last executing test programs: 17.615623018s ago: executing program 1 (id=335): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x6, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="8500000000681039c2a821c3d12d16e45c46bc00000000000040000000007f000000000d0000"]) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000300)) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'pimreg0\x00', 0xe}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x74, 0x0, 0x0, 0xfffffffc}]}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x32}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x20000000029}, @fda={0x66646185, 0x5, 0x1, 0x30}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 17.542370819s ago: executing program 1 (id=337): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x0, 0x0) r1 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8) r2 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0xcf) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x40, 0x0) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r4, 0x45809000) syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xc0, 0x0, &(0x7f0000000580)=[@free_buffer={0x40086303, r2}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/240, 0xf0, 0x44, 0x2b}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/67, 0x43, 0x2, 0xe}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000002c0)={0x0, 0x28, 0x50}}}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r3}, @fda={0x66646185, 0x0, 0x1, 0x17}, @ptr={0x70742a85, 0x1, &(0x7f00000003c0)=""/225, 0xe1, 0x0, 0x1e}}, &(0x7f0000000540)={0x0, 0x18, 0x38}}}, @request_death, @enter_looper, @increfs, @exit_looper, @enter_looper], 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x0, 0x0) (async) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) (async) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8) (async) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0xcf) (async) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x40, 0x0) (async) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r4, 0x45809000) (async) syz_clone3(&(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xc0, 0x0, &(0x7f0000000580)=[@free_buffer={0x40086303, r2}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/240, 0xf0, 0x44, 0x2b}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/67, 0x43, 0x2, 0xe}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000002c0)={0x0, 0x28, 0x50}}}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r3}, @fda={0x66646185, 0x0, 0x1, 0x17}, @ptr={0x70742a85, 0x1, &(0x7f00000003c0)=""/225, 0xe1, 0x0, 0x1e}}, &(0x7f0000000540)={0x0, 0x18, 0x38}}}, @request_death, @enter_looper, @increfs, @exit_looper, @enter_looper], 0x0, 0x0, 0x0}) (async) 17.47291009s ago: executing program 1 (id=338): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000003c0)='./binderfs2/custom1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x202c) r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r3, &(0x7f0000000000), 0x2002) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000340)='./binderfs2/binder1\x00', 0x1c02, 0x0) mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x7f) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0xb8, 0x0, &(0x7f0000000580)=[@increfs_done, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r4}, @flat=@binder={0x73622a85, 0x100, 0x3}, @fda={0x66646185, 0x0, 0x1, 0x25}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}, @increfs={0x40046304, 0x2}, @acquire={0x40046305, 0x2}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, &(0x7f0000000640)=""/171, 0xab, 0x2, 0x3c}, @flat=@weak_binder={0x77622a85, 0x100a, 0x1}, @flat=@weak_binder={0x77622a85, 0xb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}, @enter_looper], 0x4f, 0x0, &(0x7f0000000480)="9a034be253fee02795f5b8023e15784384c3378df2ed3a922cc19b64146d7663227497a4e6079f5eb266d049c98d890e73a6bc8c2df21a6c4039939e2203dda7692865e465fd223f1bdf645ced1645"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@weak_handle={0x77682a85, 0x1001, 0x3}, @fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) 17.47185103s ago: executing program 1 (id=340): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r1, &(0x7f0000000000), 0x2002) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x3f, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) 17.47025542s ago: executing program 1 (id=341): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000500)={[{0x6, 0x413, 0x4, 0x86, 0x0, 0x6, 0x9, 0x6, 0x3, 0xf, 0x6, 0xd8, 0x7}, {0x1ff, 0x100, 0x0, 0x80, 0x7, 0xe, 0x1, 0xc6, 0x81, 0x81, 0x36, 0x10, 0x3}, {0xdc3, 0x1, 0xe, 0x9, 0x4, 0x6, 0xf5, 0x7, 0xed, 0xf, 0x7, 0x0, 0x81}], 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="01000002000000009e00000000040800000000000014197f11f4ee4c3d23cbe246fe36bcb3e0b526c09afb81929e562c9ee0196c61e2eaf50e17d7967d9bc41e4d73f958975672fe8ce769fa12331a0168d3cc6ac3bcb0b40600437c844f4918a45f18a24f6202a9dcb40314e1dba3cba28b342c6c8b65d6db476d21123a0ff3ded41534aabc1768b569f8e80b18196fbd49a20f1cfbf89d0dbbc50099a3a85370c803b712827e8faef36d"]) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) write(r1, &(0x7f0000000340)="2ea129d9d9ea2568f04ef3c6b9694cee637b8cdd025a99202d44a116", 0x1c) read(r1, &(0x7f00000020c0)=""/212, 0xd4) write$selinux_attr(r1, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, &(0x7f0000000080)={0x8}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xe2) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000100)={0x10000, 0xfffffff7}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffd, 0x2], 0x80a0000, 0x42240}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r8, 0x4008ae73, &(0x7f0000000000)={0x800, 0x5}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000640)={[0xccd2, 0x7, 0x8000, 0x9, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000002, 0xff], 0x0, 0x41847}) 17.423166491s ago: executing program 1 (id=342): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f00000000c0)={[{0x6, 0x3, 0xf1, 0x0, 0x3, 0x9, 0x52, 0x6, 0xc, 0x4, 0x5, 0xfb, 0x4}, {0x4, 0x8001, 0x0, 0xb, 0xff, 0x0, 0x81, 0xe, 0xe, 0x2f, 0x0, 0x0, 0x7}, {0x5, 0x0, 0x7, 0x10, 0xd6, 0x6, 0x4, 0x7f, 0x4, 0xfa, 0x81, 0x7, 0x7f}], 0xffff1093}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_SET_LAPIC(r9, 0x4400ae8f, &(0x7f0000000840)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be99dab3de3854e73b903f78616596487bf50017c56b15385ab264cba5b166f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a01402074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e77e5b2897c3fff38eabf67e1e160c2b5e18be06457844d896d797c2603fbdb0613f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9001fedf54cc2dc6aea6c42c32de4e4291e70422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b8899fd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883c0600000000000000aea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee75bb1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380848965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9397034f9400"}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r10, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r12, 0xae44, 0x1000) 10.777124146s ago: executing program 0 (id=493): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000540)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\xadP\x1c2\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd8\\\x99\xc7Dp\x98\xa4o\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12KL\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00') ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) read$FUSE(r2, &(0x7f0000001400)={0x2020}, 0x2020) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000cc0)='\x00\x00\x03\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642@\xb8\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc3\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5U\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x13\xc8\xdc\x00\x00\x00\x00\x00\x00\x00\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5h/41\x99\'\xd0\x1e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xaf\x03\x9bWwh\xca\xf5d\x8di\xe7\xc4\xdbx\xbc\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6NR\x13\x84~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaa\x868hB+\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99v.