last executing test programs: 2.276653155s ago: executing program 2 (id=115): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x2710, 0x4, 0x2, 0x1000, &(0x7f0000701000/0x1000)=nil}) (async, rerun: 64) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000002) (async, rerun: 64) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) (async) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000002600)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80`4/\xe9\x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\x16\\n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x04;\xc5[\nja\xb9\'\xc9#\xfcx\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00B\x05\xd4\xea\xea\x7f=\xc6:\\N\xc3\xb7Vw\xc6\x9c\x96s\xaaHL\x96\xc72\n\x18Ynj\xceTS\xfbl\x0f\x9f8M\f\x89\xa1\xd2Hs`\x8bp\x8a\xc4%\xf8\x1d3\nV\x9a\xaf\x1f\xf96^\x93\xc1\xaf)\rg\x86\xd6\xea\xa9\x0f\x9a\xf1V\x1b\xbf\x8b\'-\xab\x8e\t7\xd3\xf7\xa9v\xfbY\xe6\x9b^d\x8c\xb1\xdd') (async) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000300)='\x00\x00\x00\x06\x00\x00\x03\x00\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00') 2.275727965s ago: executing program 2 (id=116): openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) (async) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d) (async) ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/rcu_expedited', 0x169a82, 0x109) (async) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/rcu_expedited', 0x169a82, 0x109) r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)=0xa) read$FUSE(r4, &(0x7f0000000400)={0x2020}, 0x2020) read$FUSE(r3, &(0x7f0000000180)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f00000057c0), 0x8001, 0x0) (async) r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000057c0), 0x8001, 0x0) ioctl$PTP_SYS_OFFSET(r7, 0x43403d05, &(0x7f0000000000)={0x20000009}) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x566afa30a48730) (async) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x566afa30a48730) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x30400, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r8, 0x330f, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_PIN_SETFUNC2(r7, 0x40603d10, &(0x7f0000002540)={'\x00', 0x1}) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r10, 0x4020ae46, &(0x7f0000002440)=ANY=[@ANYBLOB="01010000000000000000000000004002000000000200000000000000000014", @ANYRESOCT=r4, @ANYRESHEX=r10, @ANYRESDEC=r4, @ANYRES16=r10, @ANYRESDEC=r5]) (async) ioctl$KVM_SET_GSI_ROUTING(r10, 0x4020ae46, &(0x7f0000002440)=ANY=[@ANYBLOB="01010000000000000000000000004002000000000200000000000000000014", @ANYRESOCT=r4, @ANYRESHEX=r10, @ANYRESDEC=r4, @ANYRES16=r10, @ANYRESDEC=r5]) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r11 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read(r3, &(0x7f00000024c0)=""/88, 0x58) ioctl$PTP_PEROUT_REQUEST2(r11, 0x40043d14, &(0x7f0000000080)={{0xffffffffffffffff, 0x4}, {0x6, 0x571}}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000500)=[@exit_looper], 0x0, 0x0, 0x0}) 2.007808819s ago: executing program 2 (id=123): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x800, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x200, 0x0) ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) close(0x3) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x1}) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) ioctl$TUNGETVNETHDRSZ(r4, 0x800454d3, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0xc, 0x0, &(0x7f0000000140)=[@free_buffer={0x40086303, r1}], 0x0, 0x0, 0x0}) ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000000)={0x1, 0x8}) 1.854157782s ago: executing program 2 (id=125): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x14c02, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x2, 0xc) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000800500"]) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0) write$selinux_load(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0x12fe) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f00000008c0), 0x40000, 0x0) close(0x3) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0), 0x1c1281, 0x0) ioctl$PTP_PEROUT_REQUEST2(r5, 0x40383d0c, &(0x7f0000000000)={{}, {0x0, 0x7fffffff}, 0x0, 0x4}) prctl$PR_SCHED_CORE(0x23, 0x0, 0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000330f9d72fa"]) ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xc9, 0x0, 0xc}) r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x1, 0xf8, 0x1000, 0x0, 0x7fff, 0x0, 0x0, 0x3], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000300), 0x902, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x7, 0x8a, 0x83, 0xf7}, {0x6, 0x9, 0x81, 0x3}]}) ioctl$PTP_EXTTS_REQUEST2(r9, 0x40103d0b, &(0x7f0000000080)={0x8, 0x5}) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$cgroup_pressure(r9, &(0x7f0000000140)='cpu.pressure\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x2c, 0x0, &(0x7f0000000480)=[@increfs_done={0x40106308, 0x3}, @request_death={0x400c630e, 0x2}, @register_looper, @register_looper], 0x0, 0x0, &(0x7f00000002c0)}) 1.30160908s ago: executing program 0 (id=140): prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4602, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305839, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4}) ioctl$BLKRRPART(r0, 0x125f, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4602, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async) ioctl$FS_IOC_RESVSP(r1, 