last executing test programs: 3.407464077s ago: executing program 2 (id=1093): mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x200000, &(0x7f0000000380)=ANY=[@ANYBLOB='max=00000000000000000000002,stats=global,stats=']) (async) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000000)={0x7, 0x2, 0x8, 0x7, 0xc}) 3.278631169s ago: executing program 2 (id=1094): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x2) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1a41, 0x0) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000080)={0x5, 0x0, 0x10}}) r2 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) write$binfmt_register(r2, &(0x7f0000000080)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x3, 0x3a, '.^', 0x3a, '&]!/', 0x3a, './cgroup', 0x3a, [0x46, 0x46]}, 0x30) r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xc0000, 0x0) r4 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x4) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {0x0, 0x7, 0x0, 0x804}, 0x7, [0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfffffffd, 0x3, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0x80000, 0x0, 0x8000180d, 0x0, 0xae4d, 0x0, 0x0, 0x3], [0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x101, 0x1, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42c, 0x0, 0x0, 0x400, 0x0, 0xed0, 0x4000000], [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3e8, 0xfffffffd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffb]}, 0x45c) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) write$uinput_user_dev(r5, &(0x7f0000000980)={'syz0\x00', {0xc, 0xc, 0x8ce, 0x8}, 0x28, [0x6, 0x9, 0x8f28, 0x987, 0xfffff5b6, 0x80000001, 0x8, 0x80000000, 0x200, 0x8001, 0x36c9, 0xec, 0x1, 0xfffffffb, 0x7fffffff, 0x1, 0x6, 0x5d9, 0x3, 0x0, 0x5, 0xb, 0x9, 0xc9e2, 0x9, 0x7, 0x3, 0xe, 0x8, 0x2aed2b6e, 0x46, 0x7f, 0x400, 0x8000, 0x2, 0x0, 0x3, 0x0, 0x7, 0xa4, 0x4, 0x3, 0x2, 0x6, 0xfffffff2, 0x6, 0x3, 0x7, 0x5, 0x200, 0x2, 0x0, 0x8, 0x10, 0x3, 0x1, 0x40, 0x80000001, 0x9, 0x6, 0x8, 0xcd2, 0x0, 0x5], [0xe9, 0xf, 0x1000, 0x5, 0xffd, 0x9, 0x346d353, 0x6, 0x2f, 0xff, 0x82000000, 0x7f, 0x7fff, 0x3, 0x80b, 0x1, 0x3d5, 0x10000, 0xffff, 0x6, 0xb, 0x5, 0x3, 0x10, 0x476, 0x80000000, 0x5, 0x40, 0x4, 0x10, 0x3, 0xfffffff8, 0x4, 0x3, 0x3f1, 0x2, 0xc, 0x91, 0x30000000, 0xfffffff8, 0x4, 0x1ff, 0x2, 0x1c000, 0x5, 0x7, 0x80000001, 0x7, 0x3, 0x9, 0x22f5688b, 0xd6c, 0xf6e5, 0xdf, 0x5, 0x2, 0x2, 0xfffffff8, 0x4, 0xffff, 0xb, 0x1, 0x1, 0x7], [0x0, 0x48, 0x0, 0xa13e, 0x104, 0x3, 0x3, 0x9, 0x8, 0x4, 0x8000, 0x3, 0x5, 0x2, 0x9, 0x5, 0x6, 0x401, 0x9, 0x80000000, 0x0, 0xf, 0x9, 0x6, 0x0, 0x0, 0x8000, 0x7fff, 0x5, 0x5, 0x14580ffb, 0x6, 0x5, 0x1, 0x1, 0x80, 0x400, 0x8, 0xb0, 0x8, 0x9, 0x7, 0x6, 0x97af, 0x7, 0x3, 0x18000, 0x101, 0x3, 0x4, 0xae3, 0x4, 0x8, 0xec, 0x3a, 0x7, 0x186, 0x0, 0x38000000, 0x8b3, 0x9, 0x7, 0x9, 0x4], [0x200, 0x89, 0x0, 0x2, 0x1, 0x7f, 0xa, 0x3, 0x9, 0x6, 0x0, 0x4, 0x0, 0x3, 0x4d1d, 0x2, 0x6, 0x4, 0x5, 0x0, 0x9, 0x9, 0xff, 0xd, 0x4, 0x2, 0x0, 0xe6, 0x6, 0x81, 0xdbe, 0xffff34e6, 0x0, 0x3, 0x800, 0x8000, 0x7, 0xffffffff, 0x376d, 0x3, 0x2, 0x1a, 0x8, 0xe, 0x7, 0x80, 0x2478e471, 0x2, 0x8, 0x4, 0x40000004, 0x1, 0x868, 0x8001, 0x8, 0xb, 0x8, 0xd, 0x80, 0x400004, 0x1, 0x7, 0x8c, 0x200]}, 0x45c) write$cgroup_type(r4, &(0x7f0000000000), 0x9) ioctl$BLKRRPART(r1, 0x125f, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async) ioctl$TCFLSH(r0, 0x400455c8, 0x0) (async) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x2) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1a41, 0x0) (async) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000080)={0x5, 0x0, 0x10}}) (async) openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) (async) write$binfmt_register(r2, &(0x7f0000000080)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x3, 0x3a, '.^', 0x3a, '&]!/', 0x3a, './cgroup', 0x3a, [0x46, 0x46]}, 0x30) (async) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xc0000, 0x0) (async) openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x4) (async) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {0x0, 0x7, 0x0, 0x804}, 0x7, [0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfffffffd, 0x3, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0x80000, 0x0, 0x8000180d, 0x0, 0xae4d, 0x0, 0x0, 0x3], [0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x101, 0x1, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42c, 0x0, 0x0, 0x400, 0x0, 0xed0, 0x4000000], [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3e8, 0xfffffffd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffb]}, 0x45c) (async) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) (async) write$uinput_user_dev(r5, &(0x7f0000000980)={'syz0\x00', {0xc, 0xc, 0x8ce, 0x8}, 0x28, [0x6, 0x9, 0x8f28, 0x987, 0xfffff5b6, 0x80000001, 0x8, 0x80000000, 0x200, 0x8001, 0x36c9, 0xec, 0x1, 0xfffffffb, 0x7fffffff, 0x1, 0x6, 0x5d9, 0x3, 0x0, 0x5, 0xb, 0x9, 0xc9e2, 0x9, 0x7, 0x3, 0xe, 0x8, 0x2aed2b6e, 0x46, 0x7f, 0x400, 0x8000, 0x2, 0x0, 0x3, 0x0, 0x7, 0xa4, 0x4, 0x3, 0x2, 0x6, 0xfffffff2, 0x6, 0x3, 0x7, 0x5, 0x200, 0x2, 0x0, 0x8, 0x10, 0x3, 0x1, 0x40, 0x80000001, 0x9, 0x6, 0x8, 0xcd2, 0x0, 0x5], [0xe9, 0xf, 0x1000, 0x5, 0xffd, 0x9, 0x346d353, 0x6, 0x2f, 0xff, 0x82000000, 0x7f, 0x7fff, 0x3, 0x80b, 0x1, 0x3d5, 0x10000, 0xffff, 0x6, 0xb, 0x5, 0x3, 0x10, 0x476, 0x80000000, 0x5, 0x40, 0x4, 0x10, 0x3, 0xfffffff8, 0x4, 0x3, 0x3f1, 0x2, 0xc, 0x91, 0x30000000, 0xfffffff8, 0x4, 0x1ff, 0x2, 0x1c000, 0x5, 0x7, 0x80000001, 0x7, 0x3, 0x9, 0x22f5688b, 0xd6c, 0xf6e5, 0xdf, 0x5, 0x2, 0x2, 0xfffffff8, 0x4, 0xffff, 0xb, 0x1, 0x1, 0x7], [0x0, 0x48, 0x0, 0xa13e, 0x104, 0x3, 0x3, 0x9, 0x8, 0x4, 0x8000, 0x3, 0x5, 0x2, 0x9, 0x5, 0x6, 0x401, 0x9, 0x80000000, 0x0, 0xf, 0x9, 0x6, 0x0, 0x0, 0x8000, 0x7fff, 0x5, 0x5, 0x14580ffb, 0x6, 0x5, 0x1, 0x1, 0x80, 0x400, 0x8, 0xb0, 0x8, 0x9, 0x7, 0x6, 0x97af, 0x7, 0x3, 0x18000, 0x101, 0x3, 0x4, 0xae3, 0x4, 0x8, 0xec, 0x3a, 0x7, 0x186, 0x0, 0x38000000, 0x8b3, 0x9, 0x7, 0x9, 0x4], [0x200, 0x89, 0x0, 0x2, 0x1, 0x7f, 0xa, 0x3, 0x9, 0x6, 0x0, 0x4, 0x0, 0x3, 0x4d1d, 0x2, 0x6, 0x4, 0x5, 0x0, 0x9, 0x9, 0xff, 0xd, 0x4, 0x2, 0x0, 0xe6, 0x6, 0x81, 0xdbe, 0xffff34e6, 0x0, 0x3, 0x800, 0x8000, 0x7, 0xffffffff, 0x376d, 0x3, 0x2, 0x1a, 0x8, 0xe, 0x7, 0x80, 0x2478e471, 0x2, 0x8, 0x4, 0x40000004, 0x1, 0x868, 0x8001, 0x8, 0xb, 0x8, 0xd, 0x80, 0x400004, 0x1, 0x7, 0x8c, 0x200]}, 0x45c) (async) write$cgroup_type(r4, &(0x7f0000000000), 0x9) (async) ioctl$BLKRRPART(r1, 0x125f, 0x0) (async) 1.91134852s ago: executing program 0 (id=1107): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff77, 0x0, &(0x7f0000000140)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000100), 0x90046, &(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYBLOB="181606b7fb2014000000000000000000"]) 1.776418722s ago: executing program 0 (id=1109): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x6, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cgroup.max.descendants\x00', 0x2, 0x0) read(r2, &(0x7f0000000440)=""/137, 0x89) read(r0, &(0x7f0000000140)=""/77, 0x4d) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r3, 0x8008770b, 0x0) 1.739743153s ago: executing program 0 (id=1111): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3f) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x65d}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000002400)=ANY=[@ANYBLOB="01008000000000007d020000000000000000000004000000"]) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000ff0200635e500000000000b1b5000000000000"]) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000040)=ANY=[@ANYBLOB="636f79424c0d56a72269358edd1994c3f9d26e746578743d73797374656d5f752c"]) 1.560771996s ago: executing program 1 (id=1113): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x8}, {0x6}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x9, 0x0, &(0x7f0000000140)=[@request_death], 0x0, 0x0, 0x0}) 1.424001908s ago: executing program 0 (id=1114): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c9801288363"], 0xffdd) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xa4, 0x0, &(0x7f0000001380)=[@increfs_done={0x40106308, 0x3}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000, 0x1, 0x2e}, @ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/119, 0x77, 0x0, 0x3b}, @ptr={0x70742a85, 0x1, &(0x7f0000000100), 0x0, 0x0, 0x39}}, &(0x7f0000000200)={0x0, 0x28, 0x50}}, 0x40}, @transaction={0x40406300, {0x7, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/38, 0x26, 0x2, 0x2a}, @fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0xffff1000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f"]) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xaece, 0x1) read(r3, &(0x7f0000000040)=""/8, 0x8) openat$random(0xffffffffffffff9c, &(0x7f0000000940), 0x800, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000f"]) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000001c0)={[0x6, 0x20000006, 0x84, 0x9, 0x10003, 0x0, 0x400200cc1, 0x9, 0x4, 0x0, 0x0, 0xb, 0x2, 0x0, 0x410, 0x8d], 0xffff1000, 0x2011d2}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) 1.301583599s ago: executing program 0 (id=1115): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) read(r0, &(0x7f0000000080)=""/1, 0x1) read(r0, &(0x7f00000002c0)=""/222, 0xde) write$cgroup_subtree(r0, &(0x7f0000000040)={[{0x2b, 'cpuacct'}, {0x2d, 'net'}, {0x2d, 'cpuset'}, {0x2d, 'blkio'}, {0x2d, 'cpuacct'}, {0x2d, 'devices'}, {0x2b, 'devices'}]}, 0x38) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x408080, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2}) read(r1, &(0x7f00000004c0)=""/92, 0x5c) 1.224654461s ago: executing program 0 (id=1116): openat$rnullb(0xffffffffffffff9c, 0x0, 0x200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000800)='/sys/power/image_size', 0x141a82, 0x0) write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000000), 0xa) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000033c0), 0x0, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0) ioctl$BLKRRPART(r2, 0x125f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xc1, 0x0, 0x390}]}) read$FUSE(r1, 0x0, 0x0) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r8, 0x400455c8, 0x4) ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000140)=0x34) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$vga_arbiter(r9, &(0x7f0000000100)=@other={'lock', ' ', 'none'}, 0xa) ioctl$KVM_SET_DEBUGREGS(r9, 0x4080aea2, &(0x7f0000000080)={[0xf000, 0x10000, 0xdddd1000], 0x9, 0x2a, 0x7}) ioctl$BLKROSET(r7, 0x125d, &(0x7f0000000540)=0x10001) ioctl$BLKRRPART(r6, 0x125f, 0x0) 1.107092382s ago: executing program 2 (id=1117): mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x200000, &(0x7f0000000380)=ANY=[@ANYBLOB='max=00000000000000000000002,stats=global,stats=']) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000000)=0x1) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x10010, r1, 0x368ab000) 982.461945ms ago: executing program 2 (id=1118): mmap(&(0x7f00001fb000/0x2000)=nil, 0x2000, 0x1000009, 0x4010, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) write$binfmt_register(r1, &(0x7f0000000240)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x31ae, 0x3a, './binderfs2/binder0\x00', 0x3a, '', 0x3a, './file0', 0x3a, [0x43]}, 0x3c) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f00000003c0)=ANY=[@ANYBLOB="01000a00bbbbbbbbbbbbbbbbbbbbbbbbaaaaaaaaaabb00000000000042bf31aaaaaaaaaaaaffffffffffffaaaaaaaaaabbaaaaaaaa565da3e8e5920376d1aabb6e56206f07ed47afca827226d8b02d5f51df79ec7e6aa0fd5a2a7b9f17d8eff9c5d00ec56e45ef7d1fbff6689f542ff97b91927e2bff3c19ccd16676285d45da13abad3c0ec16ba13036565330715bfb2f2e193d4903022a39dc5d5c4606b4acf566f9ec6797c0ca1131377055dd1fad3062085a89ff857baaf298a4cca66b298c91a958eeafb4e18d1609458769417d057718eb6eb4763f14c95dbd0b1cd6ed02fb58d1143b0f10952ad7336cc5370b73ba76fcaa72850b58dfd52b2411f71a0ba280c1c97b3c6f9fdbbf8631882f0db8335f9b6036b9a686f3c3de23d2cc1058589288f7d3ddbd99eacde48030e0dbd04ca413c609032bd3f20c3b769bd04d220384f314d1"]) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0) write$cgroup_subtree(r2, &(0x7f0000000140)={[{0x2d, 'net_prio'}, {0x2b, 'memory'}, {0x2d, 'rdma'}]}, 0x18) r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x200c2, 0x0) close(r3) syz_clone(0x8250100, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$TUNGETDEVNETNS(r0, 0xff09, 0x0) ioctl$NS_GET_PARENT(r4, 0xb702, 0x0) mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x200000, &(0x7f0000000380)=ANY=[@ANYBLOB='max=00000000000000000000002,stats=global,stats=']) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0) 892.609286ms ago: executing program 2 (id=1119): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) mmap(&(0x7f00006f4000/0x3000)=nil, 0x3000, 0x100000d, 0x10, r0, 0x24ad000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x45809000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000007a80), 0x101000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008904"]) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x40000021, 0x0, 0x8}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x6, 0x2, 0x5}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000040)={[0x7, 0x1b742b6a, 0x7, 0x4235, 0x8, 0xb, 0xc, 0x6, 0x10001, 0x0, 0x40, 0x0, 0x7cf9, 0xf, 0x1, 0x9], 0x33339000, 0x20000}) 677.09743ms ago: executing program 1 (id=1120): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom0\x00', 0x0, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x80402, 0x0) write$cgroup_subtree(r1, 0x0, 0x9) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r2, 0x80585414, &(0x7f0000000380)) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0xe0, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x50, 0x18, &(0x7f00000003c0)={@fda={0x66646185, 0x5, 0x1, 0x3c}, @fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}, 0x400}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x1000}, @acquire={0x40046305, 0x1}, @dead_binder_done, @increfs_done={0x40106308, 0x3}, @exit_looper, @release, @increfs={0x40046304, 0x3}, @dead_binder_done], 0x9b, 0x0, &(0x7f00000002c0)="71363f7be39c71892e4b82ccc47f0438c252dc41a8a07f08ac38caca129232cc61511723e18c494a3cb43a897a9e05d278b508e33be82065b7f9c96ae57c16e4ef33206b2bddd50b99a46a3484b698b29dea05574f7e5f529d54c1b9337ba4eede0746294198a93252d452b55360e420034173619144bc7c7c7e0e9db6447173441b495cdf4cd6a6452fdd08ac4e3a138cbd0439d82aa18c27cf4e"}) prctl$PR_GET_CHILD_SUBREAPER(0x25) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000fcff72000040"]) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) 639.61978ms ago: executing program 3 (id=1121): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001640)={0x8, 0x0, &(0x7f0000001580)=[@decrefs={0x40046307, 0x2}], 0x0, 0x0, 0x0}) 508.540402ms ago: executing program 3 (id=1122): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000040)={0x0, 0xe40a, 0x5, 0x1}) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000440)={r1, "a245b2dd8a5afec503cf017b66b51ca6"}) r3 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000001440)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r3, &(0x7f0000001480)={'c', ' *:* ', 'rwm\x00'}, 0xa) (async) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f00000014c0)={0x400, 0x8}) (async, rerun: 64) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000001500)={0x0, @aes128, 0x0, @desc3}) (async, rerun: 64) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001540)='io.stat\x00', 0x0, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r4, 0x4018f50b, &(0x7f0000001580)={0x1, 0x9, 0x6}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000015c0)={0x5, 0x4, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) close(r0) (async) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000001600)={0x0, r3, 0x0, 0x5, 0xd0f, 0x3ff}) (async) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000001640), 0x1ca40, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) read$FUSE(r4, &(0x7f0000001740)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$binderfs(&(0x7f0000001680), &(0x7f00000016c0)='./binderfs\x00', &(0x7f0000001700), 0x2000000, &(0x7f0000003780)={[{@max={'max', 0x3d, 0x5e}}, {@stats}, {@stats}, {@max={'max', 0x3d, 0x9}}, {@stats}], [{@uid_gt={'uid>', r7}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]}) (async) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r0, 0x40047211, &(0x7f0000003840)=0x4) (async) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_GET_NESTED_STATE(r8, 0xc080aebe, &(0x7f0000003880)={{0x0, 0x0, 0x80}}) (async) r9 = openat(r4, &(0x7f0000005900)='./file0\x00', 0x137000, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000005940)={0x0, 0x0, 0x8, 0x0, '\x00', [{0x2, 0xb0, 0x2, 0x9, 0xffffffffffffffff, 0x6}, {0x1, 0x1, 0x3, 0x8001, 0x800, 0x64}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) (async, rerun: 64) read(r0, &(0x7f0000005c00)=""/153, 0x99) (async, rerun: 64) write$FUSE_GETXATTR(r9, &(0x7f0000005cc0)={0x18, 0xfffffffffffffff5, r6, {0x1}}, 0x18) (async) ioctl$PPPIOCUNBRIDGECHAN(r4, 0x7434) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r8, 0x400c6615, &(0x7f0000005d00)={0x0, @aes256, 0x0, @desc1}) (async) ioctl$F2FS_IOC_DEFRAGMENT(r9, 0xc010f508, &(0x7f0000005d40)={0x3, 0x101}) (async) ioctl$EXT4_IOC_MOVE_EXT(r9, 