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\x02\x7f\xc4T\xa5\xc1,*\x8d\xf6\x1f\xbe\x10\x04\x97\x9d+\x81\xbb8|\xf3\x8bo\xa5\xf9\xab[-t\xdf6H\xc1\xb1\b\b\xcc\xbf\xb0c\xe8S\xea6\xf5\xd0\xda/\xbf\xe5p\x82\xb8V\xe9g[\x8d\x14e;\x11o\v\xb8\xb6\x0f\xd3\x16\x82\xc5$\xce\xe2\xab\a\x1c\x8c\x843\xf4\xbb\xc8\xd3\xf5R\xb5\x8dZ\xb7Jql\x05+i{\xc5w\xfcD\x1fE\xcc]\xb7~\xd3\x99\xde\x1dX\xdc}C,|\bf\x80&WeT\x98X\xeb\xef(\x1c9\x00'/623) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) (async) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) (async) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000540)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\xadP\x1c2\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd8\\\x99\xc7Dp\x98\xa4o\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12KL\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00') (async) ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f0000001400)={0x2020}, 0x2020) (async) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000cc0)='\x00\x00\x03\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642@\xb8\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc3\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5U\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x13\xc8\xdc\x00\x00\x00\x00\x00\x00\x00\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5h/41\x99\'\xd0\x1e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xaf\x03\x9bWwh\xca\xf5d\x8di\xe7\xc4\xdbx\xbc\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6NR\x13\x84~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaa\x868hB+\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99v.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\x02\x7f\xc4T\xa5\xc1,*\x8d\xf6\x1f\xbe\x10\x04\x97\x9d+\x81\xbb8|\xf3\x8bo\xa5\xf9\xab[-t\xdf6H\xc1\xb1\b\b\xcc\xbf\xb0c\xe8S\xea6\xf5\xd0\xda/\xbf\xe5p\x82\xb8V\xe9g[\x8d\x14e;\x11o\v\xb8\xb6\x0f\xd3\x16\x82\xc5$\xce\xe2\xab\a\x1c\x8c\x843\xf4\xbb\xc8\xd3\xf5R\xb5\x8dZ\xb7Jql\x05+i{\xc5w\xfcD\x1fE\xcc]\xb7~\xd3\x99\xde\x1dX\xdc}C,|\bf\x80&WeT\x98X\xeb\xef(\x1c9\x00'/623) (async) 10.771648406s ago: executing program 0 (id=494): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000001c0)={"f9226af3777060f40168b3e8482619ca", 0x0, 0x0, {0x6, 0xfffffffd}, {0x7fffffff, 0x4}, 0x401, [0x9afb00000000, 0x8, 0x7, 0x2, 0xf6, 0x3ff, 0x9, 0x0, 0x7fffffff, 0xe, 0x6, 0x9, 0x1000, 0x2, 0xd, 0x2]}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000001440)={{r0}, r1, 0xe, @inherit={0x50, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000001000000000000000100000000000010000000000000000007000000000000002306000000000000db0e0000000000000600000000000000"]}, @name="ac2867823ce8bcdc47c058514aa34681a93cbf0a9c985d2ba9ecd218b5a49f73f27ce13cae3ec42c03c7c0c904f1ec6cdcb5227cc56a5d17aef8979afcb50b13dc43b0a5b08c92e6fbcf10e05087b882acb76a3c2e46856cc8a486bb16cb8faf4a110e7fef5b2602362c7fdf7a56b1ce8ca153422d97364dee14a717f38596e7a662d244702e0dba0be5d95e68507e0c1f79af0b16b72622bddf38e3ace357e8100bd9246de14d40c6054a4b891eb79ed0b49238ce53351aee3ed110285121e54cdbcda9747525a6bcc8a4f14babe781eec197e6fbbea1feb5ee192690d9bfc5a14323cfbe6c2166ae3c5bde5472646cbb9bd04b670edc3d58c0e97105e033892bad33d3419d703aaa6b227d1d873cfaedc75fb084a647e07d844575f0e9438a168fd3e045bbfbb8a6825031e08bf9d217cf30ccd1fc8ef61b46b1fd695f4fce43617a4bef8f1f1596d8f2730d9259e8793380b0054362cf4a03360d46d06210fcad4bac76972c83ebe1a99c88f3d3d10c3d3908a1594e9d73972081482d3ef9f5a66cf499417aec92a445cfe3323a21f533ca884d46838097140e21caa5e3420573b319401844bea5c1380d84b8045049ef9ef7a7aab9fb8ede1781b64a8d7b0680ba016f2cd5042125eb7e10d72038f872da6aabdb1cf7aae7c20dc56793e3bc3840670f14500c80d45f2e91b596ec1d4780f996484e2dd6cea81b7632ef26376ecc0ab0bfca6b8c0ce7b5464d28610979ab344ef5918f9a94cb8938e9a49b9be1943ef009fdc27e8d1606a132a884263a667974e54db18698ea2034f27fcd5ab5ab4cb5523c5d8638c37339e64bfb9d1a38a73e5a5b6c5a59eed543b1ca0610e1b6bc98c120a98fa35581b08c520b4dbcb7e845d3c2d66fbdf95f402866c54eed7ae847668652653461257334991aae1722315ff65829e5293e4284ee451664a5d87b15df2c7f50a7f45ea983278ff96fb0e25fc6850d632b7c4ed913674f61586f8d52cdadf0280ebe91d768181a1c5ac2e898a57ac318c83cdf04a7bec79acab64b99b89627dd84452b5d4374b25c6b43561f35360eebb8b80b12e99da6f8f76beedae3891533211a323a2ed1c0dac9a79b5de5dab8aa5e1c10076732753dd6231fa9739b4e583f8616351f6a935c33c78ffc9207b3b198b3a7e061f849c74a0924e5964cfceee1763f92985f3b682a00135a9290951e70aac9546c7077a8d0ee7944af9406d87cd60c5d80abb8cd70913b62dfa19d2ed518456bf416699b209cfda3408c6858c0efd9eb3afa7e957eba4be4d55ca1981631ca84c203dd7b296212c17f0bef01d89d4cd4ded6be4ae456debe77af778386b43a2f0b94243d441c26798c4971ee0cc80442ace5748c9a6011e6a16b2188489006bf15610dc0894f5c2913920c675d981f113ec8b4fb655204911d382d3ceba510d041867a260f85846e63f4dbcf24c63cc41739e79696ef139994df18f34aa2d07cc7aad74094cb16c833e9fbdd96dd2ce7279f2ae71741cefbc56b46361a4d4b7ec80226cb9c9bd7a34d9e888811c7455d764e16904843a06d33c423ca96fced7182be96a93535b0d225fe1ca10625f1167dce79f154043d6fd63e2f9ba3050ef5011b479a62af824460a2202a44dcba7713783da3019a11e3f1f1130143e024cc6a07543340cb709d2133e3da5c8a6bb1d0bda0f8b3d0a16c1deb6648f0ade0fd9fe4e79f00a1ef9fde213f1ad80865c78216e1e1f42c61fa3c62b92fe86b092ca97233610683a7776cf3d055e96e033b592f1025e2baae52813c7736a6a01d0d56552d5ad4e168e4bd9c89d4304a4e93f8d180ead6f2e54af47057074c739f502b669b3f052342e147850727b1dc793895e1c731037d64bb42f702c41a75e1d3a6ef3af59e62da8791ed49ca7b46ab8ff27b5f920ef2ba0cda5c8941401dda2efb1d460dfc371e84f748f844e5c9361c4242986051d09296addda87bbd162c5848f20c501574adb10b25966f21ba3b2d6094777b62f2ac144c1354b8deecbc1c6f5d4087ad267fa82feddff4788273bc2ba6707e345326022db751548525dfd821486670e62d15500124c4e21efc0a60a958b157313b03ce417c4f14331d7359deebb1027ef2d0a287a5bb791ec25643262807b21c52677dd40e8be786b4f2c53f36ab3987f47c2d5e703e4fd3f274fbe3159f12b0b29fe093351f0f896b7a5a271c0ec406fd6b7193665f63cf50b54b35a0f3369f170ae34c680d4fb7b89c8f9aa3a150815fa6774d4e5f605c3986209c5aeaa048a2f3f7c0bf2935708c16ec156ca16f1893611e00b62cae077de1f168e2b3dcfd10d0b2630f3c43e6b545fec61a832d2b6798c680a8bb3e58eafe54f873da2391e470721c515bb1bc6d380330866014163995f9b2d49b65802349336a85ee89cb4d94b36d52b876f165f4f67bc250a5b3e5264b004a595879763b5ca79b39ba75239ceb8f31bf68e82df20c7cf1f31407b380637161a794f0ee9587d21b8eb39c8fd5c1939aa6fe5a428ec14b7b5c477d8cef89b0b7e9e771f265c383df2e5e0a29619a19c4b92ffdb4f014dfcbb4a0b49f527e01d34ff718ee33fc7008fd03f168f8a8d44c9547cfd87d5fbe6901fab9478e77d61cbdf7bebbf3f5bfabc9840a2fb228b4c58405007a46dd76cab4be81b087b1934994597fbf1f0fbd96567761fddd568f58bd7821a6cd0d580421b9003ff117386a37ed2060eedbdf8d4b86ab8f22dabd836dd5b43abea444336978866b6b015f661cd7f767fd2a7e8f196f07d14570563c15dc825a524450b093eac0ead18bfb66969d3f288136381422a175467cd329a8c5176fa6cf844fb3eb4e2f22d4a71126a0e122235b52a1f46c5506b3c8cc77c51a8580ad0a04e412a33cda1b3804af738f1e81ceffb967bbfa909aa38e1d41020c6e0d51ca870be950148b1f7a62bedea7d82b0814996d9123e6dcb76e93fb51e883158c4811e7220b7bf5c20a7f4d90c6b40a261ca487c51b1e4c21c46386620344acb180322b6ae55179875d1099f31457f875752af316dd657021901be6b3591dc5f919472bcb5a5d74cd6e70bceebc8dc9d6f203ad4b3ac0d00b233d8046baeea5bcf0897f81ddcde6510770281de3ca0f3b5a5bff2ed3b11b7a622cc1889b8d630e5412971