0x40305839, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4}) (async) ioctl$BLKRRPART(r0, 0x125f, 0x0) (async) 1.29102673s ago: executing program 0 (id=141): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x240081, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, 0x0) r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) read$FUSE(r4, 0x0, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000140)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="0000000000000000288563"], 0xffdd) ioctl$FS_IOC_RESVSP(r5, 0x4030582a, &(0x7f0000000300)={0x1100, 0x0, 0x0, 0x2a40}) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/binder0\x00', 0x2, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r7, 0xc018620c, &(0x7f0000000000)={0x1}) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9250) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000640), 0x802, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r9, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x4000, 0x100000001}) ioctl$UI_ABS_SETUP(r8, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x2000}}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x48) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x2000000, 0x11, r0, 0x0) 1.216928691s ago: executing program 0 (id=143): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x202, 0x0) write(r1, &(0x7f0000000100)="97", 0x1) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000000)={[0x1, 0x8000000000000001, 0xa1e, 0x7, 0x6, 0x9, 0x7, 0x7, 0x0, 0x5, 0x97, 0xffffffffffffffff, 0x8, 0x8, 0x42d9e1c0, 0x737], 0xeeef0000, 0x50c0}) (async) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000000)={[0x1, 0x8000000000000001, 0xa1e, 0x7, 0x6, 0x9, 0x7, 0x7, 0x0, 0x5, 0x97, 0xffffffffffffffff, 0x8, 0x8, 0x42d9e1c0, 0x737], 0xeeef0000, 0x50c0}) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) 1.206923922s ago: executing program 0 (id=144): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc004ae0a, &(0x7f0000000000)) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x190e}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x7, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000002c0)={0x0, 0x2, 0xc710, 0x22a90f2df64cd635}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000002240)={0x1, 0x0, [{0x40000102, 0x0, 0x3}]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) 1.055540274s ago: executing program 0 (id=150): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x63761469321c3ff0, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xaa, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 968.288276ms ago: executing program 2 (id=153): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4000002a, 0x0, 0x4}]}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92, 0x809ffff}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000) 914.613166ms ago: executing program 1 (id=154): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000040)={0xb6, 0x2}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_SET_CPUID(r6, 0x4188aea7, &(0x7f0000000080)={0x1, 0x0, [{0x0, 0x0, 0x1, 0x159c2, 0x4}]}) (async) ioctl$KVM_SET_CPUID(r6, 0x4188aea7, &(0x7f0000000080)={0x1, 0x0, [{0x0, 0x0, 0x1, 0x159c2, 0x4}]}) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x20f, 0x0, 0x3}]}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) close(r0) 847.038518ms ago: executing program 2 (id=155): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000540)={0x2020}, 0x2020) r1 = openat(r0, 0x0, 0xc0000, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000003340), 0x2406c0, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0xb03cdf087638818c, 0x3}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0xfffffffe, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x2, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) 665.56723ms ago: executing program 1 (id=156): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x401, 0x9, 0x7fffffff, 0x3, 0x5, 0x7f, 0x7, 0x9, 0xa80, 0x10000, 0x7, 0x6, 0x5, 0x4, 0x3, 0x4], 0xdddd0000, 0x20c084}) r0 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000ff"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff8d04"]) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, 0x0) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r5, 0x8004e500, &(0x7f0000000180)=r4) ioctl$TIOCSSOFTCAR(r3, 0x5412, &(0x7f0000000040)=0x15) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r6, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x401, 0x9, 0x7fffffff, 0x3, 0x5, 0x7f, 0x7, 0x9, 0xa80, 0x10000, 0x7, 0x6, 0x5, 0x4, 0x3, 0x4], 0xdddd0000, 0x20c084}) (async) openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000ff"]) (async) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff8d04"]) (async) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, 0x0) (async) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async) ioctl$FUSE_DEV_IOC_CLONE(r5, 0x8004e500, &(0x7f0000000180)=r4) (async) ioctl$TIOCSSOFTCAR(r3, 0x5412, &(0x7f0000000040)=0x15) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r6, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x0, 0x0) (async) 610.796321ms ago: executing program 1 (id=157): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x3}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x32}, @flat=@binder={0x73622a85, 0x1, 0x1}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='non']) 522.693202ms ago: executing program 1 (id=159): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000380), 0x12) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000140)}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x103080, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x2}) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) 455.509753ms ago: executing program 1 (id=160): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1800001, 0x28011, r0, 0x5a92000) 453.494373ms ago: executing program 1 (id=161): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0) write(r1, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 260.047746ms ago: executing program 3 (id=162): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000008580), 0x101c80, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f00000085c0)=0x8) (async) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000008b40)={0x5, 0x7fffffff, 0x100, 0x0, 0x8, "748dc4d6ec3287b6934ed6d754789ac2fb60be", 0x800, 0x7f}) (async) ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000000)={0x3, 0x0, 0x16, 0x1f, 0xeb, &(0x7f0000000600)}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x52, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a4"}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, 0x0) (async) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000000, 0x2010, 0xffffffffffffffff, 0xede7c000) (async) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x9) (async) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0x7f) (async) read$FUSE(r2, &(0x7f0000000a00)={0x2020}, 0x2020) (async) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 253.894896ms ago: executing program 3 (id=163): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f00000001c0)={'macvtap0\x00'}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"]) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1}) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) ioctl$BLKSECTGET(r4, 0x1267, &(0x7f0000000140)) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) close(0x5) close(0x4) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = openat$cgroup_procs(r9, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r11, 0xc018620c, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) write$cgroup_pid(r10, &(0x7f00000001c0), 0x12) r12 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) openat$cgroup_freezer_state(r9, &(0x7f0000000200), 0x2, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r12, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1}) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0x4) close(r9) 160.305758ms ago: executing program 0 (id=164): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3}, {0x61}, {}, {}, {0x6}]}) (async) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3}, {0x61}, {}, {}, {0x6}]}) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) openat$uinput(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) (async) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="cf00000000555c0000000000000000a79200000000080000ccf7ae7d55"]) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext=']) (async) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext=']) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000480)=0x1c) (async) ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000480)=0x1c) ioctl$UI_END_FF_UPLOAD(r3, 0x405c5503, &(0x7f0000000800)={0x0, 0x0, {0x0, 0x0, 0x0, {}, {}, @ramp}, {0x0, 0x0, 0x0, {}, {}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}}}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$BLKPBSZGET(r8, 0x127b, &(0x7f0000000040)) (async) ioctl$BLKPBSZGET(r8, 0x127b, &(0x7f0000000040)) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)=0x10) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x4}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2a080, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) 110.482639ms ago: executing program 3 (id=165): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000021c0)=[@dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x2}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)={@fd, @fda={0x66646185, 0x8, 0x1, 0x33}, @fd}, &(0x7f00000020c0)}}], 0xffffffffffffff95, 0x0, 0x0}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r1, 0xfffff000) 91.646669ms ago: executing program 3 (id=166): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x7c5ac3, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@x86={0xff, 0x9, 0xb7, 0x0, 0x7, 0xd, 0x8, 0x0, 0xe, 0x2, 0x0, 0x8, 0x0, 0x1, 0x0, 0x1, 0xfd, 0x5, 0x68, '\x00', 0x9, 0x8}) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c9801288363"], 0xffdd) prctl$PR_GET_IO_FLUSHER(0x3a) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x44, 0x0, &(0x7f0000000000)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000380)="e1c194c07314197567609163a955a737cfdca424e4fc4ea388b431c78b32749341c73f7b7c51446e6bbf7f1de6a8ca5eb7372e3b24ef390ae15b6574683711fa3caff8f4fb3d0ca15b91526634d34eb3"}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 575.42µs ago: executing program 3 (id=167): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4602, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) read(r0, &(0x7f00000000c0)=""/71, 0x47) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 0s ago: executing program 3 (id=168): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) syz_clone3(&(0x7f0000000340)={0x105480, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) mount$binderfs(0x0, &(0x7f0000000000)='./binderfs\x00', 