23 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 42.996325][ T1077] rust_kernel: panicked at drivers/android/binder/node.rs:877:13: [ 42.996325][ T1077] attempt to subtract with overflow [ 43.010596][ T1077] ------------[ cut here ]------------ [ 43.016683][ T1077] kernel BUG at rust/helpers/bug.c:7! [ 43.022975][ T36] audit: type=1400 audit(1750417711.810:201): avc: denied { read } for pid=91 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 43.026414][ T1077] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 43.053044][ T1077] CPU: 0 UID: 0 PID: 1077 Comm: syz.1.238 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 43.066903][ T1077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.071992][ T36] audit: type=1400 audit(1750417711.810:202): avc: denied { search } for pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 43.077807][ T1077] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 43.106433][ T1077] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 9d f0 d1 82 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 d7 34 98 0e 90 90 90 90 90 90 90 90 90 [ 43.127681][ T1077] RSP: 0018:ffffc9000f2cda90 EFLAGS: 00010246 [ 43.130788][ T36] audit: type=1400 audit(1750417711.810:203): avc: denied { write } for pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 43.135071][ T1077] RAX: 0000000000000061 RBX: 1ffff92001e59b54 RCX: 483b024012a40200 [ 43.135096][ T1077] RDX: ffffc90001611000 RSI: 000000000000223a RDI: 000000000000223b [ 43.135112][ T1077] RBP: ffffc9000f2cda90 R08: ffffc9000f2cd787 R09: 1ffff92001e59af0 [ 43.135129][ T1077] R10: dffffc0000000000 R11: fffff52001e59af1 R12: 0000000000000000 [ 43.135146][ T1077] R13: dffffc0000000000 R14: ffffc9000f2cdac0 R15: ffffc9000f2cdaf0 [ 43.187784][ T36] audit: type=1400 audit(1750417711.810:204): avc: denied { add_name } for pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 43.192820][ T1077] FS: 00007f6901ab36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 43.192853][ T1077] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.192867][ T1077] CR2: 000000110c305b33 CR3: 00000001134d4000 CR4: 00000000003526b0 [ 43.192888][ T1077] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.215577][ T36] audit: type=1400 audit(1750417711.810:205): avc: denied { create } for pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.223082][ T1077] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.223106][ T1077] Call Trace: [ 43.223114][ T1077] [ 43.223124][ T1077] _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160 [ 43.223161][ T1077] ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10 [ 43.223190][ T1077] ? _RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x401/0x810 [ 43.253916][ T36] audit: type=1400 audit(1750417711.810:206): avc: denied { append open } for pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.254983][ T1077] ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10 [ 43.276802][ T36] audit: type=1400 audit(1750417711.810:207): avc: denied { getattr } for pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.287624][ T1077] ? __cfi__RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x10/0x10 [ 43.287687][ T1077] ? __kasan_check_write+0x18/0x20 [ 43.287714][ T1077] ? _raw_spin_lock+0x8c/0x120 [ 43.418667][ T1077] ? __cfi__raw_spin_lock+0x10/0x10 [ 43.423943][ T1077] _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90 [ 43.431918][ T1077] ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10 [ 43.440677][ T1077] _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0xb2/0xc0 [ 43.452491][ T1077] ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0x10/0x10 [ 43.466058][ T1077] _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x17e5/0x1860 [ 43.478406][ T1077] ? __kasan_check_write+0x18/0x20 [ 43.484821][ T1077] ? _raw_spin_lock+0x8c/0x120 [ 43.489984][ T1077] ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x10/0x10 [ 43.500799][ T1077] ? _raw_spin_unlock+0x45/0x60 [ 43.506293][ T1077] ? rust_helper_spin_unlock+0x19/0x30 [ 43.511974][ T1077] ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process12inc_ref_done+0x665/0xc40 [ 43.522893][ T1077] ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process12inc_ref_done+0x10/0x10 [ 43.533892][ T1077] ? __kasan_check_write+0x18/0x20 [ 43.539237][ T1077] ? _raw_spin_lock+0x8c/0x120 [ 43.544071][ T1077] ? __cfi__raw_spin_lock+0x10/0x10 [ 43.549594][ T1077] ? __kasan_check_write+0x18/0x20 [ 43.555369][ T1077] _RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x278d/0x9d20 [ 43.565596][ T1077] ? __cfi__RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x10/0x10 [ 43.575786][ T1077] ? unwind_next_frame+0x3c2/0x750 [ 43.582094][ T1077] ? do_sys_openat2+0x12c/0x1c0 [ 43.587259][ T1077] ? do_sys_openat2+0x12c/0x1c0 [ 43.592460][ T1077] ? __kernel_text_address+0x11/0x40 [ 43.598416][ T1077] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 43.605423][ T1077] ? arch_stack_walk+0x12a/0x170 [ 43.610878][ T1077] ? is_bpf_text_address+0x17b/0x1a0 [ 43.617447][ T1077] ? kernel_text_address+0xa9/0xe0 [ 43.623065][ T1077] ? unwind_get_return_address+0x51/0x90 [ 43.629556][ T1077] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 43.635941][ T1077] ? arch_stack_walk+0x10b/0x170 [ 43.641479][ T1077] ? stack_depot_save_flags+0x38/0x800 [ 43.648406][ T1077] ? kasan_save_alloc_info+0x40/0x50 [ 43.654519][ T1077] ? kasan_save_track+0x4f/0x80 [ 43.660760][ T1077] ? kasan_save_track+0x3e/0x80 [ 43.666455][ T1077] ? kasan_save_alloc_info+0x40/0x50 [ 43.672076][ T1077] ? __kasan_kmalloc+0x96/0xb0 [ 43.678530][ T1077] ? __kmalloc_node_track_caller_noprof+0x1ad/0x440 [ 43.685904][ T1077] ? krealloc_noprof+0x8d/0x130 [ 43.692356][ T1077] ? rust_helper_krealloc+0x33/0xd0 [ 43.697826][ T1077] ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0xaf/0x100 [ 43.710755][ T1077] ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x715/0x1440 [ 43.722118][ T1077] ? _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x1a9/0x2c20 [ 43.732621][ T1077] ? _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100 [ 43.743350][ T1077] ? __se_sys_ioctl+0x132/0x1b0 [ 43.748567][ T1077] ? __x64_sys_ioctl+0x7f/0xa0 [ 43.754271][ T1077] ? do_syscall_64+0x58/0xf0 [ 43.759732][ T1077] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 43.766054][ T1077] ? __kasan_kmalloc+0x96/0xb0 [ 43.770979][ T1077] ? kasan_save_alloc_info+0x40/0x50 [ 43.776457][ T1077] ? __kasan_kmalloc+0x96/0xb0 [ 43.781490][ T1077] ? __kmalloc_node_track_caller_noprof+0x1ad/0x440 [ 43.788497][ T1077] ? __kasan_check_write+0x18/0x20 [ 43.793661][ T1077] ? _raw_spin_lock+0x8c/0x120 [ 43.798498][ T1077] ? __cfi__raw_spin_lock+0x10/0x10 [ 43.804025][ T1077] ? __asan_memset+0x39/0x50 [ 43.808764][ T1077] ? _raw_spin_unlock+0x45/0x60 [ 43.813719][ T1077] ? rust_helper_spin_unlock+0x19/0x30 [ 43.819235][ T1077] ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0xdfc/0x1440 [ 43.830316][ T1077] ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x10/0x10 [ 43.841405][ T1077] ? kvm_sched_clock_read+0x15/0x30 [ 43.846662][ T1077] ? sched_clock_noinstr+0xd/0x30 [ 43.852007][ T1077] ? sched_clock+0x44/0x60 [ 43.856564][ T1077] ? sched_clock_cpu+0x75/0x400 [ 43.861579][ T1077] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 43.867927][ T1077] ? sched_clock+0x44/0x60 [ 43.872581][ T1077] ? xfd_validate_state+0x68/0x150 [ 43.877783][ T1077] ? save_fpregs_to_fpstate+0x196/0x230 [ 43.883595][ T1077] ? __cfi___switch_to+0x10/0x10 [ 43.888897][ T1077] _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x411/0x2c20 [ 