ffe310269ef462682ea1d59634cbb26038d90fb919c349b38a97d5385264750bb424d080e0dfc7be5e71e026dfbc8f829d77c329f95f1f86cd75d4f5a278bd80108838e9cad7ba0122b9aa9c9e0748ad29b6f896ecea65768e9808475c47a7bb761ae76c0ef8f679a5a85e549ad712244a4c637280b09937e4690051d14908b60a52a9a5c1bdff4a2e5d971aa131a2d76d6a70bca849e1af48f20f798e7671fe30d99ab3caa741a704a75361274031259c9ef7ada2177d55222120be88a54f5a7b79104c2a092ee36ab720cf8f68a5029ce4cc66c7543bd52368c664736b16caf46f3085e82fa5a3d3d78a999b1af344805e8fc987abc35ac22e3445618d126b3ec5562a22bf57655e21a4c831d11a8ed97602edfc07e9fe4fb0cc32671a4bf47bc8ed0eca8d59ed225cade426106d59c42eddd2be8ca7fe9bb9c58c0113ffb61a15de79ea1f5571543cfc54c85a61af2701054d40c03b7b6eeadf5fb0d31251dbc5b595bfaca0cee0629a906acfc8f9e58d6f4f29418382db2c92cb4cdfc250e93d4e90ccf1c30346068b46070b585f7b5abdd622992a50e2865867caff72cd1b3b0c244cf3311a91310eef6524f231974a83d3a59ec7727df57c6019a7fed636d550ff43ce0557d2a4d1a2082f7e5188e934972569be3d6b9c0ff540addac5ba5c30ed1ecc3d3830640b283ebbd7787cd9214cdc1095d5d81ea292accdc191a997e6f5aa913af4a041a59b9810be704185d77f2bd12a8cf73a81465ca49dc034b0c2d9d507c6d5b71c5e3b6291ef0f9088c99f42a291b59c1cb86cecbe087b269293fe49b11e863b3cad7b21c116dcf13bdd749ca627ef3a2a7de195f1cc61923727a431b3286a2d3471141b63434b3adb8edf6909602b66b59aed04efdb8d1eb61e401ef10fe204bb437287dc625fc8ac6737efdc8890791afc3dbeb49b68d7b44478addc9a5d0a9d22f67f039cac8403c1f91ea269bfb2a9886b271ce0684c7ea692cc9c187d1acc4a17473bcc49229a57d1bfed05f9b0d2f6b2eb10d588b4328f065524a3ec8af2b6b126e37548303b08d926f06b862a4fdd99aea0ba1842178cebf42dc79a7d3b8fc9e2edf36e209145991d17f66d15c1003e30e77b39e951d201784ac4853427fa00aef1b72ab501179a2e00ecfa4e7d80c196796cd36ed10eb1cee846659d16b65377d00298d9a66c1b9a0d1be0a47f721f08442c45a25755f023f40b8610dee2afb2b080a5d7951513ac2ba1782af976e82e5767bf1417ea496cb2f6928804a9c0fd6239afbbec88ccdcc6ef9b9bca37449677828c7597164157455ddccd757fc4882063b269ecf18538e9580947d9ecd3d99165787239a981a5bf714a224d39e33af006c5f5bbcddfd4501ee399bd9796f7098cb586612b14c372e04bf04c290dbe436050d36208a19f8f759672e36a71a0a9b080734c5f55cc681afcb7392f42be90e25152d5eb228acb90358ff9ab9961e1b42a4381909967227fc901f763085dbf48f4232df9076b36882021441d4aae89c77176e5fe26566b491d5e49a5bf8d7df1d9bc902dead254be2e843fb953114971ac30b0ac16bcd501cc225a0b1a2fc6b46ddb79c681d15e8102b092254f545070c556aa7efa2b730168947924e98a0d66f847edb72cebfe7882af3061967f05ed50424fdad28deb4d2ac849356915ad5473b8530bb2f77f2487f74b5715b6448205e9918133486143854dc8fdf8471ceca053f119028b05ead80fcd3a4ec3168d157c040becc0d432139edd201f6359694551ed991af14c136956fc79e7c259bc480527eab67e39dc803395e9e9854d46349445357df83627cda64fa4565f9f092ec00968b7ce9338bb01ca00e2d53e3ad6c49b5340766d1c20ac08ba5e292337fd36a2244e2c1f230322e7f5343e23d207ac8fcf2516c1e1736d3bd34460379633f1398c2208a9ff3b5a03f99c3104b7a24d7649b92ea332278d32884bf19af0adcfad8b4ecc95e3c52abaa2d4411b7b25c66e34acfb086d4fe6154abb62e6e0c5d956af7605225405995583e96681aeb706ae6b74efa9dbf19a4a583dad31e306cb1e533fb6f3053566e9fb19c646ea69ab0eb52d6ee9e97e7eb4a11c5faedbf0c83e3a75c571a862dca98e37b10cb6390204d0d8b3b06fcdedd611b696e5e5eeec783ee0504f28e0eed6c0f208260c263506ad239fd643245a1069b37afab5b87e4dc6eb3d79704a0ae022ef5666550eda9dd94d07dd76c268a96107ec51e3b137ffb016c366a91c7cc50678a199741b6f3f53c3dda1b595f68d59a5edeeb445440be59b9d21cea8ac8c7e91e54288f919dc6c06ed98df7f34f5ad6b7df53efb23de0fa0ebae6c442ef04ae5fb3a9f23cbc8a4e68544c605093805515e188cf21bc4949b083425cb898bd4d83954c09d65f73171dac340d83552b8a532e82ddf77a2b51859f1660e5b956477f461afce809190249e3805c5d78c394f6a370c410419f8d09060527df793ae3b29b6a723ee7f5b16643df457a34e3ffd3d9e5cf888dce76ec400db38071"}) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, &(0x7f00000011c0), &(0x7f0000001200), {0x25}, &(0x7f0000001240)=""/1, 0x1, &(0x7f0000001280)=""/162, &(0x7f0000001340)=[0x0, 0x0], 0x2, {r2}}, 0x58) write$selinux_context(r2, &(0x7f0000000000)='system_u:object_r:kmsg_device_t:s0\x00', 0x23) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x900, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x400000b4}]}) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000001c0)={0x1fe, 0x4, 0x3000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4, 0x100010, r8, 0x291e9000) r9 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x10040, 0x322d89d05391a701) r10 = openat$cgroup_int(r9, 0x0, 0x2, 0x0) write$cgroup_subtree(r10, &(0x7f00000023c0)=ANY=[@ANYBLOB='1-2:5/', @ANYRES16=r8], 0x31) read(r8, &(0x7f0000000080)=""/1, 0x1) r11 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20200, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) write$cgroup_pid(r8, &(0x7f00000000c0), 0x12) read$FUSE(r8, &(0x7f0000000ac0)={0x2020}, 0x2020) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) 10.695300547s ago: executing program 0 (id=495): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000018c0)='/sys/kernel/fscaps', 0x40, 0x40) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RNDADDENTROPY(r1, 0x5206, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_clone(0x802400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000c, 0x13, r2, 0x293f000) 10.610597248s ago: executing program 0 (id=496): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup/pids.max\x00', 0xc8442, 0x80) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) syz_clone(0x22822400, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x2, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 10.609581968s ago: executing program 0 (id=497): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000040)=[@increfs_done={0x40106308, 0x3}], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0xfc, 0x1000000, 0x0}) 10.50149727s ago: executing program 0 (id=503): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom0\x00', 0x6, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0xfffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x40}], 0x8, 0x0, &(0x7f0000000000)="6ce6a4fb297541e7"}) r2 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x480, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000c80)=ANY=[@ANYBLOB="01000000000000ef9a000040"]) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000002c0)={0x5, 0x0, [{0x777, 0x0, 0xcb6}, {0x81f, 0x0, 0x6}, {0x8d0, 0x0, 0xfffffffffffffffb}, {0xb19, 0x0, 0x4}, {0x302, 0x0, 0x5}]}) 2.999968297s ago: executing program 2 (id=521): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x200, 0x81, 0x9}) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x12, 0x23806be5, 0x81, 0x4, 0x0, 0x9}) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7, 0x6832, 0xffffffffffffffff, 0x0) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) 2.998420807s ago: executing program 3 (id=522): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1100}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x104000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0xffff1000, 0x8000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000100)={0x80a0000, 0xc000, 0xfffffffc}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x2, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f00000001c0)={0x1, 0x3000, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 1.684682916s ago: executing program 32 (id=342): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f00000000c0)={[{0x6, 0x3, 0xf1, 0x0, 0x3, 0x9, 0x52, 0x6, 0xc, 0x4, 0x5, 0xfb, 0x4}, {0x4, 0x8001, 0x0, 0xb, 0xff, 0x0, 0x81, 0xe, 0xe, 0x2f, 0x0, 0x0, 0x7}, {0x5, 0x0, 0x7, 0x10, 0xd6, 0x6, 0x4, 0x7f, 0x4, 0xfa, 0x81, 0x7, 0x7f}], 0xffff1093}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_SET_LAPIC(r9, 