0x0, 0x31f804b, 0x0) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000900)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$rfkill(r5, &(0x7f0000000c80), 0x8) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000800)={0xa8, 0x0, &(0x7f0000000680)=[@clear_death, @decrefs={0x40046307, 0x1}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000580)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x1, &(0x7f00000003c0)=""/213, 0xd5, 0x0, 0x1f}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000300)={0x0, 0x18, 0x40}}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000600)={@fda={0x66646185, 0xa, 0x0, 0x3f}, @flat=@binder={0x73622a85, 0xa, 0x1}, @fda={0x66646185, 0x8, 0x0, 0x2f}}, &(0x7f00000004c0)={0x0, 0x20, 0x38}}}], 0x9f, 0x0, &(0x7f0000000740)="407dd36ef8db03531af1adf9163d84786dfec3cb21614c9a50c4a02cf445d0b08e10772a5790bdaf7d8990949e0fcb5a1f60f3ec89556ffbda3c60bfb398c3bc765f0471eb95b29c450aaad2047fe37e42a00ba2677783a2bd77930517398bd74c8e77b6e3958519fab2d92f53b2ff4700f54eaf22ac591b5f00f9ad6257725fc7d9168dec48e386f925dd39cea646a37d83e42a18f380d1109a1832bbcd57"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x18, 0x0, &(0x7f00000001c0)=[@request_death={0x400c630e, 0x3}, @acquire], 0x2f, 0x0, &(0x7f0000000240)="a3dee358dbadf314bc1bb8164f122c3255714113ce70fbb0a0c40c3c89c403d58868177a2c543acacbc440035e92a6"}) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000fd3000/0x1000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000140)={0x10201, 0x0, 0x0, 0x2000, &(0x7f00002b3000/0x2000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0x1790) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x2, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts. [ 20.550347][ T36] audit: type=1400 audit(1750376546.200:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.551310][ T281] cgroup: Unknown subsys name 'net' [ 20.573086][ T36] audit: type=1400 audit(1750376546.200:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.600409][ T36] audit: type=1400 audit(1750376546.230:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.600552][ T281] cgroup: Unknown subsys name 'devices' [ 20.782993][ T281] cgroup: Unknown subsys name 'hugetlb' [ 20.788579][ T281] cgroup: Unknown subsys name 'rlimit' [ 20.938912][ T36] audit: type=1400 audit(1750376546.590:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.962168][ T36] audit: type=1400 audit(1750376546.590:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.970376][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.987119][ T36] audit: type=1400 audit(1750376546.590:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.018748][ T36] audit: type=1400 audit(1750376546.650:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.044435][ T36] audit: type=1400 audit(1750376546.650:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.072860][ T36] audit: type=1400 audit(1750376546.730:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.098611][ T36] audit: type=1400 audit(1750376546.730:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.098644][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.311532][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.318617][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.325781][ T288] bridge_slave_0: entered allmulticast mode [ 22.332233][ T288] bridge_slave_0: entered promiscuous mode [ 22.351431][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.358489][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.365625][ T288] bridge_slave_1: entered allmulticast mode [ 22.371818][ T288] bridge_slave_1: entered promiscuous mode [ 22.478811][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.485872][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.493163][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.500188][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.512754][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.519889][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.527195][ T292] bridge_slave_0: entered allmulticast mode [ 22.533469][ T292] bridge_slave_0: entered promiscuous mode [ 22.545686][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.552894][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.560017][ T292] bridge_slave_1: entered allmulticast mode [ 22.566204][ T292] bridge_slave_1: entered promiscuous mode [ 22.589933][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.597041][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.604111][ T294] bridge_slave_0: entered allmulticast mode [ 22.610210][ T294] bridge_slave_0: entered promiscuous mode [ 22.616444][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.623606][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.630674][ T294] bridge_slave_1: entered allmulticast mode [ 22.637272][ T294] bridge_slave_1: entered promiscuous mode [ 22.661967][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.669010][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.676109][ T293] bridge_slave_0: entered allmulticast mode [ 22.682342][ T293] bridge_slave_0: entered promiscuous mode [ 22.688601][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.695864][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.702963][ T293] bridge_slave_1: entered allmulticast mode [ 22.709134][ T293] bridge_slave_1: entered promiscuous mode [ 