43.898420][ T1077] ? finish_task_switch+0x13a/0x780 [ 43.903775][ T1077] ? __switch_to_asm+0x3d/0x70 [ 43.909044][ T1077] ? avc_has_extended_perms+0x7c7/0xdd0 [ 43.914745][ T1077] ? __asan_memcpy+0x5a/0x80 [ 43.919519][ T1077] ? avc_has_extended_perms+0x921/0xdd0 [ 43.925126][ T1077] ? __cfi__RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x10/0x10 [ 43.934903][ T1077] ? do_vfs_ioctl+0xeda/0x1e30 [ 43.940019][ T1077] ? __futex_queue+0x19a/0x340 [ 43.945459][ T1077] ? __ia32_compat_sys_ioctl+0x850/0x850 [ 43.951460][ T1077] ? __cfi___futex_queue+0x10/0x10 [ 43.957268][ T1077] ? futex_wait_setup+0x1bc/0x260 [ 43.962699][ T1077] ? __futex_wait+0x218/0x2a0 [ 43.967877][ T1077] ? ioctl_has_perm+0x384/0x4d0 [ 43.973057][ T1077] ? has_cap_mac_admin+0xd0/0xd0 [ 43.978156][ T1077] ? futex_wake+0x5fb/0x900 [ 43.982866][ T1077] ? futex_setup_timer+0xb4/0xd0 [ 43.988029][ T1077] ? futex_wait+0x288/0x540 [ 43.992835][ T1077] ? __cfi_futex_wait+0x10/0x10 [ 43.998008][ T1077] ? selinux_file_ioctl+0x6e0/0x1360 [ 44.003444][ T1077] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 44.009205][ T1077] ? do_futex+0x309/0x500 [ 44.013870][ T1077] ? __cfi_do_futex+0x10/0x10 [ 44.019167][ T1077] ? __fget_files+0x2c5/0x340 [ 44.024262][ T1077] _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100 [ 44.032916][ T1077] ? __se_sys_ioctl+0x114/0x1b0 [ 44.037941][ T1077] ? __cfi__RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0x10/0x10 [ 44.047558][ T1077] __se_sys_ioctl+0x132/0x1b0 [ 44.052489][ T1077] __x64_sys_ioctl+0x7f/0xa0 [ 44.057453][ T1077] x64_sys_call+0x1878/0x2ee0 [ 44.062205][ T1077] do_syscall_64+0x58/0xf0 [ 44.067207][ T1077] ? clear_bhb_loop+0x35/0x90 [ 44.072329][ T1077] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 44.078414][ T1077] RIP: 0033:0x7f6900b8e929 [ 44.082985][ T1077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 44.104158][ T1077] RSP: 002b:00007f6901ab3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.113806][ T1077] RAX: ffffffffffffffda RBX: 00007f6900db5fa0 RCX: 00007f6900b8e929 [ 44.122393][ T1077] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 44.131202][ T1077] RBP: 00007f6900c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 44.139770][ T1077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 44.148399][ T1077] R13: 0000000000000000 R14: 00007f6900db5fa0 R15: 00007ffc320f02a8 [ 44.157698][ T1077] [ 44.160755][ T1077] Modules linked in: [ 44.165889][ T1077] ---[ end trace 0000000000000000 ]--- [ 44.175627][ T1077] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 44.181378][ T1077] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 9d f0 d1 82 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 d7 34 98 0e 90 90 90 90 90 90 90 90 90 [ 44.201417][ T1077] RSP: 0018:ffffc9000f2cda90 EFLAGS: 00010246 [ 44.207896][ T1077] RAX: 0000000000000061 RBX: 1ffff92001e59b54 RCX: 483b024012a40200 [ 44.217557][ T1077] RDX: ffffc90001611000 RSI: 000000000000223a RDI: 000000000000223b [ 44.239587][ T1077] RBP: ffffc9000f2cda90 R08: ffffc9000f2cd787 R09: 1ffff92001e59af0 [ 44.247792][ T1077] R10: dffffc0000000000 R11: fffff52001e59af1 R12: 0000000000000000 [ 44.270739][ T1077] R13: dffffc0000000000 R14: ffffc9000f2cdac0 R15: ffffc9000f2cdaf0 [ 44.281957][ T1077] FS: 00007f6901ab36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 44.305063][ T1077] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.347296][ T1077] CR2: 000000110c305b33 CR3: 00000001134d4000 CR4: 00000000003526b0 [ 44.355777][ T1077] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.383374][ T1077] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.392226][ T1077] Kernel panic - not syncing: Fatal exception [ 44.399169][ T1077] Kernel Offset: disabled [ 44.403690][ T1077] Rebooting in 86400 seconds..