0x4400ae8f, &(0x7f0000000840)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be99dab3de3854e73b903f78616596487bf50017c56b15385ab264cba5b166f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a01402074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e77e5b2897c3fff38eabf67e1e160c2b5e18be06457844d896d797c2603fbdb0613f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9001fedf54cc2dc6aea6c42c32de4e4291e70422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b8899fd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883c0600000000000000aea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee75bb1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380848965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9397034f9400"}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r10, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r12, 0xae44, 0x1000) 1.638630657s ago: executing program 2 (id=524): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, &(0x7f0000000040)='/dev/net/tun\x00') ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'veth1_to_hsr\x00', 0x2}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x9) ioctl$TUNSETLINK(r0, 0x400454cd, 0x306) mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, &(0x7f0000000400)={[], [{@flag='dirsync'}]}) 1.638169517s ago: executing program 3 (id=525): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)}) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000240)={0xfff, 0x2e1, &(0x7f0000000300)="e8d55aebea0a33fa0774ff47802641f95b37c69b60c2df0fbd451f036f7ebcf97bbe856254a490859b119f779a92c7ccf16352c2455466a489fdc4b27b7db0a41db5ecd2ef77b20a7f9b1042bc8219a964f6001c4da20bc1bfd2bcd38c34312a56", 0x0, 0x61}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x4, 0x804, 0x7, 0xf, 0x120000, 0x5, 0x0, 0x8, 0x8000000000000001, 0x2, 0x0, 0x101, 0x3, 0x1], 0x8000000, 0x141200}) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) 138.654878ms ago: executing program 2 (id=526): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000100)={0x1, 0x0, [{0x4000, 0x2, &(0x7f00000000c0)=""/2}]}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/wake_lock', 0x81, 0x0) close_range(r0, r1, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000180)={[0xfffffffffffffff7, 0x1b89, 0xa, 0x400, 0xb1, 0x7, 0x80, 0x6, 0x5, 0x7, 0x8000000000000000, 0x2, 0x6, 0x0, 0x8, 0x3], 0xeeee8000, 0x11200}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/reserved_size', 0x12b202, 0x2) read$FUSE(r2, &(0x7f0000000280)={0x2020}, 0x2020) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f00000022c0)={{r2}, 0x9, 0xfffffffffffffff8, 0xcb6}) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r3, 0x0, 0x12, 0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000002300)={0x30, 0x5, 0x0, {0x0, 0x6, 0x8, 0x2}}, 0x30) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000002340)={[{0x0, 0x5, 0xc1, 0xf, 0x8, 0x67, 0xa6, 0x6, 0x3, 0x9, 0x5, 0x0, 0x80000001}, {0x0, 0xcc8, 0xcd, 0xf7, 0x4e, 0x99, 0x88, 0x3, 0xd, 0x7, 0x5, 0x6, 0xeac}, {0x5, 0x2, 0x9, 0x44, 0xd, 0x4, 0x1, 0x3, 0x1, 0x2, 0xe, 0x1, 0x7}], 0x8}) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000023c0)=0x8000000) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000002400)) r4 = openat$cgroup_freezer_state(r2, &(0x7f0000002440), 0x2, 0x0) write(r4, &(0x7f0000002480)="e0f0eddd5a7c0fb0e60e092385ecdee725695750a1223a3bbb27eab045", 0x1d) r5 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000024c0), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000002500)) write$UHID_CREATE2(r1, &(0x7f0000002540)={0xb, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0xb4, 0x0, 0x1083, 0xfc4c, 0x3, 0x2, "94e72ff86ced191a5b9f09224b868302656a27b0ac6333d3ecc502c9c2e84bc5c3074023b7abec01fa40bde4f78176392e5de7581e6658d72935f95d1a4408e48526b195b432800b706e4fff85687bb4749e33053f36043492f16048b1864a6db16629607a03386c09f2cf1003e704b4c105975adbfdbc46891c82eb24bad0e4843cc11447e34558448491c4d72c5bef9c72a88b45859d10256a07c6f33fb0d0686cc8bcd71cf68ecfd58393395601573a180953"}}, 0x1cc) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$selinux_attr(r5, &(0x7f0000002740)='system_u:object_r:fixed_disk_device_t:s0\x00', 0x29) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000002780)={0x2, 0x0, [{0x4b564d00, 0x0, 0x7fe}, {0x99b, 0x0, 0x4}]}) r6 = openat$cgroup_procs(r1, &(0x7f00000027c0)='cgroup.threads\x00', 0x2, 0x0) r7 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000002800), 0x1, 0x0) ioctl$BTRFS_IOC_START_SYNC(r6, 0x80089418, &(0x7f0000002840)=0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000002880)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r7, 0x5000943f, &(0x7f0000002c80)={{r6}, r8, 0x10, @unused=[0x15, 0xffffffff, 0x10, 0x4], @devid=r9}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000003cc0)={0xffffffffffffffff, 0x80, 0x9, 0x80000001}) 138.128978ms ago: executing program 3 (id=527): r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) mkdirat(r0, &(0x7f0000000000)='./file2\x00', 0x15c) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x300, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', 0x0, 0x3230060, &(0x7f0000000100)=ANY=[@ANYRESOCT=r0, @ANYBLOB="7ef04f4746ff272f2ee307d1b40d362a9dab49d88a7632064c2e6e4914ec9889655dc2f857432ace0e0e78718a85b186379811a2b184020eb8f30e1a8e3b75"]) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x8100, 0x18f) 116.806639ms ago: executing program 3 (id=528): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000007a010000000000000000000001000000b9901205aa65ef70ecf8732aaa65f59bd13d66ba0969d64e7bce5580bbd5bf36e95f9492ac1225e07aa9dec09a53d7b7026eb52f3481be2a71040a763ed9e3773bd4a023b50372094415db2773cc653dec608a77d15b747e3c5b559fc922e63827fcf4ac9fb3cee19a62"]) (async, rerun: 64) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (rerun: 64) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"]) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000000)={@flat=@binder={0x73622a85, 0x100, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @flat=@binder={0x73622a85, 0x3000, 0x2}}, &(0x7f0000000580)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) (async, rerun: 64) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000003c0)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000140)={@ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x2}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000080)={0x0, 0x28, 0x40}}}], 0x9d, 0x0, &(0x7f00000002c0)="86a26c9da618d909bce30b7cf1cd8e3cd67bebed2f51f050b192202dc79a841f2307e8a18d200c24f92523c2e73cd5d0392854de671d87310511c3173d65868163dae6dca81ce9330e7f8083114ca0336d334fce1f60203ec29a53e0f3109b5f95a1f5a20b1ee8f1d39b9660a40c44c98093ce8a73170e7bde42b3d6635738d31f142a3cc29ae231a13c3312602d24a87dd2633985828593c874478e39"}) (async, rerun: 64) r7 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0x8010aebb) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000380)={0x1, &(0x7f0000000240)=[{0x1, 0x56, 0x4, 0x8}]}) 74.615919ms ago: executing program 2 (id=529): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000040)) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x1c7cf79f) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x106f) ioctl$RTC_WIE_ON(r0, 0x700f) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000080)={0x0, 0x0, {0x2a, 0x37, 0x16, 0xc, 0x5, 0x1, 0x4, 0xc0, 0x1}}) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x44e02, 0x0) ioctl$RTC_UIE_ON(r1, 0x7003) read$rfkill(r1, &(0x7f0000000100), 0x8) ioctl$F2FS_IOC_SET_PIN_FILE(r1, 0x4004f50d, &(0x7f0000000140)) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000180)) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f00000001c0)={0x1, 0x1, {0x33, 0x11, 0x2, 0x19, 0x0, 0x2, 0x1, 0xb6, 0xffffffffffffffff}}) r2 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/fs/binfmt_misc/syz2\x00', 0x2, 0x0) write$binfmt_format(r2, &(0x7f0000000240)='1\x00', 0x2) ioctl$AUTOFS_IOC_ASKUMOUNT(r1, 