22.821888][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.829465][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.851912][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.858995][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.868631][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.875763][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.940647][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.947734][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.958869][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.965948][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.979447][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.986517][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.995085][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.002122][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.016646][ T288] veth0_vlan: entered promiscuous mode [ 23.032844][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.039907][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.047625][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.054655][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.077774][ T293] veth0_vlan: entered promiscuous mode [ 23.087529][ T288] veth1_macvtap: entered promiscuous mode [ 23.106786][ T293] veth1_macvtap: entered promiscuous mode [ 23.127835][ T294] veth0_vlan: entered promiscuous mode [ 23.158553][ T292] veth0_vlan: entered promiscuous mode [ 23.166859][ T293] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 23.172356][ T292] veth1_macvtap: entered promiscuous mode [ 23.197175][ T294] veth1_macvtap: entered promiscuous mode [ 23.277678][ T318] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:2 [ 23.329867][ T324] binder: Unknown parameter 'fscontext?}n' [ 23.330826][ T334] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.400699][ T336] rust_binder: Write failure EINVAL in pid:9 [ 23.689887][ T355] rust_binder: Write failure EFAULT in pid:12 [ 23.757236][ T362] rust_binder: Write failure EFAULT in pid:10 [ 23.938958][ T368] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.945197][ T369] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 23.992936][ T375] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 23.999843][ T373] binder: Bad value for 'stats' [ 24.008671][ T375] rust_binder: Error while translating object. [ 24.024341][ T375] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 24.030642][ T375] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:22 [ 24.040984][ T378] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.050262][ T379] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 24.057523][ T379] rust_binder: Error while translating object. [ 24.068315][ T379] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 24.074981][ T379] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:22 [ 24.101245][ T382] tun0: tun_chr_ioctl cmd 1074025675 [ 24.111431][ T384] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 24.115593][ T384] rust_binder: Error while translating object. [ 24.115836][ T382] tun0: persist enabled [ 24.125018][ T384] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 24.134769][ T383] tun0: tun_chr_ioctl cmd 1074025675 [ 24.138349][ T384] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:26 [ 24.144162][ T383] tun0: persist enabled [ 24.173653][ T377] rust_binder: Write failure EFAULT in pid:15 [ 24.210636][ T389] SELinux: security_context_str_to_sid () failed with errno=-22 [ 24.375669][ T397] binder: Unknown parameter 'nXI' [ 24.455380][ T405] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.467297][ T405] input: syz1 as /devices/virtual/input/input7 [ 24.482841][ T408] KVM: debugfs: duplicate directory 408-5 [ 24.485771][ T405] rust_binder: Error while translating object. [ 24.488602][ T405] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 24.494324][ T408] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.495040][ T405] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:25 [ 24.505053][ T408] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 24.524919][ T408] rust_binder: Error while translating object. [ 24.533804][ T408] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 24.540200][ T408] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:34 [ 24.550535][ T412] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:20 [ 24.703297][ T420] kvm: user requested TSC rate below hardware speed [ 24.750974][ T414] rust_binder: Read failure Err(EAGAIN) in pid:27 [ 24.757868][ T424] binder: Bad value for 'stats' [ 24.800807][ T426] rust_binder: Write failure EFAULT in pid:41 [ 24.980304][ T430] rust_binder: Write failure EINVAL in pid:28 [ 24.980729][ T431] rust_binder: Write failure EINVAL in pid:28 [ 25.091337][ T442] rust_binder: Write failure EFAULT in pid:51 [ 25.100281][ T439] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 25.113522][ T439] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:31 [ 25.120466][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 25.145568][ T439] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 152, size: 136) [ 25.145592][ T439] rust_binder: Error while translating object. [ 25.156426][ T439] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.162860][ T439] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:31 [ 25.179172][ T446] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 25.200863][ T451] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.213576][ T451] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 