0xc028660f, &(0x7f0000005d80)={0x0, r8, 0x9, 0x1d09, 0x9, 0x2}) (async) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000005dc0)={r2, 0xfffffffffffffffc, 0x1, [0x3, 0xfffffffffffff1fa, 0x8d, 0x3, 0xffffffffffff7fff], [0xa, 0x4, 0x3, 0x2, 0x0, 0x2, 0x1000, 0xa50, 0x4, 0x6, 0x8000, 0x0, 0x4, 0x80000000, 0xd5b, 0x3, 0xfff, 0xffffffff80000000, 0x5, 0x7, 0x0, 0xffff, 0x7fffffffffffffff, 0xffff, 0x5, 0x4, 0xfffffffffffffffd, 0x6, 0x9, 0x7, 0xffffffffffff0001, 0x0, 0x8, 0x1, 0x5, 0xf013, 0xc000000000000, 0x10000, 0x80000000, 0x6000000000000, 0x9, 0x10001, 0x2, 0x3, 0x100000001, 0x800, 0x1, 0xc8, 0x2, 0x8, 0xf, 0x2, 0x81, 0x8, 0x29d, 0x1, 0xfff, 0xe7, 0x50000, 0x9, 0xfe6, 0x3, 0x1, 0x5, 0x101, 0xfffffffffffff269, 0x3ff, 0xb, 0x8, 0x9, 0xc, 0xa, 0x2, 0x6, 0x4, 0x8, 0xfffffffffffffff7, 0x7fffffff, 0x0, 0x7, 0x3, 0x6, 0x3, 0x4ee, 0x100000000, 0x9, 0xba, 0x83e, 0x5, 0x6, 0x400, 0x7, 0x401, 0x7, 0xe, 0x800, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0xd, 0x5, 0x0, 0x6, 0x180000000000, 0x6e8, 0x6, 0x10001, 0x6, 0x1, 0x3, 0x8, 0xd9ecf17, 0x9, 0x2, 0xffffffffffffffff, 0x6, 0xfffffffffc000000, 0xfff, 0x7fffffff]}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000006200)={r10, 0x1}) 487.423152ms ago: executing program 2 (id=1123): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f00000015c0)="2e872ecf9feef474253f5f8361fb437bb53b9b904de0dbbdbb5d04df0c089fb5576056b4d0dab2f029ed2e37765f6a0656665130f1deefc02ba1984f0ed5a3f68c6db7b7889ed9f103b66ac40eb3dad6"}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, 0x0) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3314) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xda6, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda6508340"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200a82, 0x0) 483.438462ms ago: executing program 3 (id=1124): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/disk', 0x141a82, 0x33) write$cgroup_netprio_ifpriomap(r0, &(0x7f00000010c0)={'vlan1', 0x32, 0x39}, 0x8) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000780)={0x2020}, 0x2020) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x48, 0x0, &(0x7f0000000200)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000140)={@flat=@weak_handle={0x77682a85, 0x1000}, @fda={0x66646185, 0x0, 0x8, 0x11}, @ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/164, 0xa4, 0x1, 0x3b}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}, @exit_looper], 0x0, 0x0, 0x0}) 443.099903ms ago: executing program 3 (id=1125): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x8001, 0x7, 0x0, 0x1c, 0x5, 0x2, 0xd, 0x2, 0xf9, 0x2, 0x80, 0x9, 0x1}, {0x6, 0x80, 0x8, 0xc4, 0x8, 0x7, 0x8, 0x9, 0x7, 0xff, 0x0, 0x4}, {0xe2a5, 0xd, 0x1, 0x9, 0x2, 0x6, 0x9, 0x8, 0x7f, 0x9, 0x56, 0xc, 0x100}], 0x4}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000}) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x200}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000080)='cgroup.clone_children\x00', 0x2, 0x0) (async) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cgroup.clone_children\x00', 0x2, 0x0) read(r5, &(0x7f0000000440)=""/137, 0x89) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3f) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x10, 0x0, 0x8000000000000002}]}) mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs2\x00', &(0x7f0000000140), 0x184888, &(0x7f0000000000)=ANY=[@ANYBLOB="0000ffffffffffffffff00"]) (async) mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs2\x00', &(0x7f0000000140), 0x184888, &(0x7f0000000000)=ANY=[@ANYBLOB="0000ffffffffffffffff00"]) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20e02, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r9, 0x45809000) write(r9, &(0x7f0000000200)="bbdb99c61248df71810108f767558c13b44b5ad388fb9010bf5e6c172ba23e9923d36e85a61562641967f07350c5106cef2f5f7521480ed9bb21e3aad8044a0229fe79b5ebce0ec53ff51b7bb71c7ef63354a141a1175a5d73838de92212b50415851acc8cffa6d14d4982b957e8021f5eb8afd1a57f8fd33be3a7829ac14e2d19e069c73f6ff392d38c0174e2891c6c0ae8df5338d8", 0x96) (async) write(r9, &(0x7f0000000200)="bbdb99c61248df71810108f767558c13b44b5ad388fb9010bf5e6c172ba23e9923d36e85a61562641967f07350c5106cef2f5f7521480ed9bb21e3aad8044a0229fe79b5ebce0ec53ff51b7bb71c7ef63354a141a1175a5d73838de92212b50415851acc8cffa6d14d4982b957e8021f5eb8afd1a57f8fd33be3a7829ac14e2d19e069c73f6ff392d38c0174e2891c6c0ae8df5338d8", 0x96) openat$sysfs(0xffffffffffffff9c, &(0x7f0000009700)='/sys/kernel/oops_count', 0x40, 0x2) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000009700)='/sys/kernel/oops_count', 0x40, 0x2) prctl$PR_SET_MM_EXE_FILE(0x39, 0xd, 0xffffffffffffffff) prctl$PR_MCE_KILL(0x21, 0x0, 0x0) 380.657344ms ago: executing program 1 (id=1126): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1419c1, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xb8) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x8480, 0x0) ioctl$RTC_UIE_OFF(r2, 0x7004) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x200000b, 0x41071, 0xffffffffffffffff, 0x894f000) mmap(&(0x7f0000000000/0xb36000)=nil, 0x7000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r4, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) mount$binderfs(&(0x7f00000021c0), &(0x7f0000002200)='./binderfs\x00', &(0x7f0000002240), 0x10, 0x0) 275.789186ms ago: executing program 1 (id=1127): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x400000b1, 0x0, 0x5e}]}) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4a81, &(0x7f0000000040)=ANY=[@ANYBLOB="ef6ac9cf84089c5093dfde30d31f286d61783d3030307f400000000000"]) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000100)=0x8) 127.875238ms ago: executing program 1 (id=1128): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2}) (async) ioctl$TUNSETLINK(r1, 0x400454cd, 0x324) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xc, 0x0, &(0x7f00000002c0)=[@free_buffer={0x40086315}], 0x0, 0x0, 0x0}) 12.7876ms ago: executing program 3 (id=1129): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0) ioctl$TUNSETLINK(r0, 0x40047438, 0xf0ff1f00000000) mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000, 0x0) ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000040)=0x7d) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/custom1\x00', 0x2, 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000080)=0x60) 11.305489ms ago: executing program 1 (id=1130): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) (async) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x12fe) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/bus/input/handlers\x00', 0x0, 0x0) openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000045c0)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) (async) write(r3, &(0x7f0000000580)="0400b9cc0e00d6052616f8274188e833db5d39ad492558bf6824ec180000000000002a92a9150435afdb3435df94634a69d165263c96cf0770cf583b3a4aa9af8fbeeec59b46289e853e0902ca9cb44062135d7626c29ebe99f9af02c885c8d2fc230af5d5dbe191faef353177481f8f7c8ead19e2dbb20d2d34057914a8d79195c9c7167b240ab43b027a885d252c2aef04e3797fe1dc4b63ef0072103062e1bc46315a557905686117d5e635edaa7800000000bd35e904ca8bfc89a45779c31a962103618b1c150d00"/211, 0xd3) (async) r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async) openat$cgroup_ro(r5, &(0x7f0000000280)='cpuacct.stat\x00', 0x0, 0x0) write$selinux_load(r4, &(0x7f0000000000)=ANY=[], 0x606c) read$FUSE(r3, &(0x7f0000006ac0)={0x2020}, 0x2020) write$tcp_mem(r3, &(0x7f0000000000)={0xe, 0x20, 0xddb6, 0x20, 0x8}, 0x48) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x180, 0x0) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) (async) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x4b564d02, 0x0, 0x3}]}) (async) ioctl$KVM_GET_EMULATED_CPUID(r6, 0xc008ae09, &(0x7f0000000080)) (async) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x98, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@handle={0x73682a85, 0x1, 0x3}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/55, 0x37, 0x2, 0x18}, @flat=@binder={0x73622a85, 0x1108, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/70, 0x46, 0x1, 0x1c}, @flat=@weak_handle={0x77682a85, 0x10b, 0x2}, @fd={0x66642a85, 0x0, r6}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 0s ago: executing program 3 (id=1131): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x9) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x15) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0xfffffffd, 0x0, 0x5}}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r4 = mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0xc, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r4}], 0xfffffffffffffeec, 0x0, &(0x7f0000000140)="f3"}) close(r3) write$uinput_user_dev(r2, &(0x7f0000000800)={'syz1\x00', {0x0, 0x5}, 0x0, [0x7, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xb77b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa], [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x7fff], [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x80000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8f, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x401, 0x2, 0x0, 0x6, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0xfffffffd]}, 0x45c) read$FUSE(0xffffffffffffffff, &(0x7f0000000080)={0x2020}, 0x2020) read$FUSE(0xffffffffffffffff, &(0x7f00000020c0)={0x2020}, 0x2020) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff038}, {0x6}]}) r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000005180), 0x0, 0x0) ioctl$RNDGETENTCNT(r5, 0x5207, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000009d02"]) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x18, 0x0, &(0x7f0000000000)=[@clear_death={0x400c630e}, @release], 0x0, 0x0, 0x0}) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000004100), 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) kernel console output (not intermixed with test programs): orwarding state [ 24.189184][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.196359][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.203818][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.210895][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.219697][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.227201][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.234466][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.242287][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.250513][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.258072][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.282421][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.289707][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.307809][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.314896][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.330768][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.337886][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.350312][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.357409][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.401107][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.408223][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.421165][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.428265][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.444264][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.451365][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.460164][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.467253][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.475822][ T289] veth0_vlan: entered promiscuous mode [ 24.503117][ T288] veth0_vlan: entered promiscuous mode [ 24.519275][ T289] veth1_macvtap: entered promiscuous mode [ 24.539167][ T288] veth1_macvtap: entered promiscuous mode [ 24.547875][ T290] veth0_vlan: entered promiscuous mode [ 24.570609][ T290] veth1_macvtap: entered promiscuous mode [ 24.593245][ T294] veth0_vlan: entered promiscuous mode [ 24.626095][ T294] veth1_macvtap: entered promiscuous mode [ 24.627597][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 24.691135][ T313] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.720989][ T312] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:2 [ 24.726511][ T318] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:2 [ 24.772793][ T322] rust_binder: Write failure EINVAL in pid:2 [ 24.825136][ T328] kvm: user requested TSC rate below hardware speed [ 24.898086][ T330] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 24.905246][ T330] rust_binder: Write failure EINVAL in pid:6 [ 25.009561][ T336] rust_binder: Error in use_page_slow: ESRCH [ 25.009587][ T336] rust_binder: use_range failure ESRCH [ 25.015742][ T336] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 25.021899][ T336] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 25.030302][ T336] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:6 [ 25.057591][ T339] SELinux: policydb version -688767820 does not match my version range 15-33 [ 25.076103][ T339] SELinux: failed to load policy [ 25.144086][ T344] binder: Unknown parameter 'dont_appraise' [ 25.169629][ T349] binder: Bad value for 'max' [ 25.246218][ T353] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 25.246243][ T353] rust_binder: Read failure Err(EFAULT) in pid:11 [ 25.255237][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 25.632443][ T375] binder: Unknown parameter 'nXI' [ 25.825471][ T377] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:20 [ 26.220142][ T387] rust_binder: Write failure EFAULT in pid:25 [ 26.289067][ T391] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 26.295194][ T391] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:25 [ 26.473203][ T394] binder: Unknown parameter 'fsmagic' [ 26.508153][ T397] input: syz1 as /devices/virtual/input/input4 [ 26.516194][ T397] input: failed to attach handler leds to device input4, error: -6 [ 26.588757][ T406] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 26.588783][ T406] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:29 [ 26.651693][ T414] rust_binder: Write failure EFAULT in pid:35 [ 26.753064][ T420] input: syz0 as /devices/virtual/input/input5 [ 26.827463][ T426] rust_binder: Write failure EINVAL in pid:30 [ 26.958607][ T430] rust_binder: Failed to allocate buffer. len:40, is_oneway:true [ 27.059241][ T434] rust_binder: Write failure EINVAL in pid:34 [ 27.296469][ T354] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 27.296539][ T355] Bluetooth: hci0: command 0x1003 tx timeout [ 27.369607][ T36] kauditd_printk_skb: 72 callbacks suppressed [ 27.369637][ T36] audit: type=1400 audit(1750397932.580:146): avc: denied { append } for pid=437 comm="syz.1.41" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 27.386824][ T438] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 27.410620][ T438] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:34 [ 27.445682][ T36] audit: type=1326 audit(1750397932.650:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=442 comm="syz.3.42" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe55c98e929 code=0x0 [ 27.523048][ T36] audit: type=1400 audit(1750397932.730:148): avc: denied { ioctl } for pid=444 comm="syz.1.43" path="/dev/rtc0" dev="devtmpfs" ino=195 ioctlcmd=0x700f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 27.649306][ T36] audit: type=1400 audit(1750397932.860:149): avc: denied { read } for pid=449 comm="syz.1.44" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 27.920835][ T462] SELinux: truncated policydb string identifier [ 27.927343][ T462] SELinux: failed to load policy [ 27.933093][ T464] rust_binder: Failed to allocate buffer. len:40, is_oneway:true [ 27.935912][ T462] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 27.942694][ T466] rust_binder: Error in use_page_slow: ESRCH [ 27.951153][ T466] rust_binder: use_range failure ESRCH [ 27.951175][ T464] rust_binder: Error in use_page_slow: ESRCH [ 27.957734][ T466] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 27.966238][ T464] rust_binder: use_range failure ESRCH [ 27.969394][ T466] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 27.982203][ T464] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 27.985346][ T466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:49 [ 27.992733][ T464] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 28.008975][ T464] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:49 [ 28.029553][ T465] rust_binder: Error in use_page_slow: ESRCH [ 28.029575][ T465] rust_binder: use_range failure ESRCH [ 28.035650][ T465] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 28.041481][ T465] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 28.049585][ T465] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:50 [ 28.238303][ T476] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 28.247472][ T476] rust_binder: Read failure Err(EFAULT) in pid:39 [ 28.267010][ T36] audit: type=1400 audit(1750397933.480:150): avc: denied { read write } for pid=477 comm="syz.2.53" name="fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 28.297557][ T36] audit: type=1400 audit(1750397933.480:151): avc: denied { open } for pid=477 comm="syz.2.53" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 28.339437][ T478] binder: Unknown parameter 'ÿ' [ 28.343641][ T36] audit: type=1400 audit(1750397933.490:152): avc: denied { ioctl } for pid=477 comm="syz.2.53" path="/dev/fuse" dev="devtmpfs" ino=23 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 28.369594][ T36] audit: type=1326 audit(1750397933.550:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=477 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3898e929 code=0x7ffc0000 [ 28.392844][ T36] audit: type=1326 audit(1750397933.550:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=477 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7efd3898e929 code=0x7ffc0000 [ 28.416734][ T36] audit: type=1326 audit(1750397933.550:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=477 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3898e929 code=0x7ffc0000 [ 28.440455][ T484] rust_binder: Write failure EFAULT in pid:59 [ 28.553275][ T488] rust_binder: Write failure EFAULT in pid:45 [ 28.570344][ T490] rust_binder: Write failure EINVAL in pid:47 [ 28.585884][ T491] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 28.593068][ T491] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:18 [ 28.610338][ T495] rust_binder: Write failure EINVAL in pid:51 [ 28.636076][ T497] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:21 [ 28.688386][ T506] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:23 [ 28.712327][ T506] rust_binder: Read failure Err(EFAULT) in pid:23 [ 28.724532][ T495] rust_binder: Write failure EINVAL in pid:51 [ 28.753244][ T512] rust_binder: Error while translating object. [ 28.760598][ T512] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 28.767163][ T512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:53 [ 28.862610][ T520] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:26 [ 28.993557][ T528] ======================================================= [ 28.993557][ T528] WARNING: The mand mount option has been deprecated and [ 28.993557][ T528] and is ignored by this kernel. Remove the mand [ 28.993557][ T528] option from the mount to silence this warning. [ 28.993557][ T528] ======================================================= [ 29.045725][ T528] binder: Bad value for 'max' [ 29.273394][ T543] rust_binder: Write failure EINVAL in pid:67 [ 29.273836][ T544] rust_binder: Write failure EINVAL in pid:67 [ 29.285903][ T543] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 29.294970][ T543] rust_binder: Read failure Err(EFAULT) in pid:67 [ 29.303771][ T544] rust_binder: Write failure EINVAL in pid:67 [ 29.310381][ T543] rust_binder: Write failure EINVAL in pid:67 [ 29.317331][ T548] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.324009][ T547] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:33 [ 29.350623][ T547] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:33 [ 29.363460][ T552] random: crng reseeded on system resumption [ 29.439692][ T552] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.476721][ T554] rust_binder: Write failure EINVAL in pid:70 [ 29.491439][ T568] rust_binder: Error in use_page_slow: ESRCH [ 29.501224][ T568] rust_binder: use_range failure ESRCH [ 29.508145][ T568] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 29.514085][ T568] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 29.522732][ T568] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:38 [ 29.738956][ T45] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 29.781616][ T45] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 29.868595][ T577] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.057877][ T591] binder: Unknown parameter '' [ 30.083706][ T590] rust_binder: Error while translating object. [ 30.083749][ T590] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 30.096454][ T590] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:90 [ 30.296891][ T607] rust_binder: Failed to allocate buffer. len:4240, is_oneway:true [ 30.305921][ T607] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 30.314090][ T607] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:92 [ 30.324725][ T609] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.360993][ T612] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.368806][ T608] SELinux: ebitmap: truncated map [ 30.376602][ T612] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:96 [ 30.405825][ T608] SELinux: failed to load policy [ 30.409369][ T617] rust_binder: Write failure EINVAL in pid:96 [ 30.428598][ T617] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 30.435185][ T617] rust_binder: Read failure Err(EFAULT) in pid:96 [ 30.443751][ T620] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 30.667437][ T635] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 30.783264][ T648] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:58 [ 30.819985][ T651] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.846639][ T653] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.853832][ T653] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false [ 30.865290][ T653] rust_binder: Failed to allocate buffer. len:4294966952, is_oneway:false [ 30.873358][ T653] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 30.881944][ T653] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:116 [ 31.088298][ T655] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:118 [ 31.224340][ T659] rust_binder: Got transaction with invalid offset. [ 31.233814][ T659] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.240945][ T659] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:122 [ 31.242228][ T661] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:63 [ 31.268933][ T661] rust_binder: Error while translating object. [ 31.286693][ T661] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 31.293038][ T661] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:63 [ 31.333314][ T666] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 31.342553][ T666] rust_binder: Read failure Err(EFAULT) in pid:124 [ 31.506993][ T680] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 120, size: 75) [ 31.513906][ T680] rust_binder: Error while translating object. [ 31.529841][ T680] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.536749][ T680] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:106 [ 31.550623][ T682] rust_binder: Error while translating object. [ 31.560410][ T682] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.567073][ T682] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62 [ 31.664734][ T694] input: syz1 as /devices/virtual/input/input10 [ 31.687148][ T694] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:127 [ 31.748566][ T699] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:129 [ 31.762365][ T703] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.773062][ T703] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:114 [ 31.786462][ T704] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.858526][ T688] rust_binder: Read failure Err(EFAULT) in pid:74 [ 32.127893][ T738] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 32.132573][ T711] cgroup: fork rejected by pids controller in [ 32.236434][ T711] /syz2 [ 32.290564][ T759] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:138 [ 32.329259][ T759] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:138 [ 32.420345][ T770] rust_binder: Error while translating object. [ 32.446519][ T770] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.452765][ T770] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:75 [ 32.523133][ T781] binder: Bad value for 'stats' [ 32.567676][ T36] kauditd_printk_skb: 18 callbacks suppressed [ 32.567695][ T36] audit: type=1400 audit(1750397937.780:174): avc: denied { setcurrent } for pid=780 comm="syz.1.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 32.612048][ T781] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 32.638078][ T36] audit: type=1400 audit(1750397937.850:175): avc: denied { validate_trans } for pid=790 comm="syz.3.140" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 32.816320][ T814] binder: Unknown parameter 'ÿÿÿÿÿÿÿÿ' [ 32.863789][ T818] cgroup: fork rejected by pids controller in /syz3 [ 32.888133][ T865] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.946277][ T868] SELinux: failed to load policy [ 32.952607][ T868] rust_binder: Error in use_page_slow: ESRCH [ 32.952628][ T868] rust_binder: use_range failure ESRCH [ 32.958700][ T868] rust_binder: Failed to allocate buffer. len:40, is_oneway:true [ 32.964281][ T868] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 32.972107][ T868] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:136 [ 33.038943][ T13] bridge_slave_1: left allmulticast mode [ 33.054222][ T13] bridge_slave_1: left promiscuous mode [ 33.060236][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.068266][ T13] bridge_slave_0: left allmulticast mode [ 33.073991][ T13] bridge_slave_0: left promiscuous mode [ 33.080139][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.131397][ T928] input: syz0 as /devices/virtual/input/input14 [ 33.138528][ T36] audit: type=1400 audit(1750397938.350:176): avc: denied { ioctl } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=443 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 33.169347][ T928] __vm_enough_memory: pid: 928, comm: syz.2.150, bytes: 281474976845824 not enough memory for the allocation [ 33.222821][ T36] audit: type=1400 audit(1750397938.430:177): avc: denied { read } for pid=931 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 33.247776][ T36] audit: type=1400 audit(1750397938.430:178): avc: denied { open } for pid=931 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 33.271530][ T13] veth1_macvtap: left promiscuous mode [ 33.277441][ T13] veth0_vlan: left promiscuous mode [ 33.352864][ T931] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.360188][ T931] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.367625][ T931] bridge_slave_0: entered allmulticast mode [ 33.376742][ T931] bridge_slave_0: entered promiscuous mode [ 33.383455][ T931] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.391216][ T931] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.398357][ T931] bridge_slave_1: entered allmulticast mode [ 33.404741][ T931] bridge_slave_1: entered promiscuous mode [ 33.478699][ T36] audit: type=1400 audit(1750397938.690:179): avc: denied { create } for pid=931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.486082][ T931] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.506916][ T36] audit: type=1400 audit(1750397938.690:180): avc: denied { write } for pid=931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.507014][ T931] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.528032][ T36] audit: type=1400 audit(1750397938.690:181): avc: denied { read } for pid=931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.535277][ T931] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.563062][ T931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.586363][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.595446][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.606946][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.614692][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.624444][ T305] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.631556][ T305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.654233][ T947] rust_binder: Error while translating object. [ 33.654276][ T947] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 33.660593][ T947] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:152 [ 33.685955][ T931] veth0_vlan: entered promiscuous mode [ 33.708606][ T931] veth1_macvtap: entered promiscuous mode [ 33.801725][ T36] audit: type=1400 audit(1750397939.010:182): avc: denied { append } for pid=950 comm="syz.3.149" name="pfkey" dev="proc" ino=4026532881 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 33.822252][ T962] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.944428][ T965] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 33.967012][ T36] audit: type=1400 audit(1750397939.180:183): avc: denied { map } for pid=974 comm="syz.0.162" path="pipe:[2342]" dev="pipefs" ino=2342 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 34.014863][ T979] binder: Unknown parameter 'fscontext?}' [ 34.121786][ T291] Bluetooth: hci0: Frame reassembly failed (-84) [ 34.130275][ T355] Bluetooth: hci0: unexpected event 0x0b length: 0 < 11 [ 34.897968][ T1028] input: syz0 as /devices/virtual/input/input15 [ 35.112192][ T1048] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 35.219055][ T1064] binder: Unknown parameter 'def‚ontextÛU›ªÇ‚2_ Z.;ùRcÁš(ß+ž;ë—SÌûþæ6¥ (‡‰ÛœÀgñ`u¢Ê²Ž8`д|%²1N™á›˜lÏgÒµdü\+6F¼õiÔ#Þ©e™U [ 35.219055][ T1064] «`{’?K`͘Q[' [ 35.300908][ T1058] rust_binder: Write failure EFAULT in pid:183 [ 35.407306][ T1071] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 35.423663][ T1075] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:174 [ 35.433845][ T1071] rust_binder: Write failure EINVAL in pid:42 [ 35.467726][ T1076] binder: Bad value for 'stats' [ 35.523356][ T1089] rust_binder: Write failure EINVAL in pid:184 [ 35.652019][ T1110] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:191 [ 35.696305][ T1113] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.706177][ T1113] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:192 [ 35.708243][ T1112] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.727527][ T1112] rust_binder: inc_ref_done called when no active inc_refs [ 35.746237][ T1114] rust_binder: Write failure EINVAL in pid:191 [ 36.129362][ T1124] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.136033][ T1124] rust_binder: Error in use_page_slow: ESRCH [ 36.142857][ T1124] rust_binder: use_range failure ESRCH [ 36.148971][ T1124] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 36.154616][ T1124] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 36.162807][ T1124] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:66 [ 36.176611][ T355] Bluetooth: hci0: command 0x1003 tx timeout [ 36.186595][ T354] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 36.337671][ T1140] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 36.489308][ T1153] kvm: apic: phys broadcast and lowest prio [ 36.504415][ T1153] SELinux: policydb table sizes (0,7) do not match mine (8,7) [ 36.512512][ T1153] SELinux: failed to load policy [ 36.518360][ T1153] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:73 [ 36.642424][ T1163] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:200 [ 36.745306][ T1175] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:199 [ 36.755783][ T1175] rust_binder: Error while translating object. [ 36.765296][ T1175] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.775508][ T1175] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:199 [ 36.843183][ T1184] binder: Unknown parameter 'non' [ 36.908512][ T1189] rust_binder: Write failure EFAULT in pid:83 [ 36.928127][ T1191] binder: Bad value for 'stats' [ 37.037610][ T1198] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 37.201227][ T1205] rust_binder: Write failure EFAULT in pid:210 [ 37.240382][ T1207] binder: Bad value for 'max' [ 37.255002][ T1209] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 37.273973][ T1209] SELinux: failed to load policy [ 37.273989][ T1201] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 37.340790][ T1214] rust_binder: Read failure Err(EAGAIN) in pid:94 [ 37.356121][ T1216] rust_binder: Error while translating object. [ 37.370776][ T1219] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 37.385593][ T1216] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 37.385646][ T1216] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:212 [ 37.400552][ T13] Bluetooth: hci0: Frame reassembly failed (-90) [ 37.428176][ T1220] random: crng reseeded on system resumption [ 37.554773][ T1231] cgroup: fork rejected by pids controller in /syz0 [ 37.758605][ T1250] SELinux: failed to load policy [ 37.768548][ T13] bridge_slave_1: left allmulticast mode [ 37.786684][ T13] bridge_slave_1: left promiscuous mode [ 37.791560][ T1250] rust_binder: Write failure EINVAL in pid:225 [ 37.792389][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.806844][ T13] bridge_slave_0: left allmulticast mode [ 37.812538][ T13] bridge_slave_0: left promiscuous mode [ 37.821705][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.897744][ T1254] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:220 [ 37.983409][ T1257] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.999739][ T1257] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.007468][ T1257] bridge_slave_0: entered allmulticast mode [ 38.013776][ T1257] bridge_slave_0: entered promiscuous mode [ 38.020358][ T1257] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.027528][ T1257] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.034692][ T1257] bridge_slave_1: entered allmulticast mode [ 38.042206][ T1257] bridge_slave_1: entered promiscuous mode [ 38.094752][ T13] veth1_macvtap: left promiscuous mode [ 38.101408][ T13] veth0_vlan: left promiscuous mode [ 38.106934][ T1262] rust_binder: Write failure EFAULT in pid:228 [ 38.152744][ T45] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 38.181767][ T45] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 38.185644][ T1257] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.198480][ T1257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.205888][ T1257] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.213096][ T1257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.222543][ T1268] rust_binder: Error in use_page_slow: ESRCH [ 38.222567][ T1268] rust_binder: use_range failure ESRCH [ 38.231644][ T1268] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 38.246620][ T1268] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 38.275892][ T1268] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:223 [ 38.276023][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.301946][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.318706][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.325850][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.335642][ T305] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.342776][ T305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.373275][ T1257] veth0_vlan: entered promiscuous mode [ 38.384414][ T1257] veth1_macvtap: entered promiscuous mode [ 38.518612][ T1285] binder: Unknown parameter 'ma000000000±001' [ 38.548024][ T1287] SELinux: failed to load policy [ 38.554293][ T1287] binder: Unknown parameter 'nXI' [ 38.688489][ T1294] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:239 [ 38.719813][ T1297] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 38.729236][ T1297] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:7 [ 38.822161][ T1299] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:9 [ 38.832183][ T1299] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:9 [ 38.842082][ T1299] rust_binder: got new transaction with bad transaction stack [ 38.851156][ T1299] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:9 [ 38.892652][ T36] kauditd_printk_skb: 8 callbacks suppressed [ 38.892674][ T36] audit: type=1400 audit(1750397944.100:192): avc: denied { append } for pid=1302 comm="syz.0.268" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 38.897641][ T1303] rust_binder: Failed to allocate buffer. len:1152, is_oneway:false [ 38.963443][ T1309] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.971721][ T1310] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 38.998548][ T1313] rust_binder: Failed to allocate buffer. len:96, is_oneway:false [ 39.005173][ T1313] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 39.013283][ T1313] rust_binder: Read failure Err(EFAULT) in pid:19 [ 39.037133][ T1315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:246 [ 39.044073][ T1315] rust_binder: Error while translating object. [ 39.053337][ T1315] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 39.059811][ T1315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:246 [ 39.114988][ T1327] binder: Bad value for 'defcontext' [ 39.246258][ T1334] input: syz1 as /devices/virtual/input/input21 [ 39.344901][ T1336] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 39.398652][ T1338] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 39.408796][ T36] audit: type=1400 audit(1750397944.620:193): avc: denied { checkpoint_restore } for pid=1337 comm="syz.1.278" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 39.410360][ T1338] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.456692][ T355] Bluetooth: hci0: command 0x1003 tx timeout [ 39.456692][ T354] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 39.476575][ T1344] SELinux: security_context_str_to_sid () failed with errno=-22 [ 39.517589][ T1353] SELinux: security_context_str_to_sid (sytem_uÝGй0x0000000000000003) failed with errno=-22 [ 39.562331][ T1361] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.575936][ T1361] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 39.659642][ T1372] binder: Unknown parameter 'nXI' [ 39.676866][ T1366] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:245 [ 39.768146][ T1382] rust_binder: Write failure EFAULT in pid:28 [ 39.806968][ T1385] binder: Bad value for 'max' [ 39.892938][ T1387] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 39.893245][ T1388] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 40.186741][ T1399] binder: Bad value for 'stats' [ 40.234460][ T1404] rust_binder: Write failure EINVAL in pid:275 [ 40.297811][ T1401] kvm: vcpu 5: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 40.365125][ T1412] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 40.389004][ T1414] binder: Unknown parameter 'fscontext?}' [ 40.394462][ T1416] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 40.395250][ T1416] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 40.403091][ T1416] rust_binder: Error while translating object. [ 40.411994][ T1416] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 40.419850][ T1416] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:259 [ 40.491592][ T1418] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2699185136 (5398370272 ns) > initial count (3006791804 ns). Using initial count to start timer. [ 41.012640][ T1439] binfmt_misc: register: failed to install interpreter file ./file0 [ 41.022510][ T1439] rust_binder: Error while translating object. [ 41.022554][ T1439] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 41.029604][ T1440] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:267 [ 41.039498][ T1439] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:267 [ 41.134451][ T36] audit: type=1326 audit(1750397946.340:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.0.317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 41.177082][ T36] audit: type=1326 audit(1750397946.340:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.0.317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 41.211815][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.211848][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.218496][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.224971][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.231466][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.237985][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.244573][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.251108][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.260117][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.267624][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.274343][ T1454] rust_binder: Error while translating object. [ 41.282415][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.282696][ T1454] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 41.297993][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.308148][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.315052][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.321860][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.321893][ T1454] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:273 [ 41.331405][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.344872][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.351626][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.361207][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.370727][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.378407][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.384948][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.391671][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.398577][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.406678][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.413255][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.420032][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.426629][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.433362][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.437682][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.439953][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.446998][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.452982][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.459515][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.465397][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.471944][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.478135][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.492629][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.499597][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.506812][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.509141][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.520570][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.522572][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.529899][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.534035][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.540552][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.547129][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.553554][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.559960][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.566638][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.572857][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.580130][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.591857][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.599061][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.600775][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.605819][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.612204][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.619415][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.626808][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.633503][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.639602][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.647115][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.653230][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.661014][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.672455][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.673738][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.679261][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.685589][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.692259][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.698347][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.706061][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.717251][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.723882][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.724645][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.737309][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.739014][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.743917][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.751096][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.757183][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.763759][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.774033][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.776460][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.789007][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.789541][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.802222][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.804546][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.814631][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.817962][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.828434][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.834695][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.834951][ T1455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 41.841452][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.854197][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.860389][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.866585][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.874005][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.886518][ T1469] rust_binder: Write failure EFAULT in pid:53 [ 41.951321][ T1478] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 41.968113][ T1481] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 41.968150][ T1481] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:293 [ 41.998076][ T36] audit: type=1400 audit(1750397947.210:196): avc: denied { ioctl } for pid=1484 comm="syz.1.328" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 42.044459][ T1490] serio: Serial port ttynull [ 42.436133][ T1524] rust_binder: Write failure EFAULT in pid:154 [ 42.557014][ T1532] random: crng reseeded on system resumption [ 42.774205][ T1542] rust_binder: Error while translating object. [ 42.774251][ T1542] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 42.780772][ T1542] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:319 [ 42.814536][ T36] audit: type=1326 audit(1750397948.020:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1543 comm="syz.3.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 42.854743][ T36] audit: type=1326 audit(1750397948.020:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1543 comm="syz.3.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 42.879435][ T36] audit: type=1326 audit(1750397948.030:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1543 comm="syz.3.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 42.903021][ T36] audit: type=1326 audit(1750397948.030:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1543 comm="syz.3.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 42.929940][ T36] audit: type=1326 audit(1750397948.030:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1543 comm="syz.3.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 42.966883][ T1549] binder: Bad value for 'max' [ 43.112735][ T1554] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:59 [ 43.142020][ T1556] random: crng reseeded on system resumption [ 43.150012][ T1559] binder: Unknown parameter 'fsaontext' [ 43.208365][ T1563] binder: Unknown parameter 'Ô?ãI¿wâ.ÎJÁÒIax' [ 43.354593][ T1575] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.354963][ T1575] rust_binder: Error while translating object. [ 43.362166][ T1575] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 43.368901][ T1575] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:68 [ 43.381703][ T1575] rust_binder: Write failure EINVAL in pid:68 [ 43.757865][ T1594] binder: Unknown parameter 'ÿÿÿÿ' [ 43.827335][ T1606] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 43.827531][ T1606] rust_binder: Write failure EFAULT in pid:76 [ 43.829744][ T1605] rust_binder: Write failure EINVAL in pid:332 [ 43.835512][ T1606] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 44.037013][ T1623] rust_binder: Error while translating object. [ 44.056328][ T1623] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 44.062737][ T1623] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:175 [ 44.124498][ T36] kauditd_printk_skb: 8 callbacks suppressed [ 44.124515][ T36] audit: type=1400 audit(1750397949.330:210): avc: denied { map } for pid=1626 comm="syz.0.376" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 44.189871][ T36] audit: type=1400 audit(1750397949.330:211): avc: denied { execute } for pid=1626 comm="syz.0.376" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 44.232443][ T1633] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 44.266439][ T36] audit: type=1400 audit(1750397949.380:212): avc: granted { setsecparam } for pid=1626 comm="syz.0.376" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 44.361052][ T1641] rust_binder: Write failure EINVAL in pid:87 [ 44.421170][ T1680] rust_binder: Write failure EINVAL in pid:181 [ 44.448967][ T1651] rust_binder: Failed to allocate buffer. len:24, is_oneway:false [ 44.499892][ T1762] rust_binder: Write failure EFAULT in pid:92 [ 44.500197][ T1764] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:183 [ 44.529390][ T291] bridge_slave_1: left allmulticast mode [ 44.556487][ T291] bridge_slave_1: left promiscuous mode [ 44.562367][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.579417][ T291] bridge_slave_0: left allmulticast mode [ 44.585114][ T291] bridge_slave_0: left promiscuous mode [ 44.605648][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.628160][ T1774] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 2147483651 [ 44.636266][ T1774] rust_binder: Write failure EINVAL in pid:186 [ 44.707178][ T1782] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 44.713509][ T1782] rust_binder: Error in use_page_slow: EBUSY [ 44.724992][ T1782] rust_binder: use_range failure EBUSY [ 44.731245][ T1782] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 44.737917][ T1782] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 44.746279][ T36] audit: type=1400 audit(1750397949.950:213): avc: denied { mounton } for pid=1785 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 44.746416][ T1782] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 44.777115][ T1782] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:191 [ 44.812363][ T1777] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 