0x80049370, &(0x7f0000000280)) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000002c0)={0xa59, 0xc, 0x8b, 0x4, 0x83}) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000300), 0x70000, 0x0) ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x3, 0x4, 0x5, 0xef2c}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)={[{0x2b, 'net_cls'}, {0x10, 'freezer'}, {0x2d, 'freezer'}, {0x2b, 'rlimit'}, {0x2d, 'net'}, {0x2d, 'blkio'}]}, 0x2f) r4 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$F2FS_IOC_SEC_TRIM_FILE(r4, 0x4018f514, &(0x7f0000000400)={0x4, 0x6, 0x3}) ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x4) write$selinux_user(r1, &(0x7f0000000440)={'system_u:object_r:zero_device_t:s0', 0x20, 'staff_u\x00'}, 0x2b) r5 = openat$cgroup_subtree(r1, &(0x7f0000000480), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f00000004c0)={[{0x2d, 'io'}, {0x2d, 'rlimit'}, {0x2b, 'io'}, {0x2d, 'memory'}, {0x2d, 'hugetlb'}]}, 0x21) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r3, 0x80286722, &(0x7f0000000540)={&(0x7f0000000500)=""/44, 0x2c, 0x7fff, 0x9}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x80, 0x86) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x2010, r6, 0x2facb000) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$RTC_SET_TIME(r6, 0x4024700a, &(0x7f00000005c0)={0x28, 0xb, 0x7, 0x5, 0x1, 0x4, 0x5, 0x13f, 0x1}) 69.837649ms ago: executing program 2 (id=530): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0xb7a8e1ac730ea3f6, 0xffffffffffffffff}) mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r0, 0x2) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x90, 0x0, &(0x7f00000001c0)=[@decrefs, @decrefs={0x40046307, 0x3}, @exit_looper, @clear_death={0x400c630f, 0x1}, @acquire_done={0x40106309, 0x1}, @dead_binder_done, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000600)={@fd={0x66642a85, 0x0, r0}, @flat=@handle={0x73682a85, 0x0, 0xfffffffc}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000040)={0x0, 0x18, 0x30}}, 0x40}], 0xffffffffffffffc5, 0x0, 0x0}) r2 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000080)=r2, 0x12) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000500)='syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f0000000540)={0x2a000000, &(0x7f00000005c0), &(0x7f00000002c0), &(0x7f0000000300), {0x1d}, &(0x7f0000000340)=""/149, 0x95, &(0x7f0000000400)=""/192, &(0x7f00000004c0)=[r2], 0x1, {r5}}, 0x58) 50.543129ms ago: executing program 3 (id=531): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x7704, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffffffffffffff) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000000)) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x110, r0, 0x1d4e000) 40.368419ms ago: executing program 2 (id=532): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000008c0)={0x2, 0x0, [{0x4, 0x6c, &(0x7f0000000580)=""/108}, {0x1, 0xffffffffffffffee, &(0x7f00000007c0)=""/203}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=""/92, &(0x7f00000002c0)=""/250, &(0x7f00000003c0)=""/185, 0xdddd1000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x5, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) (async) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) (async) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000008c0)={0x2, 0x0, [{0x4, 0x6c, &(0x7f0000000580)=""/108}, {0x1, 0xffffffffffffffee, &(0x7f00000007c0)=""/203}]}) (async) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) (async) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=""/92, &(0x7f00000002c0)=""/250, &(0x7f00000003c0)=""/185, 0xdddd1000}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x5, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) (async) 0s ago: executing program 3 (id=533): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="02000000777744952bdf04eb1bdcb210399666e08a771810d499218737214495f54176b7613c5cb2", 0x28) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000540)=[@dead_binder_done, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x26, 0x700000000000000, 0x0}) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x1c5}]}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x65, 0x0, &(0x7f0000000140)="6efa86ba44c4dcef07b59db7e9a27f48a6e930da91c08c993e71a416eb2235d1314cf41411de9aa874429c871656ff38656d42c237a569b22dc9923150d6eb5b381125c2173cdb022eb5d8fc7a7df730ad34e08a536eaca88d851d6505f7b2b6831911631a"}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts. [ 19.744027][ T36] audit: type=1400 audit(1750413681.300:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.745165][ T281] cgroup: Unknown subsys name 'net' [ 19.766659][ T36] audit: type=1400 audit(1750413681.300:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.795218][ T36] audit: type=1400 audit(1750413681.330:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.795355][ T281] cgroup: Unknown subsys name 'devices' [ 19.918415][ T281] cgroup: Unknown subsys name 'hugetlb' [ 19.924018][ T281] cgroup: Unknown subsys name 'rlimit' [ 20.074731][ T36] audit: type=1400 audit(1750413681.630:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.097921][ T36] audit: type=1400 audit(1750413681.630:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.106764][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.122800][ T36] audit: type=1400 audit(1750413681.630:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.151366][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.154540][ T36] audit: type=1400 audit(1750413681.700:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.188548][ T36] audit: type=1400 audit(1750413681.700:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.214212][ T36] audit: type=1400 audit(1750413681.710:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.239756][ T36] audit: type=1400 audit(1750413681.710:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.401597][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.408890][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.415943][ T291] bridge_slave_0: entered allmulticast mode [ 21.422255][ T291] bridge_slave_0: entered promiscuous mode [ 21.438523][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.445583][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.452833][ T291] bridge_slave_1: entered allmulticast mode [ 21.459168][ T291] bridge_slave_1: entered promiscuous mode [ 21.467171][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.474197][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.481297][ T289] bridge_slave_0: entered allmulticast mode [ 21.487660][ T289] bridge_slave_0: entered promiscuous mode [ 21.493675][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.500948][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.508070][ T290] bridge_slave_0: entered allmulticast mode [ 21.514233][ T290] bridge_slave_0: entered promiscuous mode [ 21.525104][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.532154][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.539241][ T289] bridge_slave_1: entered allmulticast mode [ 21.545501][ T289] bridge_slave_1: entered promiscuous mode [ 21.551572][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.558640][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.565688][ T290] bridge_slave_1: entered allmulticast mode [ 21.572140][ T290] bridge_slave_1: entered promiscuous mode [ 21.614539][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.621667][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.628740][ T288] bridge_slave_0: entered allmulticast mode [ 21.634908][ T288] bridge_slave_0: entered promiscuous mode [ 21.641148][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.648201][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.655257][ T288] bridge_slave_1: entered allmulticast mode [ 21.661695][ T288] bridge_slave_1: entered promiscuous mode [ 21.786507][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.793601][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.800918][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.807949][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.822445][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.829605][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.836886][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.844428][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.868240][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.875301][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.882699][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.889737][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.908078][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.915130][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.922418][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.929455][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.948043][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.955310][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.962736][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.969846][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.977198][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.984302][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.991505][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.001267][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.008328][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.048816][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.055960][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.068750][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.075806][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.095883][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.102954][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.112500][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.119571][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.135490][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.142540][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.154709][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.161800][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.175545][ T290] veth0_vlan: entered promiscuous mode [ 22.200573][ T290] veth1_macvtap: entered promiscuous mode [ 22.221677][ T289] veth0_vlan: entered promiscuous mode [ 22.231687][ T291] veth0_vlan: entered promiscuous mode [ 22.246190][ T288] veth0_vlan: entered promiscuous mode [ 22.260402][ T291] veth1_macvtap: entered promiscuous mode [ 22.275532][ T288] veth1_macvtap: entered promiscuous mode [ 22.290395][ T289] veth1_macvtap: entered promiscuous mode [ 22.316343][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 22.381236][ T310] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 22.451092][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 22.471933][ T322] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 22.480866][ T322] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 22.512905][ T331] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 22.549930][ T338] ======================================================= [ 22.549930][ T338] WARNING: The mand mount option has been deprecated and [ 22.549930][ T338] and is ignored by this kernel. Remove the mand [ 22.549930][ T338] option from the mount to silence this warning. [ 22.549930][ T338] ======================================================= [ 22.598883][ T339] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 22.608605][ T339] SELinux: failed to load policy [ 22.755232][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.755257][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.761968][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.769339][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.774867][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.781796][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.788256][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.788478][ T348] rust_binder: Error in use_page_slow: ESRCH [ 22.794781][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.808074][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.813569][ T348] rust_binder: use_range failure ESRCH [ 22.813586][ T348] rust_binder: Failed to allocate buffer. len:128, is_oneway:true [ 22.820570][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.833697][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.840518][ T348] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 22.841137][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.856817][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.862856][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.869700][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.871332][ T348] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:8 [ 22.879483][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.892091][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.898292][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.905058][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.914525][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.921909][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.927832][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.936604][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.940730][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.947677][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.953708][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.960443][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.966783][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.967056][ T350] rust_binder: Error while translating object. [ 22.973301][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 22.979685][ T350] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 22.986163][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.003619][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.008419][ T350] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:21 [ 23.008444][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.024177][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.030859][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.037181][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.043664][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.050433][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.056704][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.063214][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.070873][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.078767][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.085252][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.092022][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.098359][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.104869][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.111475][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.118087][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.124299][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.131056][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.137910][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.143941][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.151929][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.158039][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.163703][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.170429][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.177320][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.183354][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.190116][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.196865][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.203094][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.209881][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.216017][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.222800][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.231588][ T346] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.267413][ T355] rust_binder: Failed to allocate buffer. len:152, is_oneway:false [ 23.269419][ T355] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 23.277587][ T355] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:24 [ 23.424889][ T365] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:14 [ 23.436313][ T365] rust_binder: Read failure Err(EFAULT) in pid:14 [ 23.548653][ T373] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:16 [ 23.555238][ T372] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:16 [ 23.733956][ T380] rust_binder: Write failure EFAULT in pid:30 [ 23.818909][ T385] random: crng reseeded on system resumption [ 24.005366][ T392] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.005396][ T392] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.007243][ T393] rust_binder: Write failure EINVAL in pid:19 [ 24.012206][ T392] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.039779][ T397] rust_binder: Write failure EFAULT in pid:27 [ 24.042831][ T399] rust_binder: Error while translating object. [ 24.052517][ T399] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 24.058950][ T399] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:24 [ 24.075776][ T400] rust_binder: Write failure EFAULT in pid:27 [ 24.101916][ T406] rust_binder: Write failure EFAULT in pid:28 [ 24.506319][ T326] Bluetooth: hci0: command 0x1003 tx timeout [ 24.506959][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 24.616077][ T442] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.625132][ T442] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 24.679073][ T445] kvm_intel: kvm [444]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 24.748092][ T36] kauditd_printk_skb: 78 callbacks suppressed [ 24.748108][ T36] audit: type=1400 audit(1750413686.310:152): avc: denied { compute_member } for pid=453 comm="syz.2.44" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 24.774478][ T36] audit: type=1400 audit(1750413686.310:153): avc: denied { read } for pid=453 comm="syz.2.44" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 24.847097][ T36] audit: type=1400 audit(1750413686.410:154): avc: denied { write } for pid=457 comm="syz.2.47" name="pfkey" dev="proc" ino=4026532401 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 24.877140][ T463] rust_binder: Write failure EINVAL in pid:39 [ 24.928236][ T36] audit: type=1400 audit(1750413686.490:155): avc: denied { append } for pid=477 comm="syz.2.50" name="pfkey" dev="proc" ino=4026532401 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 24.930753][ T476] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 24.947495][ T478] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 24.975621][ T478] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 24.985049][ T478] binder: Bad value for 'max' [ 25.077832][ T483] binder: Unknown parameter '18446744073709551615' [ 25.116914][ T36] audit: type=1400 audit(1750413686.680:156): avc: denied { checkpoint_restore } for pid=484 comm="syz.2.53" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 25.150435][ T36] audit: type=1400 audit(1750413686.710:157): avc: denied { write } for pid=487 comm="syz.0.54" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 25.187569][ T36] audit: type=1326 audit(1750413686.750:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=489 comm="syz.2.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e078e929 code=0x7ffc0000 [ 25.202240][ T492] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:28 [ 25.216325][ T36] audit: type=1326 audit(1750413686.750:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=489 comm="syz.2.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff7e078e929 code=0x7ffc0000 [ 25.249428][ T36] audit: type=1326 audit(1750413686.750:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=489 comm="syz.2.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e078e929 code=0x7ffc0000 [ 25.272513][ T36] audit: type=1326 audit(1750413686.750:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=489 comm="syz.2.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff7e078e929 code=0x7ffc0000 [ 25.332394][ T502] input: syz0 as /devices/virtual/input/input6 [ 25.411285][ T504] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.416237][ T504] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 25.443230][ T508] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.451398][ T509] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 25.562517][ T517] rust_binder: Write failure EFAULT in pid:60 [ 26.261813][ T537] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.385862][ T546] rust_binder: Write failure EINVAL in pid:76 [ 26.393391][ T546] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:76 [ 26.400444][ T545] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:46 [ 26.417791][ T548] rust_binder: Error while translating object. [ 26.427065][ T548] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.433231][ T548] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:79 [ 26.474029][ T553] rust_binder: Write failure EFAULT in pid:48 [ 26.514847][ T558] binder: Unknown parameter 'ÿÿ' [ 26.535463][ T563] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 26.552715][ T563] rust_binder: Read failure Err(EAGAIN) in pid:63 [ 26.555410][ T565] rust_binder: Write failure EINVAL in pid:86 [ 26.616216][ T568] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:65 [ 26.622695][ T569] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.622884][ T570] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:65 [ 26.668539][ T575] binder: Unknown parameter 'context' [ 26.675325][ T578] binder: Bad value for 'max' [ 26.791130][ T592] rust_binder: Write failure EINVAL in pid:93 [ 26.883791][ T598] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:79 [ 26.906348][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 26.916649][ T326] Bluetooth: hci0: command 0x1003 tx timeout [ 26.942494][ T599] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62 [ 27.055189][ T612] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 27.071775][ T612] rust_binder: Write failure EINVAL in pid:85 [ 27.709222][ T731] kernel profiling enabled (shift: 63) [ 27.721695][ T731] profiling shift: 63 too large [ 27.828669][ T761] : tun_chr_ioctl cmd 1074025675 [ 27.833922][ T761] : persist disabled [ 28.420495][ T929] block device autoloading is deprecated and will be removed. [ 28.445104][ T929] syz.2.214: attempt to access beyond end of device [ 28.445104][ T929] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 29.107721][ T293] Bluetooth: hci0: Frame reassembly failed (-84) [ 29.114201][ T293] Bluetooth: hci0: Frame reassembly failed (-84) [ 29.120657][ T293] Bluetooth: hci0: Frame reassembly failed (-84) [ 29.127354][ T1079] Bluetooth: hci0: Frame reassembly failed (-84) [ 29.756918][ T36] kauditd_printk_skb: 1201 callbacks suppressed [ 29.756936][ T36] audit: type=1400 audit(1750413691.320:1363): avc: denied { read } for pid=1200 comm="syz.1.317" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 29.789109][ T36] audit: type=1400 audit(1750413691.350:1364): avc: denied { read } for pid=1200 