25.227174][ T451] rust_binder: Write failure EINVAL in pid:53 [ 25.243542][ T455] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.250142][ T455] rust_binder: Write failure EINVAL in pid:38 [ 25.317761][ T456] SELinux: failed to load policy [ 25.331088][ T458] binder: Unknown parameter 'hø[:' [ 25.335568][ T456] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:38 [ 25.348346][ T461] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 25.375449][ T463] ======================================================= [ 25.375449][ T463] WARNING: The mand mount option has been deprecated and [ 25.375449][ T463] and is ignored by this kernel. Remove the mand [ 25.375449][ T463] option from the mount to silence this warning. [ 25.375449][ T463] ======================================================= [ 25.412746][ T466] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 25.416896][ T466] rust_binder: Error while translating object. [ 25.418743][ T463] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 25.428977][ T466] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.442440][ T466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:23 [ 25.577860][ T36] kauditd_printk_skb: 77 callbacks suppressed [ 25.577880][ T36] audit: type=1400 audit(1750376551.230:151): avc: denied { read } for pid=468 comm="syz.1.51" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 25.579730][ T469] rust_binder: Write failure EINVAL in pid:62 [ 25.654859][ T36] audit: type=1400 audit(1750376551.310:152): avc: denied { setattr } for pid=475 comm="syz.3.53" path="/dev/ttyS3" dev="devtmpfs" ino=28 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 25.691854][ T478] binder: Unknown parameter 'non' [ 25.742779][ T484] rust_binder: Error while translating object. [ 25.742806][ T484] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.748986][ T484] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:31 [ 25.820617][ T36] audit: type=1400 audit(1750376551.470:153): avc: denied { append } for pid=492 comm="syz.3.60" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 26.121162][ T36] audit: type=1400 audit(1750376551.770:154): avc: denied { execute } for pid=496 comm="syz.0.62" path="/sys/kernel/fscaps" dev="sysfs" ino=1447 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1 [ 26.151207][ T36] audit: type=1326 audit(1750376551.800:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.1.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfaf98e929 code=0x7ffc0000 [ 26.162123][ T501] binder: Unknown parameter '' [ 26.199592][ T36] audit: type=1326 audit(1750376551.800:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.1.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbfaf98e929 code=0x7ffc0000 [ 26.226985][ T36] audit: type=1326 audit(1750376551.800:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfaf98e929 code=0x7ffc0000 [ 26.240287][ T512] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 26.252553][ T36] audit: type=1326 audit(1750376551.810:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm=BF exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbfaf98e929 code=0x7ffc0000 [ 26.260619][ T512] rust_binder: Write failure EINVAL in pid:41 [ 26.287358][ T36] audit: type=1326 audit(1750376551.810:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="/dev/kvm" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfaf98e929 code=0x7ffc0000 [ 26.316544][ T36] audit: type=1326 audit(1750376551.810:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="/dev/kvm" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfaf98e929 code=0x7ffc0000 [ 26.430446][ T524] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.501905][ T538] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:53 [ 26.509574][ T540] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.533208][ T540] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:59 [ 26.567787][ T549] input: syz0 as /devices/virtual/input/input10 [ 26.630231][ T556] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.637595][ T559] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.731830][ T567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.793078][ T575] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.896755][ T582] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.903536][ T582] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 26.937548][ T587] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:79 [ 26.940919][ T586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:79 [ 26.962270][ T592] rust_binder: Error while translating object. [ 26.971555][ T592] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.971711][ T584] binder: Unknown parameter 'c' [ 26.978295][ T592] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:84 [ 27.121176][ T443] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 27.132514][ T52] Bluetooth: hci0: command 0x1003 tx timeout [ 27.149920][ T603] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.161580][ T603] rust_binder: Error while translating object. [ 27.168149][ T603] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 27.174494][ T603] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:100 [ 27.220107][ T606] kvm: kvm [604]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 27.279173][ T610] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 27.286548][ T610] rust_binder: Write failure EINVAL in pid:104 [ 27.289531][ T611] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:34 [ 27.291962][ T610] input: syz0 as /devices/virtual/input/input11 [ 27.317625][ T613] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 27.324921][ T613] rust_binder: Write failure EINVAL in pid:104 [ 27.499761][ T9] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 27.514207][ T9] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 27.602165][ T642] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.624036][ T645] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 27.783161][ T648] binder: Unknown parameter '' [ 28.064485][ T652] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.117159][ T663] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.291398][ T667] rust_binder: Write failure EFAULT in pid:82 [ 28.297917][ T667] rust_binder: Write failure EFAULT in pid:82 [ 28.304215][ T667] SELinux: security_context_str_to_sid () failed with errno=-22 [ 28.377259][ T678] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.667450][ T691] rust_binder: Write failure EINVAL in pid:95 [ 28.681071][ T700] rust_binder: Write failure EINVAL in pid:49 [ 28.857292][ T702] rust_binder: Write failure EFAULT in pid:100 [ 28.893461][ T711] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.900279][ T711] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.906938][ T712] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.913641][ T711] rust_binder: Write failure EINVAL in pid:109 [ 28.945119][ T716] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 28.952276][ T716] rust_binder: Write failure EINVAL in pid:112 [ 29.013346][ T725] binder: Unknown parameter 'nXI' [ 29.035570][ T727] binder: Unknown parameter 'non' [ 29.040806][ T727] binder: Unknown parameter 'conteö×ÏÆystem_u' [ 29.064315][ T732] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.065320][ T732] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585) [ 29.071947][ T732] rust_binder: Error while translating object. [ 29.084176][ T732] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.090392][ T732] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:125 [ 29.159956][ T741] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 3 [ 29.167832][ T741] rust_binder: Write failure EINVAL in pid:143 [ 29.167844][ T740] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 3 [ 29.167859][ T740] rust_binder: Write failure EINVAL in pid:143 [ 29.204499][ T747] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.211625][ T747] rust_binder: Error while translating object. [ 29.218076][ T747] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.224389][ T747] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:136 [ 29.358427][ T760] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.376640][ T762] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 29.396940][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.396971][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.403489][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.409995][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.416516][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.422985][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.429530][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.442847][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.449492][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.456035][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.465683][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.474236][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.480768][ T765] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.496447][ T777] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.503177][ T778] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.515019][ T778] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.515529][ T777] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.522250][ T778] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:154 [ 29.530930][ T777] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:154 [ 29.617126][ T781] rust_binder: Error while translating object. [ 29.626339][ T781] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.632537][ T781] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:56 [ 29.799781][ T789] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.811074][ T789] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.818731][ T789] rust_binder: Error in use_page_slow: ESRCH [ 29.825229][ T789] rust_binder: use_range failure ESRCH [ 29.831377][ T789] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 29.836851][ T789] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 29.844891][ T789] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:162 [ 29.855007][ T789] binder: Unknown parameter 'noninderfs/binder0' [ 29.916942][ T801] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.002109][ T802] rust_binder: Error in use_page_slow: ESRCH [ 30.008658][ T802] rust_binder: use_range failure ESRCH [ 30.014829][ T802] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 30.020349][ T802] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 30.028490][ T802] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:169 [ 30.201039][ T811] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.210211][ T812] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 30.222192][ T813] SELinux: security_context_str_to_sid () failed with errno=-22 [ 30.236679][ T812] SELinux: security_context_str_to_sid () failed with errno=-22 [ 30.246144][ T811] rust_binder: Error in use_page_slow: ESRCH [ 30.246163][ T811] rust_binder: use_range failure ESRCH [ 30.252230][ T811] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 30.257758][ T811] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 30.265799][ T811] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:141 [ 30.300049][ T816] rust_binder: Write failure EFAULT in pid:131 [ 30.326433][ T819] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:134 [ 30.363115][ T823] ------------[ cut here ]------------ [ 30.377751][ T823] WARNING: CPU: 0 PID: 823 at mm/page_alloc.c:5157 __alloc_pages_noprof+0xe4/0x6c0 [ 30.387061][ T823] Modules linked in: [ 30.390973][ T823] CPU: 0 UID: 0 PID: 823 Comm: syz.3.168 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d [ 30.404456][ T823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.413555][ T824] rust_binder: Error in use_page_slow: ESRCH [ 30.414652][ T824] rust_binder: use_range failure ESRCH [ 30.414728][ T823] RIP: 0010:__alloc_pages_noprof+0xe4/0x6c0 [ 30.420854][ T824] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 30.426318][ T823] Code: 0f 1f 44 00 00 41 83 fd 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d a4 78 ee 05 00 0f 85 c4 00 00 00 c6 05 97 78 ee 05 01 <0f> 0b 31 c0 e9 b6 00 00 00 41 83 fd 0a 0f 87 aa 00 00 00 44 89 6c [ 30.426343][ T823] RSP: 0018:ffffc9000eb775a0 EFLAGS: 00010246 [ 30.432882][ T824] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 30.440164][ T823] [ 30.440175][ T823] RAX: 0000000000000000 RBX: 1ffff92001d6eeb8 RCX: 0000000000000000 [ 30.460268][ T824] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:138 [ 30.465948][ T823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000eb77648 [ 30.502652][ T823] RBP: ffffc9000eb776c8 R08: ffffc9000eb77647 R09: 0000000000000000 [ 30.510718][ T823] R10: ffffc9000eb77630 R11: fffff52001d6eec9 R12: ffffc9000eb775e0 [ 30.518697][ T823] R13: 000000000000000f R14: dffffc0000000000 R15: 0000000000000000 [ 30.527128][ T823] FS: 00007f782b79a6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 30.536077][ T823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.542726][ T823] CR2: 0000200000001000 CR3: 000000011dc22000 CR4: 00000000003526b0 [ 30.550686][ T823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.558769][ T823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.566805][ T823] Call Trace: [ 30.570099][ T823] [ 30.573050][ T823] ? do_syscall_64+0x58/0xf0 [ 30.577742][ T823] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 30.583565][ T823] ? hashtab_init+0xdb/0x1f0 [ 30.588151][ T823] ___kmalloc_large_node+0x9c/0x1d0 [ 30.593368][ T823] ? hashtab_init+0xdb/0x1f0 [ 30.597959][ T823] __kmalloc_large_node_noprof+0x1e/0xe0 [ 30.603703][ T823] ? hashtab_init+0xdb/0x1f0 [ 30.608303][ T823] __kmalloc_noprof+0x26d/0x450 [ 30.613179][ T823] hashtab_init+0xdb/0x1f0 [ 30.617606][ T823] ? common_read+0x16d/0x480 [ 30.622263][ T823] symtab_init+0x44/0x70 [ 30.626514][ T823] common_read+0x1de/0x480 [ 30.630918][ T823] ? __cfi_common_read+0x10/0x10 [ 30.635888][ T823] ? hashtab_init+0x105/0x1f0 [ 30.640561][ T823] policydb_read+0xaa8/0x28c0 [ 30.645282][ T823] ? kasan_save_alloc_info+0x40/0x50 [ 30.650562][ T823] ? __cfi_policydb_read+0x10/0x10 [ 30.655720][ T823] ? security_load_policy+0x128/0x12f0 [ 30.661259][ T823] security_load_policy+0x162/0x12f0 [ 30.666547][ T823] ? irqentry_exit+0x4a/0x60 [ 30.671155][ T823] ? exc_page_fault+0x66/0xc0 [ 30.675830][ T823] ? asm_exc_page_fault+0x2b/0x30 [ 30.680839][ T823] ? __cfi_security_load_policy+0x10/0x10 [ 30.686668][ T823] ? rep_movs_alternative+0x4a/0xa0 [ 30.691883][ T823] sel_write_load+0x298/0x5e0 [ 30.696562][ T823] ? futex_wait+0x288/0x540 [ 30.701057][ T823] ? __cfi_sel_write_load+0x10/0x10 [ 30.706281][ T823] ? __cfi_futex_wait+0x10/0x10 [ 30.711151][ T823] ? bpf_lsm_file_permission+0xd/0x20 [ 30.716518][ T823] ? __cfi_sel_write_load+0x10/0x10 [ 30.721817][ T823] vfs_write+0x3c0/0xe80 [ 30.726081][ T823] ? __cfi_vfs_write+0x10/0x10 [ 30.730915][ T823] ? __kasan_check_write+0x18/0x20 [ 30.736047][ T823] ? mutex_lock+0x92/0x1c0 [ 30.740482][ T823] ? __cfi_mutex_lock+0x10/0x10 [ 30.745346][ T823] ? __fget_files+0x2c5/0x340 [ 30.750028][ T823] ksys_write+0x141/0x250 [ 30.754474][ T823] ? __cfi_ksys_write+0x10/0x10 [ 30.759379][ T823] ? __kasan_check_write+0x18/0x20 [ 30.764592][ T823] ? fpregs_restore_userregs+0x11d/0x260 [ 30.770370][ T823] __x64_sys_write+0x7f/0x90 [ 30.775020][ T823] x64_sys_call+0x271c/0x2ee0 [ 30.779700][ T823] do_syscall_64+0x58/0xf0 [ 30.784171][ T823] ? clear_bhb_loop+0x35/0x90 [ 30.788870][ T823] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 30.794776][ T823] RIP: 0033:0x7f782a98e929 [ 30.799183][ T823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 30.818877][ T823] RSP: 002b:00007f782b79a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.827329][ T823] RAX: ffffffffffffffda RBX: 00007f782abb5fa0 RCX: 00007f782a98e929 [ 30.835338][ T823] RDX: 0000000000001790 RSI: 0000200000000000 RDI: 0000000000000004 [ 30.843359][ T823] RBP: 00007f782aa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 30.851351][ T823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 30.859410][ T823] R13: 0000000000000000 R14: 00007f782abb5fa0 R15: 00007ffc633fdb58 [ 30.867471][ T823] [ 30.870487][ T823] ---[ end trace 0000000000000000 ]--- [ 30.878115][ T823] SELinux: failed to load policy