152, size: 42) [ 44.820682][ T1777] rust_binder: Error while translating object. [ 44.831761][ T1777] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 44.832243][ T291] veth1_macvtap: left promiscuous mode [ 44.847452][ T1777] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:100 [ 44.853343][ T291] veth0_vlan: left promiscuous mode [ 44.932857][ T36] audit: type=1400 audit(1750397950.140:214): avc: denied { map } for pid=1789 comm="syz.1.401" path="/dev/ptmx" dev="devtmpfs" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1 [ 44.967502][ T1785] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.969650][ T1791] rust_binder: Write failure EFAULT in pid:195 [ 44.974577][ T1785] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.974641][ T1785] bridge_slave_0: entered allmulticast mode [ 44.981740][ T1791] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 44.988689][ T1785] bridge_slave_0: entered promiscuous mode [ 45.009400][ T1785] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.016628][ T1785] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.023736][ T1785] bridge_slave_1: entered allmulticast mode [ 45.030237][ T1785] bridge_slave_1: entered promiscuous mode [ 45.133911][ T1805] input: syz0 as /devices/virtual/input/input27 [ 45.211106][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.218305][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.230770][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.237873][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.282490][ T1785] veth0_vlan: entered promiscuous mode [ 45.307065][ T1785] veth1_macvtap: entered promiscuous mode [ 45.358018][ T36] audit: type=1400 audit(1750397950.560:215): avc: denied { unmount } for pid=1785 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 45.442224][ T1811] binder: Unknown parameter 'processor : 0 [ 45.442224][ T1811] vendor_id : GenuineIntel [ 45.442224][ T1811] cpu family : 6 [ 45.442224][ T1811] model : 79 [ 45.442224][ T1811] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 45.442224][ T1811] stepping : 0 [ 45.442224][ T1811] microcode : 0xffffffff [ 45.442224][ T1811] cpu MHz : 2199.998 [ 45.442224][ T1811] cache size : 56320 KB [ 45.442224][ T1811] physical id : 0 [ 45.442224][ T1811] siblings : 2 [ 45.442224][ T1811] core id : 0 [ 45.442224][ T1811] cpu cores : 1 [ 45.442224][ T1811] apicid : 0 [ 45.442224][ T1811] initial apicid : 0 [ 45.442224][ T1811] fpu : yes [ 45.442224][ T1811] fpu_exception : yes [ 45.442224][ T1811] cpuid level : 13 [ 45.442224][ T1811] wp : yes [ 45.442224][ T1811] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 45.442224][ T1811] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 45.465361][ T1815] binder: Bad value for 'max' [ 45.624398][ T1815] binder: Bad value for 'max' [ 45.711753][ T1827] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 45.970698][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.979139][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.985786][ T1834] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.992203][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 45.992883][ T1831] rust_binder: Error in use_page_slow: ESRCH [ 45.999149][ T1835] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 46.005304][ T1831] rust_binder: use_range failure ESRCH [ 46.011452][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.020410][ T1831] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 46.025768][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.031698][ T1831] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 46.039448][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.046506][ T1831] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:12 [ 46.080309][ T1838] binder: Unknown parameter '' [ 46.089051][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.094345][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.102974][ T36] audit: type=1326 audit(1750397951.300:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1837 comm="syz.0.414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x0 [ 46.134636][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.134666][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.141289][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.147941][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.153467][ T36] audit: type=1326 audit(1750397951.360:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1839 comm="syz.1.415" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdab1f8e929 code=0x0 [ 46.154453][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.168959][ T1843] rust_binder: Write failure EFAULT in pid:17 [ 46.184278][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.196555][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.203203][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.210514][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.217123][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.223691][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.230244][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.237330][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.243953][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.252198][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.260169][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.267538][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.274092][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.280756][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.291569][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.298204][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.304741][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.311405][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.317941][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.324937][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.331524][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.338828][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.345707][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.352373][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.358985][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.365570][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.372232][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.378939][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.385455][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.392035][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.398886][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.406070][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.412624][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.421143][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.427733][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.434895][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.442888][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.449487][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.456208][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.462825][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.469369][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.475913][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.482451][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.489031][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.498955][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.505962][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.512637][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.519324][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.525959][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.532553][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.539212][ T1833] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 46.571762][ T1852] __vm_enough_memory: pid: 1852, comm: syz.3.418, bytes: 281474976845824 not enough memory for the allocation [ 46.898356][ T1867] binder: Bad value for 'max' [ 46.947178][ T36] audit: type=1400 audit(1750397952.160:218): avc: denied { block_suspend } for pid=1868 comm="syz.0.425" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 47.016823][ T1877] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.017135][ T1877] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 47.024027][ T1877] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.034367][ T1877] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 47.040224][ T1885] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:362 [ 47.067537][ T1877] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 47.100975][ T1900] rust_binder: Write failure EINVAL in pid:362 [ 47.117712][ T1900] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 47.128429][ T1900] rust_binder: Failed to allocate buffer. len:152, is_oneway:false [ 47.182972][ T1904] binder: Bad value for 'max' [ 47.449586][ T1922] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 47.449622][ T1922] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:32 [ 47.625360][ T1955] rust_binder: Got transaction with invalid offset. [ 47.634767][ T1955] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 47.641669][ T1955] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:226 [ 47.685958][ T1965] rust_binder: Read failure Err(EAGAIN) in pid:188 [ 47.733450][ T1971] rust_binder: Error while translating object. [ 47.740124][ T1971] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 47.746322][ T1971] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:228 [ 47.814837][ T1973] binder: Unknown parameter 'fowner<00000000000000060928' [ 47.866084][ T36] audit: type=1400 audit(1750397953.070:219): avc: denied { write } for pid=1978 comm="syz.1.439" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 48.112431][ T2003] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.160238][ T2009] rust_binder: Write failure EFAULT in pid:201 [ 48.233120][ T2019] rust_binder: Error while translating object. [ 48.239617][ T2019] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 48.245842][ T2019] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:375 [ 48.405088][ T2039] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 48.472174][ T2048] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:389 [ 48.548712][ T2054] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 48.558031][ T2054] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:393 [ 48.582192][ T2057] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 48.593775][ T2057] rust_binder: Read failure Err(EFAULT) in pid:395 [ 48.611320][ T2057] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 48.611426][ T2055] rust_binder: got new transaction with bad transaction stack [ 48.624391][ T2055] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:208 [ 48.689614][ T2067] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 48.698946][ T2067] rust_binder: Read failure Err(EFAULT) in pid:73 [ 48.764003][ T2070] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 49.000592][ T2080] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 49.000932][ T2080] rust_binder: Failed to allocate buffer. len:112, is_oneway:false [ 49.002561][ T2081] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:81 [ 49.014948][ T2080] rust_binder: Write failure EINVAL in pid:244 [ 49.429320][ T2095] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 49.611104][ T2111] SELinux: security_context_str_to_sid () failed with errno=-22 [ 49.712704][ T2123] __vm_enough_memory: pid: 2123, comm: syz.0.486, bytes: 281474976845824 not enough memory for the allocation [ 49.806665][ T2143] binder: Bad value for 'max' [ 49.873848][ T2151] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:102 [ 49.885418][ T2153] binder: Bad value for 'stats' [ 49.919705][ T2156] rust_binder: Write failure EINVAL in pid:106 [ 49.947449][ T2159] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:412 [ 49.956691][ T2157] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.041953][ T2170] binder: Unknown parameter 'nXI' [ 50.053886][ T2166] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.053917][ T2166] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.065993][ T2171] binder: Unknown parameter 'nXI' [ 50.067030][ T2169] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 50.079785][ T2166] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.088023][ T2166] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.093805][ T2169] rust_binder: Read failure Err(EFAULT) in pid:271 [ 50.186711][ T2185] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 50.193717][ T2185] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 50.239212][ T2196] binder: Bad value for 'max' [ 50.254259][ T2194] rust_binder: Error while translating object. [ 50.254294][ T2194] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 50.261581][ T2194] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:280 [ 50.375398][ T2183] rust_binder: Read failure Err(EFAULT) in pid:110 [ 50.619258][ T2216] rust_binder: Failed to allocate buffer. len:4120, is_oneway:true [ 50.630934][ T2216] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 50.639629][ T2216] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:118 [ 50.677269][ T2218] rust_binder: Write failure EINVAL in pid:439 [ 50.770116][ T36] kauditd_printk_skb: 2 callbacks suppressed [ 50.770135][ T36] audit: type=1326 audit(1750397955.980:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2219 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 50.805924][ T36] audit: type=1326 audit(1750397955.980:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2219 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 50.831130][ T36] audit: type=1326 audit(1750397955.980:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2219 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 50.836318][ T2222] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:287 [ 50.982791][ T36] audit: type=1326 audit(1750397956.190:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2237 comm="syz.3.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 51.017773][ T2243] rust_binder: Write failure EINVAL in pid:453 [ 51.037911][ T36] audit: type=1326 audit(1750397956.190:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2237 comm="syz.3.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 51.068604][ T36] audit: type=1326 audit(1750397956.190:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2237 comm="syz.3.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 51.092508][ T36] audit: type=1326 audit(1750397956.190:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2237 comm="syz.3.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 51.117748][ T36] audit: type=1326 audit(1750397956.190:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2237 comm="syz.3.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 51.149796][ T36] audit: type=1326 audit(1750397956.190:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2237 comm="syz.3.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 51.180912][ T36] audit: type=1326 audit(1750397956.190:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2237 comm="syz.3.