comm="syz.1.317" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 29.812159][ T36] audit: type=1400 audit(1750413691.350:1365): avc: denied { read } for pid=1202 comm="syz.2.318" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 29.835270][ T36] audit: type=1400 audit(1750413691.360:1366): avc: denied { read } for pid=1202 comm="syz.2.318" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 29.858586][ T36] audit: type=1400 audit(1750413691.370:1367): avc: denied { read write } for pid=291 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 29.885179][ T36] audit: type=1400 audit(1750413691.370:1368): avc: denied { read } for pid=1200 comm="syz.1.317" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 29.916419][ T36] audit: type=1400 audit(1750413691.370:1369): avc: denied { read } for pid=1200 comm="syz.1.317" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 29.921957][ T1210] audit: audit_backlog=65 > audit_backlog_limit=64 [ 29.939329][ T36] audit: type=1400 audit(1750413691.370:1370): avc: denied { read } for pid=1205 comm="syz.2.319" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0 [ 29.974545][ T36] audit: type=1400 audit(1750413691.390:1371): avc: denied { load_policy } for pid=1205 comm="syz.2.319" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=0 [ 30.555282][ T1309] PM: Enabling pm_trace changes system date and time during resume. [ 30.555282][ T1309] PM: Correct system time has to be restored manually after resume. [ 30.589402][ T1312] serio: Serial port ttynull [ 30.691009][ T1319] syz.0.357: attempt to access beyond end of device [ 30.691009][ T1319] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 31.146292][ T326] Bluetooth: hci0: command 0x1003 tx timeout [ 31.146292][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 32.160087][ T1441] syzkaller0: tun_chr_ioctl cmd 3223385353 [ 32.474857][ T59] Bluetooth: hci0: Frame reassembly failed (-84) [ 32.705110][ T59] Bluetooth: hci1: Frame reassembly failed (-90) [ 33.674306][ T1537] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 34.506346][ T1495] Bluetooth: hci0: command 0x1003 tx timeout [ 34.506351][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 34.700296][ T1569] tap0: tun_chr_ioctl cmd 1074025678 [ 34.710160][ T1569] tap0: group set to 0 [ 34.746305][ T326] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 34.752512][ T52] Bluetooth: hci1: command 0x1003 tx timeout [ 34.776273][ T36] kauditd_printk_skb: 28799 callbacks suppressed [ 34.776292][ T36] audit: type=1400 audit(1750413696.330:29746): avc: denied { read write } for pid=1575 comm="syz.2.453" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0 [ 34.793551][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 34.808830][ T1578] audit: audit_backlog=65 > audit_backlog_limit=64 [ 34.814005][ T288] audit: audit_lost=143 audit_rate_limit=0 audit_backlog_limit=64 [ 34.818966][ T1580] audit: audit_backlog=65 > audit_backlog_limit=64 [ 34.826863][ T288] audit: backlog limit exceeded [ 34.834538][ T1581] audit: audit_backlog=65 > audit_backlog_limit=64 [ 34.839036][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 34.849377][ T1581] audit: audit_lost=144 audit_rate_limit=0 audit_backlog_limit=64 [ 34.851536][ T288] audit: audit_lost=145 audit_rate_limit=0 audit_backlog_limit=64 [ 35.296410][ T1656] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 35.303132][ T305] Bluetooth: hci1: Frame reassembly failed (-84) [ 36.916292][ T1495] Bluetooth: hci0: command 0x1003 tx timeout [ 36.916308][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 37.115458][ T1706] cgroup: fork rejected by pids controller in /syz0 [ 37.241294][ T305] bridge_slave_1: left allmulticast mode [ 37.249569][ T305] bridge_slave_1: left promiscuous mode [ 37.255514][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.277064][ T305] bridge_slave_0: left allmulticast mode [ 37.283129][ T305] bridge_slave_0: left promiscuous mode [ 37.297528][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.306435][ T52] Bluetooth: hci1: command 0x1003 tx timeout [ 37.312474][ T326] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 37.459631][ T305] veth1_macvtap: left promiscuous mode [ 37.465580][ T305] veth0_vlan: left promiscuous mode [ 39.786351][ T36] kauditd_printk_skb: 35321 callbacks suppressed [ 39.786367][ T36] audit: type=1400 audit(1750413701.350:64741): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 39.794701][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 39.815993][ T36] audit: type=1400 audit(1750413701.350:64742): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 39.822694][ T288] audit: audit_lost=255 audit_rate_limit=0 audit_backlog_limit=64 [ 39.845699][ T36] audit: type=1400 audit(1750413701.350:64743): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 39.853511][ T288] audit: backlog limit exceeded [ 39.876598][ T36] audit: type=1400 audit(1750413701.350:64744): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 39.882021][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 39.904609][ T36] audit: type=1400 audit(1750413701.350:64745): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 39.911149][ T288] audit: audit_lost=256 audit_rate_limit=0 audit_backlog_limit=64 [ 44.796293][ T36] kauditd_printk_skb: 37633 callbacks suppressed [ 44.796308][ T36] audit: type=1400 audit(1750413706.350:101601): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.805035][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 44.826610][ T36] audit: type=1400 audit(1750413706.360:101602): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.833097][ T288] audit: audit_lost=516 audit_rate_limit=0 audit_backlog_limit=64 [ 44.856543][ T36] audit: type=1400 audit(1750413706.360:101603): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.864117][ T288] audit: backlog limit exceeded [ 44.887492][ T36] audit: type=1400 audit(1750413706.360:101604): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.892770][ T288] audit: audit_backlog=65 > audit_backlog_limit=64 [ 44.915901][ T36] audit: type=1400 audit(1750413706.360:101605): avc: denied { setattr } for pid=288 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=0 [ 44.922144][ T288] audit: audit_lost=517 audit_rate_limit=0 audit_backlog_limit=64 [ 46.170386][ T305] bridge_slave_1: left allmulticast mode [ 46.176070][ T305] bridge_slave_1: left promiscuous mode [ 46.181693][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.189046][ T305] bridge_slave_0: left allmulticast mode [ 46.194657][ T305] bridge_slave_0: left promiscuous mode [ 46.200392][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.328033][ T305] veth1_macvtap: left promiscuous mode [ 46.333537][ T305] veth0_vlan: left promiscuous mode [ 47.869510][ T305] bridge_slave_1: left allmulticast mode [ 47.875199][ T305] bridge_slave_1: left promiscuous mode [ 47.880956][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.888314][ T305] bridge_slave_0: left allmulticast mode [ 47.893924][ T305] bridge_slave_0: left promiscuous mode [ 47.899569][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.998593][ T305] veth1_macvtap: left promiscuous mode [ 48.004253][ T305] veth0_vlan: left promiscuous mode [ 48.297881][ T305] bridge_slave_1: left allmulticast mode [ 48.303623][ T305] bridge_slave_1: left promiscuous mode [ 48.309265][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.316687][ T305] bridge_slave_0: left allmulticast mode [ 48.322309][ T305] bridge_slave_0: left promiscuous mode [ 48.327918][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.407942][ T305] veth1_macvtap: left promiscuous mode [ 48.413438][ T305] veth0_vlan: left promiscuous mode [ 53.166719][ T49] sched: DL replenish lagged too much