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc978e929 code=0x7ffc0000 [ 51.383346][ T2268] binder: Unknown parameter 'context' [ 51.395641][ T2260] rust_binder: Write failure EFAULT in pid:458 [ 51.436934][ T2273] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 128, size: 219) [ 51.443162][ T2273] rust_binder: Error while translating object. [ 51.476463][ T2273] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 51.482744][ T2273] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:243 [ 51.509056][ T2275] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 51.526411][ T2275] rust_binder: Read failure Err(EFAULT) in pid:121 [ 51.581385][ T2283] binder: Unknown parameter 'defcontext01777777777777777777777' [ 51.816506][ T2294] tap0: tun_chr_ioctl cmd 1074025677 [ 51.822014][ T2294] tap0: linktype set to 776 [ 51.827667][ T2294] binder: Unknown parameter '' [ 51.972852][ T2301] random: crng reseeded on system resumption [ 52.043601][ T2307] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 52.058915][ T2310] rust_binder: Write failure EFAULT in pid:257 [ 52.061086][ T2310] input: syz0 as /devices/virtual/input/input32 [ 52.139792][ T2310] binder: Binderfs stats mode cannot be changed during a remount [ 52.232770][ T2316] kvm: user requested TSC rate below hardware speed [ 52.313835][ T2321] binfmt_misc: register: failed to install interpreter file ./file0 [ 52.322964][ T2323] SELinux: policydb table sizes (0,0) do not match mine (6,7) [ 52.343188][ T2323] SELinux: failed to load policy [ 52.453342][ T2327] rust_binder: Write failure EINVAL in pid:136 [ 52.484962][ T2332] rust_binder: Error in use_page_slow: ESRCH [ 52.491686][ T2332] rust_binder: use_range failure ESRCH [ 52.498678][ T2332] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 52.504209][ T2332] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 52.513880][ T2332] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:265 [ 52.560278][ T2341] rust_binder: Error while translating object. [ 52.560326][ T2341] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 52.571696][ T2341] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:268 [ 52.583409][ T2343] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:311 [ 52.594979][ T2343] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:311 [ 52.629306][ T2347] input: syz0 as /devices/virtual/input/input34 [ 52.644421][ T2352] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.644952][ T2352] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.656824][ T2352] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.680749][ T2352] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 52.761772][ T2371] kvm: kvm [2370]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x7 [ 53.451878][ T2403] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 53.451919][ T2403] rust_binder: Error in use_page_slow: EBUSY [ 53.496466][ T2403] rust_binder: use_range failure EBUSY [ 53.514526][ T2403] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 53.520157][ T2403] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 53.527974][ T2403] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 53.537615][ T2403] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:163 [ 53.581704][ T2414] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.772870][ T2429] binder: Bad value for 'stats' [ 53.880931][ T2461] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.939747][ T2471] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 53.976412][ T2471] rust_binder: Error while translating object. [ 54.019002][ T2471] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 54.025330][ T2471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:490 [ 54.098550][ T2477] binder: Unknown parameter '' [ 54.338008][ T2511] block device autoloading is deprecated and will be removed. [ 54.346421][ T2511] syz.1.595: attempt to access beyond end of device [ 54.346421][ T2511] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 54.458549][ T2529] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 54.458580][ T2529] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:338 [ 54.495197][ T2538] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:504 [ 54.799335][ T2556] binder: Unknown parameter '01777777777777777777777' [ 55.084811][ T2582] rust_binder: Write failure EINVAL in pid:362 [ 55.181315][ T2593] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 55.282615][ T2609] rust_binder: Read failure Err(EAGAIN) in pid:525 [ 55.291145][ T2607] kernel profiling enabled (shift: 8) [ 55.418562][ T2624] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:381 [ 55.469866][ T2626] rust_binder: Write failure EINVAL in pid:381 [ 55.493877][ T2626] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 55.627848][ T2647] random: crng reseeded on system resumption [ 55.807608][ T2666] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 55.807643][ T2666] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:364 [ 55.838872][ T2673] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 55.977921][ T2690] binder: Bad value for 'stats' [ 56.050289][ T2704] rust_binder: Failed copying remainder into alloc: EFAULT [ 56.050318][ T2704] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 56.058379][ T2702] rust_binder: Write failure EFAULT in pid:549 [ 56.066578][ T2704] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 56.073189][ T2704] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:393 [ 56.152489][ T45] hid-generic 0000:0000:0000.0003: item fetching failed at offset 0/1 [ 56.170865][ T45] hid-generic 0000:0000:0000.0003: probe with driver hid-generic failed with error -22 [ 56.473901][ T2750] kvm: kvm [2749]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xaf [ 56.560748][ T2763] rust_binder: Failed copying remainder into alloc: EFAULT [ 56.560770][ T2763] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 56.568271][ T2763] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 56.577181][ T2763] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:570 [ 56.595763][ T2765] binder: Unknown parameter 'nXI' [ 56.691676][ T2777] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 56.691748][ T2777] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 56.726601][ T2783] rust_binder: Write failure EINVAL in pid:392 [ 56.728020][ T45] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 56.767256][ T2785] input: syz0 as /devices/virtual/input/input40 [ 56.773220][ T45] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 57.035715][ T2791] rust_binder: Error in use_page_slow: ESRCH [ 57.035744][ T2791] rust_binder: use_range failure ESRCH [ 57.042452][ T2791] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 57.048106][ T2791] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 57.055956][ T2791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:242 [ 57.085178][ T2794] binder: Unknown parameter 'func' [ 57.195307][ T2804] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:247 [ 57.227866][ T2807] rust_binder: Write failure EFAULT in pid:252 [ 57.271402][ T2811] rust_binder: Failed to allocate buffer. len:4200, is_oneway:true [ 57.308741][ T2815] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:254 [ 57.332059][ T2811] rust_binder: Write failure EINVAL in pid:435 [ 57.365380][ T2822] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 57.426507][ T2825] rust_binder: Write failure EFAULT in pid:438 [ 57.496414][ T2832] rust_binder: Write failure EINVAL in pid:258 [ 57.520454][ T2834] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:260 [ 57.570780][ T2836] rust_binder: Write failure EINVAL in pid:592 [ 57.621683][ T2846] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:396 [ 57.630060][ T2849] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 57.650434][ T2849] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:264 [ 57.744923][ T2857] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:602 [ 57.847133][ T2872] rust_binder: Write failure EINVAL in pid:605 [ 57.857480][ T2874] rust_binder: Write failure EINVAL in pid:605 [ 58.120527][ T2885] SELinux: policydb version 51618937 does not match my version range 15-33 [ 58.135517][ T2885] SELinux: failed to load policy [ 58.141132][ T2885] binder: Bad value for 'max' [ 58.169785][ T2887] input: syz0 as /devices/virtual/input/input42 [ 58.178606][ T2889] SELinux: security_context_str_to_sid () failed with errno=-22 [ 58.218634][ T2893] input: syz1 as /devices/virtual/input/input43 [ 58.230181][ T2893] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:403 [ 58.230559][ T2893] rust_binder: Error while translating object. [ 58.240025][ T2893] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 58.246750][ T2893] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:403 [ 58.297661][ T2898] rust_binder: Write failure EFAULT in pid:405 [ 58.391311][ T2903] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 58.397796][ T2903] rust_binder: Error in use_page_slow: EBUSY [ 58.408668][ T2903] rust_binder: use_range failure EBUSY [ 58.414881][ T2903] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 58.424106][ T2903] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 58.438454][ T2903] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 58.448303][ T2903] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:409 [ 58.480668][ T2908] SELinux: security_context_str_to_sid () failed with errno=-22 [ 58.528173][ T2913] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 58.529324][ T2913] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 58.539978][ T2911] SELinux: failed to load policy [ 58.553149][ T2913] rust_binder: Read failure Err(EFAULT) in pid:269 [ 58.599990][ T2911] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:412 [ 58.714352][ T36] kauditd_printk_skb: 69 callbacks suppressed [ 58.714372][ T36] audit: type=1326 audit(1750397963.920:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 58.755674][ T2918] binder: Unknown parameter 'defcontext01777777777777777777777' [ 58.771480][ T36] audit: type=1326 audit(1750397963.970:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 58.796601][ T2927] binder: Unknown parameter '„ax' [ 58.822886][ T36] audit: type=1326 audit(1750397963.970:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 58.827396][ T2929] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 58.851677][ T2927] binder: Unknown parameter 'uid<18446744073709551615' [ 58.854498][ T2929] rust_binder: Error while translating object. [ 58.860746][ T36] audit: type=1326 audit(1750397963.970:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 58.868060][ T2933] SELinux: security_context_str_to_sid (sytem_uÝGй ‰:ÿß) failed with errno=-22 [ 58.873623][ T2932] SELinux: security_context_str_to_sid (sytem_uÝGй ‰:ÿß) failed with errno=-22 [ 58.899041][ T2929] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 58.906336][ T36] audit: type=1326 audit(1750397963.970:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 58.915392][ T2929] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:414 [ 58.944157][ T36] audit: type=1326 audit(1750397963.970:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 58.985287][ T36] audit: type=1326 audit(1750397963.970:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 59.024174][ T36] audit: type=1326 audit(1750397963.970:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 59.048032][ T36] audit: type=1326 audit(1750397963.970:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2917 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f490338e929 code=0x7ffc0000 [ 59.074932][ T2946] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 59.135406][ T2951] kvm: vcpu 0: requested 16 ns lapic timer period limited to 200000 ns [ 59.144076][ T2951] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer. [ 59.162642][ T2951] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 59.162675][ T2951] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:631 [ 59.172934][ T2954] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.285747][ T2970] binder: Bad value for 'stats' [ 59.369069][ T2975] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.375867][ T2977] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 59.757760][ T3011] SELinux: policydb magic number 0x10000 does not match expected magic number 0xf97cff8c [ 59.767935][ T3011] SELinux: failed to load policy [ 59.938057][ T3020] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.938091][ T3020] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.944666][ T3020] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.952236][ T3020] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.966166][ T3020] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 59.973025][ T3020] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.156129][ T3044] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.209616][ T3044] SELinux: policydb version 905587468 does not match my version range 15-33 [ 60.228824][ T3044] SELinux: failed to load policy [ 60.234053][ T3044] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:488 [ 60.234444][ T3044] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 60.243796][ T3044] rust_binder: Read failure Err(EFAULT) in pid:488 [ 60.257766][ T3048] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.433091][ T3063] input: syz0 as /devices/virtual/input/input46 [ 60.487535][ T3070] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.487759][ T3070] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 60.500452][ T3076] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.522682][ T3076] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.588913][ T36] audit: type=1326 audit(1750397965.800:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3078 comm="syz.1.768" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdab1f8e929 code=0x0 [ 60.649475][ T3086] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 60.649510][ T3086] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:439 [ 60.679149][ T3088] rust_binder: Write failure EFAULT in pid:318 [ 60.688875][ T3088] binder: Unknown parameter 'ÿÿ' [ 60.814029][ T3099] rust_binder: Error in use_page_slow: ESRCH [ 60.814056][ T3099] rust_binder: use_range failure ESRCH [ 60.820880][ T3099] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 60.826608][ T3099] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 60.845799][ T3099] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:500 [ 60.876346][ T3110] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 60.930528][ T3110] rust_binder: Error while translating object. [ 60.937798][ T3110] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 60.944098][ T3110] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:323 [ 60.967273][ T3114] SELinux: security_context_str_to_sid () failed with errno=-22 [ 61.018660][ T3120] rust_binder: Read failure Err(EAGAIN) in pid:506 [ 61.095140][ T3124] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 61.206484][ T3131] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 61.213840][ T3131] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 61.235789][ T3133] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 61.253688][ T3135] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 61.264251][ T3133] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:454 [ 61.276970][ T3133] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 61.278009][ T3137] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 61.286350][ T3133] rust_binder: Read failure Err(EFAULT) in pid:454 [ 61.356038][ T3142] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 61.368598][ T3142] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:514 [ 61.388223][ T3141] rust_binder: Write failure EFAULT in pid:333 [ 61.398904][ T3144] SELinux: security_context_str_to_sid (€) failed with errno=-22 [ 61.636665][ T3157] SELinux: failed to load policy [ 61.823718][ T3165] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:697 [ 61.838606][ T3167] binder: Unknown parameter 'dont_hash' [ 61.926662][ T3173] rust_binder: Error in use_page_slow: ESRCH [ 61.926686][ T3173] rust_binder: use_range failure ESRCH [ 61.934611][ T3173] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 61.941936][ T3173] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 61.950674][ T3173] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:701 [ 61.976740][ T3179] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.028927][ T3184] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 62.099006][ T3189] random: crng reseeded on system resumption [ 62.207741][ T3204] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.207788][ T3204] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.215102][ T3204] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.222169][ T3204] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.231388][ T3204] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.238225][ T3204] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.491246][ T3213] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.522831][ T3215] binder: Unknown parameter 'context' [ 62.540672][ T3210] rust_binder: Error in use_page_slow: ESRCH [ 62.540699][ T3210] rust_binder: use_range failure ESRCH [ 62.546968][ T3210] rust_binder: Failed to allocate buffer. len:120, is_oneway:false [ 62.552471][ T3210] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 62.569420][ T3210] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:355 [ 62.599290][ T3226] rust_binder: Write failure EFAULT in pid:526 [ 62.620361][ T3228] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 62.630498][ T3228] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:360 [ 62.643628][ T3230] rust_binder: Error while translating object. [ 62.656464][ T3230] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 62.663208][ T3230] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:528 [ 62.915718][ T3246] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 62.934966][ T3246] random: crng reseeded on system resumption [ 62.988505][ T13] bridge_slave_1: left allmulticast mode [ 62.994245][ T13] bridge_slave_1: left promiscuous mode [ 63.000023][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.007910][ T13] bridge_slave_0: left allmulticast mode [ 63.014073][ T13] bridge_slave_0: left promiscuous mode [ 63.019865][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.160654][ T13] veth1_macvtap: left promiscuous mode [ 63.168095][ T13] veth0_vlan: left promiscuous mode [ 63.196573][ T3259] rust_binder: Write failure EINVAL in pid:379 [ 63.268388][ T3253] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.281964][ T3253] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.292330][ T3253] bridge_slave_0: entered allmulticast mode [ 63.299314][ T3253] bridge_slave_0: entered promiscuous mode [ 63.305842][ T3253] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.313029][ T3253] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.320332][ T3253] bridge_slave_1: entered allmulticast mode [ 63.326846][ T3253] bridge_slave_1: entered promiscuous mode [ 63.397819][ T3253] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.404938][ T3253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.412421][ T3253] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.419519][ T3253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.448780][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.457076][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.466811][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.473912][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.492287][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.499391][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.508701][ T3268] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:384 [ 63.532100][ T3253] veth0_vlan: entered promiscuous mode [ 63.553658][ T3253] veth1_macvtap: entered promiscuous mode [ 63.658576][ T3276] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:714 [ 63.674679][ T3280] rust_binder: Failed to allocate buffer. len:128, is_oneway:true [ 63.676660][ T3281] rust_binder: Failed to allocate buffer. len:128, is_oneway:true [ 63.837326][ T3297] tap0: tun_chr_ioctl cmd 1074812118 [ 63.853294][ T3296] tap0: tun_chr_ioctl cmd 1074812118 [ 63.951850][ T3299] input: syz1 as /devices/virtual/input/input47 [ 63.970130][ T3299] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 63.970157][ T3299] rust_binder: Read failure Err(EFAULT) in pid:9 [ 64.026466][ T36] kauditd_printk_skb: 7 callbacks suppressed [ 64.026488][ T36] audit: type=1400 audit(1750397969.220:318): avc: denied { read write } for pid=931 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 64.070132][ T36] audit: type=1400 audit(1750397969.220:319): avc: denied { open } for pid=931 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 64.118774][ T3304] input: syz1 as /devices/virtual/input/input48 [ 64.162898][ T36] audit: type=1400 audit(1750397969.220:320): avc: denied { ioctl } for pid=931 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 64.258894][ T36] audit: type=1400 audit(1750397969.280:321): avc: denied { read } for pid=3300 comm="syz.0.839" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 64.302001][ T3307] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 64.302028][ T3307] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 64.320609][ T3307] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:717 [ 64.340899][ T36] audit: type=1400 audit(1750397969.280:322): avc: denied { open } for pid=3300 comm="syz.0.839" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 64.386420][ T36] audit: type=1400 audit(1750397969.280:323): avc: denied { read } for pid=3300 comm="syz.0.839" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 64.431932][ T36] audit: type=1400 audit(1750397969.280:324): avc: denied { read open } for pid=3300 comm="syz.0.839" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 64.456106][ T36] audit: type=1400 audit(1750397969.280:325): avc: denied { ioctl } for pid=3300 comm="syz.0.839" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 64.497249][ T36] audit: type=1400 audit(1750397969.310:326): avc: denied { ioctl } for pid=3300 comm="syz.0.839" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 64.530549][ T36] audit: type=1400 audit(1750397969.310:327): avc: denied { read } for pid=3302 comm="syz.3.840" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 65.043882][ T3334] SELinux: Context ¢Ø is not valid (left unmapped). [ 65.071770][ T3337] binder: Bad value for 'max' [ 65.336598][ T3345] input input49: cannot allocate more than FF_MAX_EFFECTS effects [ 65.356324][ T3345] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 65.357157][ T3345] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:17 [ 65.396438][ T3352] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 65.431144][ T3352] rust_binder: Write failure EINVAL in pid:395 [ 65.698100][ T3375] SELinux: policydb version -1869732410 does not match my version range 15-33 [ 65.747857][ T3375] SELinux: failed to load policy [ 65.765982][ T3377] binder: Bad value for 'defcontext' [ 66.345988][ T3403] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 66.368285][ T3403] rust_binder: Error while translating object. [ 66.368328][ T3403] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 66.374729][ T3403] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:30 [ 66.510856][ T3418] SELinux: policydb table sizes (0,7) do not match mine (8,7) [ 66.588599][ T3418] SELinux: failed to load policy [ 66.845538][ T3428] kvm: user requested TSC rate below hardware speed [ 66.855716][ T3432] binder: Bad value for 'defcontext' [ 66.958401][ T3438] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 66.998503][ T3436] SELinux: failed to load policy [ 67.096052][ T3443] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 67.115510][ T3443] rust_binder: Write failure EINVAL in pid:418 [ 67.227249][ T3446] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 67.233473][ T3446] rust_binder: Error while translating object. [ 67.250597][ T3446] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 67.256923][ T3446] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:39 [ 67.269513][ T3446] binder: Binderfs stats mode cannot be changed during a remount [ 67.299618][ T3446] can0: slcan on ptm0. [ 67.320022][ T3446] input: syz0 as /devices/virtual/input/input52 [ 67.353290][ T3446] binder: Bad value for 'stats' [ 67.428196][ T3445] can0 (unregistered): slcan off ptm0. [ 67.787699][ T3473] binder: Bad value for 'defcontext' [ 67.917192][ T3484] binder: Bad value for 'max' [ 68.060326][ T3490] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 68.524745][ T3515] binder: Unknown parameter 'context' [ 68.792003][ T3529] SELinux: security_context_str_to_sid () failed with errno=-22 [ 68.826901][ T3529] SELinux: security_context_str_to_sid () failed with errno=-22 [ 69.006846][ T3536] binder: Unknown parameter 'processor : 0 [ 69.006846][ T3536] vendor_id : GenuineIntel [ 69.006846][ T3536] cpu family : 6 [ 69.006846][ T3536] model : 79 [ 69.006846][ T3536] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 69.006846][ T3536] stepping : 0 [ 69.006846][ T3536] microcode : 0xffffffff [ 69.006846][ T3536] cpu MHz : 2199.998 [ 69.006846][ T3536] cache size : 56320 KB [ 69.006846][ T3536] physical id : 0 [ 69.006846][ T3536] siblings : 2 [ 69.006846][ T3536] core id : 0 [ 69.006846][ T3536] cpu cores : 1 [ 69.006846][ T3536] apicid : 0 [ 69.006846][ T3536] initial apicid : 0 [ 69.006846][ T3536] fpu : yes [ 69.006846][ T3536] fpu_exception : yes [ 69.006846][ T3536] cpuid level : 13 [ 69.006846][ T3536] wp : yes [ 69.006846][ T3536] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 69.006846][ T3536] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 69.011174][ T3538] input: syz0 as /devices/virtual/input/input53 [ 69.151198][ T36] kauditd_printk_skb: 1003 callbacks suppressed [ 69.151226][ T36] audit: type=1400 audit(1750397974.220:1331): avc: denied { search } for pid=3541 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.182050][ T3541] audit: audit_backlog=65 > audit_backlog_limit=64 [ 69.185803][ T3536] audit: audit_backlog=65 > audit_backlog_limit=64 [ 69.200737][ T3536] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 69.216600][ T3536] audit: backlog limit exceeded [ 69.221760][ T3536] audit: audit_backlog=65 > audit_backlog_limit=64 [ 69.226429][ T3541] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 69.228518][ T36] audit: type=1400 audit(1750397974.220:1332): avc: denied { search } for pid=3541 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=421 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.265471][ T3541] audit: backlog limit exceeded [ 69.267330][ T94] audit: audit_backlog=65 > audit_backlog_limit=64 [ 69.295156][ T3536] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 69.295190][ T3536] rust_binder: Read failure Err(EFAULT) in pid:554 [ 69.381889][ T3540] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:55 [ 70.233719][ T3591] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:795 [ 70.370079][ T3597] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 70.419455][ T3597] rust_binder: Write failure EINVAL in pid:797 [ 70.433358][ T3601] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.710583][ T307] hid-generic 0005:0004:00DF.0005: unknown main item tag 0x0 [ 70.746333][ T3617] rust_binder: Write failure EINVAL in pid:455 [ 70.746935][ T307] hid-generic 0005:0004:00DF.0005: unknown main item tag 0x0 [ 70.766460][ T307] hid-generic 0005:0004:00DF.0005: unknown main item tag 0x0 [ 70.773928][ T307] hid-generic 0005:0004:00DF.0005: unknown main item tag 0x0 [ 70.789770][ T307] hid-generic 0005:0004:00DF.0005: hidraw0: BLUETOOTH HID v0.01 Device [syz1] on syz1 [ 70.982261][ T3627] fido_id[3627]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 70.997086][ T3630] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 71.057999][ T3630] rust_binder: Write failure EINVAL in pid:808 [ 71.125574][ T3637] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 71.273726][ T3644] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 71.282536][ T3644] rust_binder: Error in use_page_slow: ESRCH [ 71.298449][ T3644] rust_binder: use_range failure ESRCH [ 71.320323][ T3644] rust_binder: Failed to allocate buffer. len:4200, is_oneway:false [ 71.334372][ T3644] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 71.344517][ T3644] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:816 [ 71.379480][ T3655] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:464 [ 71.652836][ T3667] rust_binder: Error while translating object. [ 71.667825][ T3667] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 71.695509][ T3667] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:468 [ 72.136560][ T3687] binder: Unknown parameter 'dont_measure' [ 72.177793][ T3688] binder: Unknown parameter 'dont_measure' [ 72.329538][ T3693] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer. [ 72.576931][ T3711] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 72.576958][ T3711] rust_binder: Error while translating object. [ 72.614526][ T3711] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 72.624391][ T3714] SELinux: Context ¢ is not valid (left unmapped). [ 72.636482][ T3711] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:90 [ 72.704528][ T3717] binder: Unknown parameter '' [ 72.747160][ T3717] binder: Unknown parameter '' [ 73.064622][ T3743] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 73.300421][ T3752] tap0: tun_chr_ioctl cmd 2148553947 [ 73.361392][ T3760] rust_binder: Error while translating object. [ 73.361423][ T3760] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 73.370558][ T3760] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:503 [ 73.599020][ T3771] Restarting kernel threads ... done. [ 73.954335][ T3793] binder: Unknown parameter '00000000000000000000005' [ 74.018579][ T3798] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:604 [ 74.169705][ T36] kauditd_printk_skb: 1087 callbacks suppressed [ 74.169729][ T36] audit: type=1400 audit(1750397979.380:2323): avc: denied { read } for pid=3802 comm="syz.2.991" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.237282][ T3808] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:522 [ 74.237323][ T3808] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 74.242229][ T36] audit: type=1400 audit(1750397979.380:2324): avc: denied { read open } for pid=3802 comm="syz.2.991" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.306408][ T3808] rust_binder: Read failure Err(EFAULT) in pid:522 [ 74.306433][ T36] audit: type=1400 audit(1750397979.390:2325): avc: denied { read } for pid=3806 comm="syz.0.993" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.314649][ T3813] SELinux: policydb string length 1836477192 does not match expected length 8 [ 74.337706][ T36] audit: type=1400 audit(1750397979.390:2326): avc: denied { read open } for pid=3806 comm="syz.0.993" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.369842][ T36] audit: type=1400 audit(1750397979.400:2327): avc: denied { ioctl } for pid=3806 comm="syz.0.993" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.373616][ T3813] SELinux: failed to load policy [ 74.415243][ T36] audit: type=1400 audit(1750397979.420:2328): avc: denied { ioctl } for pid=3802 comm="syz.2.991" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.445692][ T36] audit: type=1400 audit(1750397979.420:2329): avc: denied { read write } for pid=3803 comm="syz.3.992" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 74.471702][ T36] audit: type=1400 audit(1750397979.420:2330): avc: denied { ioctl open } for pid=3803 comm="syz.3.992" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 74.584093][ T36] audit: type=1400 audit(1750397979.430:2331): avc: denied { read write } for pid=3803 comm="syz.3.992" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 74.639642][ T36] audit: type=1400 audit(1750397979.430:2332): avc: denied { read write open } for pid=288 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 74.645829][ T3821] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 74.732933][ T3824] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 74.797028][ T3822] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 74.841983][ T3822] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 75.331009][ T3836] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 75.331497][ T3836] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 75.485113][ T3846] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 75.593785][ T3850] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 75.622526][ T3850] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 75.637540][ T3850] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:533 [ 75.798043][ T10] hid-generic C98F:0003:0000.0006: item fetching failed at offset 1/2 [ 75.824416][ T10] hid-generic C98F:0003:0000.0006: probe with driver hid-generic failed with error -22 [ 76.510910][ T3871] binder: Bad value for 'max' [ 76.755245][ T3885] FAULT_INJECTION: forcing a failure. [ 76.755245][ T3885] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 76.775860][ T3885] CPU: 1 UID: 0 PID: 3885 Comm: syz.1.1012 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 76.775899][ T3885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 76.775921][ T3885] Call Trace: [ 76.775928][ T3885] [ 76.775938][ T3885] __dump_stack+0x21/0x30 [ 76.775967][ T3885] dump_stack_lvl+0x10c/0x190 [ 76.775992][ T3885] ? __cfi_dump_stack_lvl+0x10/0x10 [ 76.776016][ T3885] ? __cfi_avc_has_perm+0x10/0x10 [ 76.776037][ T3885] ? avc_perm_nonode+0x101/0x1b0 [ 76.776058][ T3885] dump_stack+0x19/0x20 [ 76.776081][ T3885] should_fail_ex+0x3d9/0x530 [ 76.776105][ T3885] should_fail+0xf/0x20 [ 76.776125][ T3885] should_fail_usercopy+0x1e/0x30 [ 76.776150][ T3885] _copy_from_iter+0x1a3/0x14b0 [ 76.776180][ T3885] ? __cfi__copy_from_iter+0x10/0x10 [ 76.776210][ T3885] tun_get_user+0x40b/0x3450 [ 76.776232][ T3885] ? unwind_get_return_address+0x51/0x90 [ 76.776255][ T3885] ? _parse_integer_limit+0x195/0x1e0 [ 76.776277][ T3885] ? ptr_ring_consume+0x430/0x430 [ 76.776299][ T3885] ? _parse_integer+0x2e/0x40 [ 76.776318][ T3885] ? kstrtoull+0x13b/0x1e0 [ 76.776338][ T3885] ? __kasan_check_write+0x18/0x20 [ 76.776365][ T3885] ? ref_tracker_alloc+0x308/0x540 [ 76.776397][ T3885] ? __x64_sys_openat+0x13a/0x170 [ 76.776416][ T3885] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 76.776439][ T3885] ? selinux_file_permission+0x309/0xb30 [ 76.776470][ T3885] ? __kasan_check_write+0x18/0x20 [ 76.776492][ T3885] tun_chr_write_iter+0x1fc/0x310 [ 76.776514][ T3885] vfs_write+0x694/0xe80 [ 76.776539][ T3885] ? __cfi_tun_chr_write_iter+0x10/0x10 [ 76.776560][ T3885] ? __cfi_vfs_write+0x10/0x10 [ 76.776587][ T3885] ksys_write+0x141/0x250 [ 76.776611][ T3885] ? xfd_validate_state+0x68/0x150 [ 76.776635][ T3885] ? __cfi_ksys_write+0x10/0x10 [ 76.776660][ T3885] ? __kasan_check_read+0x15/0x20 [ 76.776682][ T3885] __x64_sys_write+0x7f/0x90 [ 76.776708][ T3885] x64_sys_call+0x271c/0x2ee0 [ 76.776736][ T3885] do_syscall_64+0x58/0xf0 [ 76.776763][ T3885] ? clear_bhb_loop+0x35/0x90 [ 76.776794][ T3885] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 76.776826][ T3885] RIP: 0033:0x7fdab1f8e929 [ 76.776852][ T3885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.776871][ T3885] RSP: 002b:00007fdab1deb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.776895][ T3885] RAX: ffffffffffffffda RBX: 00007fdab21b5fa0 RCX: 00007fdab1f8e929 [ 76.776912][ T3885] RDX: 000000000000ffdd RSI: 0000200000000140 RDI: 0000000000000003 [ 76.776925][ T3885] RBP: 00007fdab1deb090 R08: 0000000000000000 R09: 0000000000000000 [ 76.776939][ T3885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.776951][ T3885] R13: 0000000000000000 R14: 00007fdab21b5fa0 R15: 00007ffffa5079d8 [ 76.776969][ T3885] [ 77.153869][ T3887] binder: Unknown parameter 'defcontextfs/binfmt_misc/register' [ 77.256003][ T3889] binder: Unknown parameter 'defcontext01777777777777777777777' [ 77.730504][ T3915] FAULT_INJECTION: forcing a failure. [ 77.730504][ T3915] name failslab, interval 1, probability 0, space 0, times 1 [ 77.786728][ T3915] CPU: 0 UID: 0 PID: 3915 Comm: syz.1.1023 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 77.786765][ T3915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 77.786777][ T3915] Call Trace: [ 77.786784][ T3915] [ 77.786792][ T3915] __dump_stack+0x21/0x30 [ 77.786822][ T3915] dump_stack_lvl+0x10c/0x190 [ 77.786846][ T3915] ? __cfi_dump_stack_lvl+0x10/0x10 [ 77.786872][ T3915] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 77.786902][ T3915] dump_stack+0x19/0x20 [ 77.786925][ T3915] should_fail_ex+0x3d9/0x530 [ 77.786948][ T3915] should_failslab+0xac/0x100 [ 77.786976][ T3915] kmem_cache_alloc_node_noprof+0x45/0x3b0 [ 77.787001][ T3915] ? __alloc_skb+0x10c/0x370 [ 77.787034][ T3915] __alloc_skb+0x10c/0x370 [ 77.787060][ T3915] alloc_skb_with_frags+0xce/0x8b0 [ 77.787086][ T3915] ? __cfi_avc_has_perm+0x10/0x10 [ 77.787107][ T3915] ? avc_perm_nonode+0x101/0x1b0 [ 77.787127][ T3915] ? avc_has_perm_noaudit+0x360/0x360 [ 77.787149][ T3915] sock_alloc_send_pskb+0x858/0x990 [ 77.787185][ T3915] ? __cfi_sock_alloc_send_pskb+0x10/0x10 [ 77.787219][ T3915] ? iov_iter_advance+0x9b/0x1e0 [ 77.787248][ T3915] tun_get_user+0x970/0x3450 [ 77.787274][ T3915] ? _parse_integer_limit+0x195/0x1e0 [ 77.787296][ T3915] ? ptr_ring_consume+0x430/0x430 [ 77.787318][ T3915] ? _parse_integer+0x2e/0x40 [ 77.787338][ T3915] ? kstrtoull+0x13b/0x1e0 [ 77.787360][ T3915] ? __kasan_check_write+0x18/0x20 [ 77.787383][ T3915] ? ref_tracker_alloc+0x308/0x540 [ 77.787409][ T3915] ? __x64_sys_openat+0x13a/0x170 [ 77.787430][ T3915] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 77.787454][ T3915] ? selinux_file_permission+0x309/0xb30 [ 77.787495][ T3915] ? __kasan_check_write+0x18/0x20 [ 77.787520][ T3915] tun_chr_write_iter+0x1fc/0x310 [ 77.787542][ T3915] vfs_write+0x694/0xe80 [ 77.787567][ T3915] ? __cfi_tun_chr_write_iter+0x10/0x10 [ 77.787588][ T3915] ? __cfi_vfs_write+0x10/0x10 [ 77.787615][ T3915] ksys_write+0x141/0x250 [ 77.787641][ T3915] ? __cfi_ksys_write+0x10/0x10 [ 77.787666][ T3915] ? __kasan_check_read+0x15/0x20 [ 77.787690][ T3915] __x64_sys_write+0x7f/0x90 [ 77.787716][ T3915] x64_sys_call+0x271c/0x2ee0 [ 77.787744][ T3915] do_syscall_64+0x58/0xf0 [ 77.787771][ T3915] ? clear_bhb_loop+0x35/0x90 [ 77.787802][ T3915] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 77.787845][ T3915] RIP: 0033:0x7fdab1f8e929 [ 77.787863][ T3915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.787881][ T3915] RSP: 002b:00007fdab1deb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 77.787905][ T3915] RAX: ffffffffffffffda RBX: 00007fdab21b5fa0 RCX: 00007fdab1f8e929 [ 77.787922][ T3915] RDX: 000000000000ffdd RSI: 0000200000000140 RDI: 0000000000000003 [ 77.787936][ T3915] RBP: 00007fdab1deb090 R08: 0000000000000000 R09: 0000000000000000 [ 77.787950][ T3915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 77.787963][ T3915] R13: 0000000000000000 R14: 00007fdab21b5fa0 R15: 00007ffffa5079d8 [ 77.787980][ T3915] [ 78.232333][ T291] Bluetooth: hci0: Frame reassembly failed (-84) [ 78.266544][ T3926] Bluetooth: hci0: Frame reassembly failed (-84) [ 78.692808][ T3950] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:548 [ 78.980688][ T3971] binder: Unknown parameter 'dont_hash' [ 79.008133][ T3968] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1531215282 (3062430564 ns) > initial count (1473793136 ns). Using initial count to start timer. [ 79.014168][ T3971] binder: Unknown parameter 'dont_hash' [ 79.244441][ T36] kauditd_printk_skb: 726 callbacks suppressed [ 79.244460][ T36] audit: type=1400 audit(1750397984.450:3059): avc: denied { read write } for pid=3253 comm="syz-executor" name="loop0" dev="devtmpfs" ino=458 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 79.291470][ T36] audit: type=1400 audit(1750397984.490:3060): avc: denied { read write open } for pid=3253 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=458 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 79.322210][ T36] audit: type=1400 audit(1750397984.490:3061): avc: denied { ioctl } for pid=3253 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=458 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 79.384365][ T36] audit: type=1400 audit(1750397984.530:3062): avc: denied { read append } for pid=3977 comm="syz.0.1040" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.417287][ T36] audit: type=1400 audit(1750397984.530:3063): avc: denied { read append open } for pid=3977 comm="syz.0.1040" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.451786][ T36] audit: type=1400 audit(1750397984.560:3064): avc: denied { map } for pid=3977 comm="syz.0.1040" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.476629][ T36] audit: type=1400 audit(1750397984.560:3065): avc: denied { read } for pid=3977 comm="syz.0.1040" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.503948][ T36] audit: type=1400 audit(1750397984.560:3066): avc: denied { read write } for pid=3977 comm="syz.0.1040" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 79.528053][ T36] audit: type=1400 audit(1750397984.560:3067): avc: denied { ioctl open } for pid=3977 comm="syz.0.1040" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 79.621119][ T3983] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 79.636445][ T36] audit: type=1400 audit(1750397984.560:3068): avc: denied { read } for pid=3977 comm="syz.0.1040" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 79.959816][ T3992] rust_binder: Failed to allocate buffer. len:8, is_oneway:false [ 79.959846][ T3992] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 79.978090][ T3992] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 80.206417][ T4008] SELinux: security_context_str_to_sid () failed with errno=-22 [ 80.228859][ T4009] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:171 [ 80.229297][ T4010] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:171 [ 80.256500][ T355] Bluetooth: hci0: command 0x1003 tx timeout [ 80.259337][ T354] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 80.399580][ T4018] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:174 [ 80.569505][ T4024] binder: Unknown parameter 'dont_hash' [ 80.658363][ T4030] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:177 [ 80.894933][ T4038] random: crng reseeded on system resumption [ 80.982337][ T4046] rust_binder: Write failure EFAULT in pid:561 [ 81.066128][ T4050] rust_binder: Error while translating object. [ 81.073133][ T4050] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 81.079424][ T4050] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:185 [ 81.111036][ T4052] binder: Bad value for 'max' [ 81.119516][ T4051] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 81.503794][ T4073] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 81.556828][ T4074] rust_binder: Write failure EFAULT in pid:705 [ 81.684256][ T4079] binder: Bad value for 'stats' [ 81.850175][ T305] Bluetooth: hci0: Frame reassembly failed (-84) [ 81.880329][ T4087] rust_binder: Write failure EINVAL in pid:564 [ 82.059434][ T4097] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 82.074136][ T4097] rust_binder: Write failure EINVAL in pid:203 [ 82.211212][ T4102] binder: Bad value for 'max' [ 82.482855][ T4114] rust_binder: Write failure EINVAL in pid:209 [ 82.798855][ T4121] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:213 [ 82.903203][ T4125] SELinux: policydb table sizes (0,0) do not match mine (6,7) [ 82.922289][ T4125] SELinux: failed to load policy [ 83.150475][ T4135] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 83.856417][ T355] Bluetooth: hci0: command 0x1003 tx timeout [ 83.862537][ T354] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 83.978268][ T4153] binder: Bad value for 'stats' [ 84.138197][ T305] Bluetooth: hci0: Frame reassembly failed (-84) [ 84.167143][ T4156] binfmt_misc: register: failed to install interpreter file ./cgroup [ 84.208039][ T4156] input: syz0 as /devices/virtual/input/input57 [ 84.249944][ T36] kauditd_printk_skb: 804 callbacks suppressed [ 84.249965][ T36] audit: type=1400 audit(1750397989.460:3873): avc: denied { read write } for pid=288 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.336722][ T36] audit: type=1400 audit(1750397989.460:3874): avc: denied { read write open } for pid=288 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.406462][ T36] audit: type=1400 audit(1750397989.460:3875): avc: denied { ioctl } for pid=288 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.408513][ T4163] SELinux: failed to load policy [ 84.447914][ T36] audit: type=1400 audit(1750397989.510:3876): avc: denied { read write } for pid=931 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.474410][ T36] audit: type=1400 audit(1750397989.510:3877): avc: denied { read write open } for pid=931 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.531219][ T36] audit: type=1400 audit(1750397989.510:3878): avc: denied { ioctl } for pid=931 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 84.576563][ T4163] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 84.600600][ T36] audit: type=1400 audit(1750397989.520:3879): avc: denied { read write } for pid=4160 comm="syz.1.1095" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 84.626394][ T36] audit: type=1400 audit(1750397989.520:3880): avc: denied { read write open } for pid=4160 comm="syz.1.1095" path="/dev/ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 84.651862][ T36] audit: type=1400 audit(1750397989.520:3881): avc: denied { ioctl } for pid=4160 comm="syz.1.1095" path="/dev/ppp" dev="devtmpfs" ino=86 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 84.684752][ T36] audit: type=1400 audit(1750397989.530:3882): avc: denied { read } for pid=4160 comm="syz.1.1095" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 84.896543][ T4183] binder: Unknown parameter 'seclwbel' [ 84.904160][ T4184] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 84.904498][ T4182] rust_binder: Write failure EINVAL in pid:728 [ 84.961638][ T4182] rust_binder: Write failure EINVAL in pid:728 [ 85.031889][ T4188] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:921 [ 85.206659][ T4191] rust_binder: Error in use_page_slow: ESRCH [ 85.206687][ T4191] rust_binder: use_range failure ESRCH [ 85.212979][ T4191] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 85.233362][ T4191] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 85.256456][ T4191] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:245 [ 85.434671][ T4197] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 85.443896][ T4197] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:247 [ 85.602004][ T4207] binder: Unknown parameter 'defcontext01777777777777777777777' [ 85.726248][ T4208] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 85.789311][ T4212] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 85.848286][ T4215] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 85.855018][ T4214] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 85.911056][ T4217] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:254 [ 86.082500][ T291] Bluetooth: hci1: Frame reassembly failed (-84) [ 86.099566][ T4222] Bluetooth: hci1: Frame reassembly failed (-84) [ 86.176441][ T354] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 86.223476][ T4225] binder: Bad value for 'stats' [ 86.346995][ T4227] binder: Bad value for 'stats' [ 86.846001][ T4242] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:749 [ 86.857714][ T4244] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 86.968494][ T4246] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 86.983291][ T4246] kvm: requested 15923 ns i8254 timer period limited to 200000 ns [ 86.993072][ T4246] kvm: requested 72914 ns i8254 timer period limited to 200000 ns [ 87.001907][ T4246] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 87.011594][ T4246] kvm: requested 67047 ns i8254 timer period limited to 200000 ns [ 87.042463][ T4254] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:581 [ 87.084892][ T4256] binder: Unknown parameter 'ïjÉÏ„œP“ßÞ0Ó(max' [ 87.198569][ T4258] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 87.207127][ T4258] rust_binder: Write failure EINVAL in pid:939 [ 87.342739][ T4266] SELinux: failed to load policy [ 87.359422][ T4265] ------------[ cut here ]------------ [ 87.364921][ T4265] WARNING: CPU: 0 PID: 4265 at mm/page_alloc.c:5157 __alloc_pages_noprof+0xe4/0x6c0 [ 87.374376][ T4265] Modules linked in: [ 87.379187][ T4265] CPU: 0 UID: 0 PID: 4265 Comm: syz.1.1130 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 87.392860][ T4265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 87.402984][ T4265] RIP: 0010:__alloc_pages_noprof+0xe4/0x6c0 [ 87.408962][ T4265] Code: 0f 1f 44 00 00 41 83 fd 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d a4 78 ee 05 00 0f 85 c4 00 00 00 c6 05 97 78 ee 05 01 <0f> 0b 31 c0 e9 b6 00 00 00 41 83 fd 0a 0f 87 aa 00 00 00 44 89 6c [ 87.428041][ T4263] rust_binder: Write failure EINVAL in pid:758 [ 87.429175][ T4265] RSP: 0018:ffffc90007b7f5a0 EFLAGS: 00010246 [ 87.441484][ T4265] RAX: 0000000000000000 RBX: 1ffff92000f6feb8 RCX: 0000000000000000 [ 87.449623][ T4265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90007b7f648 [ 87.457679][ T4265] RBP: ffffc90007b7f6c8 R08: ffffc90007b7f647 R09: 0000000000000000 [ 87.465677][ T4265] R10: ffffc90007b7f630 R11: fffff52000f6fec9 R12: ffffc90007b7f5e0 [ 87.473721][ T4265] R13: 0000000000000016 R14: dffffc0000000000 R15: 0000000000000000 [ 87.481759][ T4265] FS: 00007fdab1deb6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 87.490764][ T4265] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.497407][ T4265] CR2: 0000200000006000 CR3: 0000000114dbc000 CR4: 00000000003526b0 [ 87.505766][ T4265] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000800 [ 87.513903][ T4265] DR3: 0000000100000001 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.521953][ T4265] Call Trace: [ 87.525258][ T4265] [ 87.528250][ T4265] ? do_syscall_64+0x58/0xf0 [ 87.532882][ T4265] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 87.538682][ T4265] ? hashtab_init+0xdb/0x1f0 [ 87.543318][ T4265] ___kmalloc_large_node+0x9c/0x1d0 [ 87.548814][ T4265] ? hashtab_init+0xdb/0x1f0 [ 87.553723][ T4265] __kmalloc_large_node_noprof+0x1e/0xe0 [ 87.559450][ T4265] ? hashtab_init+0xdb/0x1f0 [ 87.564091][ T4265] __kmalloc_noprof+0x26d/0x450 [ 87.569117][ T4265] hashtab_init+0xdb/0x1f0 [ 87.573579][ T4265] ? common_read+0x16d/0x480 [ 87.578314][ T4265] symtab_init+0x44/0x70 [ 87.582686][ T4265] common_read+0x1de/0x480 [ 87.587153][ T4265] ? __cfi_common_read+0x10/0x10 [ 87.592132][ T4265] ? hashtab_init+0x105/0x1f0 [ 87.596882][ T4265] policydb_read+0xaa8/0x28c0 [ 87.601594][ T4265] ? kasan_save_alloc_info+0x40/0x50 [ 87.606934][ T4265] ? __cfi_policydb_read+0x10/0x10 [ 87.612082][ T4265] ? security_load_policy+0x128/0x12f0 [ 87.617620][ T4265] security_load_policy+0x162/0x12f0 [ 87.622960][ T4265] ? irqentry_exit+0x4a/0x60 [ 87.627599][ T4265] ? exc_page_fault+0x66/0xc0 [ 87.632306][ T4265] ? asm_exc_page_fault+0x2b/0x30 [ 87.637836][ T4265] ? __cfi_security_load_policy+0x10/0x10 [ 87.643585][ T4265] ? rep_movs_alternative+0x4a/0xa0 [ 87.648856][ T4265] sel_write_load+0x298/0x5e0 [ 87.653562][ T4265] ? futex_wait+0x288/0x540 [ 87.658118][ T4265] ? __cfi_sel_write_load+0x10/0x10 [ 87.663358][ T4265] ? __cfi_futex_wait+0x10/0x10 [ 87.668253][ T4265] ? bpf_lsm_file_permission+0xd/0x20 [ 87.673657][ T4265] ? __cfi_sel_write_load+0x10/0x10 [ 87.678944][ T4265] vfs_write+0x3c0/0xe80 [ 87.683212][ T4265] ? __cfi_vfs_write+0x10/0x10 [ 87.688030][ T4265] ? __kasan_check_write+0x18/0x20 [ 87.693180][ T4265] ? mutex_lock+0x92/0x1c0 [ 87.697688][ T4265] ? __cfi_mutex_lock+0x10/0x10 [ 87.702557][ T4265] ? __fget_files+0x2c5/0x340 [ 87.707997][ T4265] ksys_write+0x141/0x250 [ 87.712366][ T4265] ? xfd_validate_state+0x68/0x150 [ 87.717533][ T4265] ? __cfi_ksys_write+0x10/0x10 [ 87.722418][ T4265] ? __kasan_check_write+0x18/0x20 [ 87.727672][ T4265] ? fpregs_restore_userregs+0x11d/0x260 [ 87.733358][ T4265] __x64_sys_write+0x7f/0x90 [ 87.738005][ T4265] x64_sys_call+0x271c/0x2ee0 [ 87.742714][ T4265] do_syscall_64+0x58/0xf0 [ 87.747185][ T4265] ? clear_bhb_loop+0x35/0x90 [ 87.751989][ T4265] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 87.758163][ T4265] RIP: 0033:0x7fdab1f8e929 [ 87.762656][ T4265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.782481][ T4265] RSP: 002b:00007fdab1deb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 87.790966][ T4265] RAX: ffffffffffffffda RBX: 00007fdab21b5fa0 RCX: 00007fdab1f8e929 [ 87.799072][ T4265] RDX: 000000000000606c RSI: 0000200000000000 RDI: 0000000000000007 [ 87.807131][ T4265] RBP: 00007fdab2010b39 R08: 0000000000000000 R09: 0000000000000000 [ 87.815228][ T4265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.823410][ T4265] R13: 0000000000000000 R14: 00007fdab21b5fa0 R15: 00007ffffa5079d8 [ 87.831452][ T4265] [ 87.834508][ T4265] ---[ end trace 0000000000000000 ]--- [ 87.840552][ T4265] SELinux: failed to load policy [ 88.096479][ T4223] Bluetooth: hci1: command 0x1003 tx timeout [ 88.097468][ T355] Bluetooth: hci1: Opcode 0x1003 failed: -110